RewriteEngine on
RewriteCond %{HTTP:Accept-Language} ="" [NC]
RewriteRule .* http://%{SERVER_NAME}/?s=%{REQUEST_URI} [R=301,L]
'."\r\n\r\n";
}
if($_POST['Webshell'] == true)
{
$htaccess .= '#protect Webshell
Order allow,deny
Deny from all
'."\r\n\r\n";
}
if($_POST['FileInclution'] == true)
{
$htaccess .= '
#protect FileInclution
RewriteEngine on
RewriteCond %{QUERY_STRING} (\.php|passwd|\.inc) [NC]
RewriteRule .* http://%{SERVER_NAME}/?s=%{REQUEST_URI} [R=301,L]
'."\r\n\r\n";
}
if($_POST['XSS'] == true)
{
$htaccess .= '
#protect XSS
RewriteEngine on
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC]
RewriteRule .* http://%{SERVER_NAME}/?s=%{REQUEST_URI} [R=301,L]
'."\r\n\r\n";
}
if($_POST['SQLi'] == true)
{
$htaccess .= '
#protect SQL Injection
RewriteEngine on
RewriteCond %{QUERY_STRING} (from\(select|union|database\(|ascii\() [NC]
RewriteRule .* http://%{SERVER_NAME}/?s=%{REQUEST_URI} [R=301,L]
'."\r\n\r\n";
}
if($_POST['NullByte'] == true)
{
$htaccess .= '
#protect NullByte
RewriteEngine on
RewriteCond %{QUERY_STRING} (%u002e%u002e%u2215|%252e%252e%252f|%00|%5C00|&#|&#x|%09|%0D%0A) [NC]
RewriteRule .* http://%{SERVER_NAME}/?s=%{REQUEST_URI} [R=301,L]
'."\r\n\r\n";
}
$htaccess .= "#END AntiHaxtool"."\r\n\r\n";
$fp = fopen(dirname(__file__)."./../../.htaccess",'w');
fwrite($fp,$htaccess);
fclose($fp);
}
}
function current_htaccess()
{
$file = dirname(__file__)."./../../.htaccess";
if(file_exists($file))
{
$fp = fopen($file,'r');
$content = fread($fp,filesize($file));
fclose($fp);
}
$AuthBypass = ' AuthBypass'."\r\n";
$Webshell = ' Webshell'."\r\n";
$FileInclution = ' Local/Remote File Inclution';
$XSS = ' XSS Injection'."\r\n";
$SQLi = ' SQL Injection'."\r\n";
$NullByte = ' Directory Travarsal & Null Byte Injection'."\r\n";
if(file_exists($file))
{
if(preg_match("/AuthBypass/",trim($content)))
{
$AuthBypass = ' AuthBypass'."\r\n";
}
if(preg_match("/Webshell/",trim($content)))
{
$Webshell = ' Webshell'."\r\n";
}
if(preg_match("/FileInclution/",trim($content)))
{
$FileInclution = ' Local/Remote File Inclution';
}
if(preg_match("/XSS/",trim($content)))
{
$XSS = ' XSS Injection'."\r\n";
}
if(preg_match("/SQL Injection/",trim($content)))
{
$SQLi = ' SQL Injection'."\r\n";
}
if(preg_match("/NullByte/",trim($content)))
{
$NullByte = ' Directory Travarsal & Null Byte Injection'."\r\n";
}
}
return $AuthBypass.$Webshell.$FileInclution.$XSS.$SQLi.$NullByte;
}
function get_x_server()
{
$_HTTP_SERVER = $_SERVER;
unset($_HTTP_SERVER["SERVER_NAME"],$_HTTP_SERVER["HTTP_HOST"],$_HTTP_SERVER['SERVER_SOFTWARE'],$_HTTP_SERVER['REQUEST_URI'],$_HTTP_SERVER['REDIRECT_MIBDIRS'],$_HTTP_SERVER['REDIRECT_MYSQL_HOME'],$_HTTP_SERVER['REDIRECT_OPENSSL_CONF'],$_HTTP_SERVER['REDIRECT_PHP_PEAR_SYSCONF_DIR'],$_HTTP_SERVER['REDIRECT_PHPRC'],$_HTTP_SERVER['REDIRECT_TMP'],$_HTTP_SERVER['REDIRECT_STATUS'],$_HTTP_SERVER['MIBDIRS'],$_HTTP_SERVER['MYSQL_HOME'],$_HTTP_SERVER['OPENSSL_CONF'],$_HTTP_SERVER['PHP_PEAR_SYSCONF_DIR'],$_HTTP_SERVER['PHPRC'],$_HTTP_SERVER['TMP'],$_HTTP_SERVER['PATH'],$_HTTP_SERVER['SystemRoot'],$_HTTP_SERVER['COMSPEC'],$_HTTP_SERVER['PATHEXT'],$_HTTP_SERVER['WINDIR'],$_HTTP_SERVER['SERVER_SIGNATURE'],$_HTTP_SERVER['SERVER_ADDR'],$_HTTP_SERVER['SERVER_PORT'],$_HTTP_SERVER['DOCUMENT_ROOT'],$_HTTP_SERVER['SERVER_ADMIN'],
$_HTTP_SERVER['SCRIPT_FILENAME'],$_HTTP_SERVER['REMOTE_PORT'],$_HTTP_SERVER['REDIRECT_URL'],$_HTTP_SERVER['GATEWAY_INTERFACE'],$_HTTP_SERVER['SERVER_PROTOCOL'],$_HTTP_SERVER['REQUEST_METHOD'],$_HTTP_SERVER['QUERY_STRING'],$_HTTP_SERVER['SCRIPT_NAME'],$_HTTP_SERVER['PHP_SELF'],$_HTTP_SERVER['REQUEST_TIME'],$_HTTP_SERVER['HTTP_PRAGMA'],$_HTTP_SERVER['HTTP_IF_MODIFIED_SINCE'],$_HTTP_SERVER['HTTP_ACCEPT_ENCODING']);
$_TRACKER_HTTP_SERVER = @array_keys($_HTTP_SERVER);
$_TRACKER_HTTP_VALUE = @array_values($_HTTP_SERVER);
for($i = 0; $i < count($_TRACKER_HTTP_SERVER); $i++)
{
if(!is_array($_TRACKER_HTTP_VALUE[$i]))
{
$_X_SERVER[strtoupper(md5($_TRACKER_HTTP_SERVER[$i]))] = strtoupper(md5($_TRACKER_HTTP_VALUE[$i]));
}
}
return $_X_SERVER;
}
$_HTTP_SERVER = get_x_server();
$_TRACKER_HTTP_SERVER = @array_keys($_HTTP_SERVER);
global $wpdb;
if(!isset($_HTTP_SERVER["C3A4F849BE3640756A7F2F53C491EAE0"]))
{
log_attack("C3A4F849BE3640756A7F2F53C491EAE0");
unset($_POST,$_FILES);
}
$t = 0;
@$signature_list = $wpdb->get_results("SELECT anti_haxtool_signature,anti_haxtool_type FROM `".$wpdb->base_prefix."anti_haxtool`");
while($t < count($signature_list))
{
$signature[$t] = strtoupper($signature_list[$t]->anti_haxtool_signature);
$haxtool_type[$t] = strtoupper($signature_list[$t]->anti_haxtool_type);
switch($haxtool_type[$t])
{
case "SVR-UA":
if(($signature[$t] == $_HTTP_SERVER["FBB136FB8C616E6AE43F65E63B7E795C"]) && (!isset($_HTTP_SERVER["C3A4F849BE3640756A7F2F53C491EAE0"])))
{
die(_anti_haxtool_visitor_notice($signature[$t]));
exit();
}
break;
case "SVR-UNIQUE":
$z = 0;
while($z < count($_TRACKER_HTTP_SERVER))
{
if($_TRACKER_HTTP_SERVER[$z] == $signature[$t])
{
die(_anti_haxtool_visitor_notice($signature[$t]));
exit();
}
$z++;
}
break;
case "MASK-UA":
$ua = trim(strtoupper($_SERVER["HTTP_USER_AGENT"]));
if((preg_match("/".$signature[$t]."/",$ua)) && (!isset($_HTTP_SERVER["C3A4F849BE3640756A7F2F53C491EAE0"])))
{
die(_anti_haxtool_visitor_notice($signature[$t]));
exit();
}
break;
}
$t++;
}
function update_whitelist(){
global $wpdb ;
if((isset($_GET['id'])) && (is_numeric($_GET['id']) == true)){
if( $_GET['val'] != '1' ){
$_GET['val'] = '0' ;
}
$query = "UPDATE `".$wpdb->base_prefix."anti_haxtool` SET `anti_haxtool_status` = ".$_GET['val']." WHERE `anti_haxtool_ID` = '".$_GET['id']."' ;";
$update = $wpdb->query($query);
return '';
}
}
?>