Jump to content

Recommended Posts

Folks,

 

i have two PHP scripts, i want to know what do both of them do, though i have lil bit idea about that.

 

Scripts are below:

 

index.php

 

<?php

 

/*

 

* Full page Iframe to display the offer URL and prevent bots from following the link to the final destination URL

 

*

 

* Edit the values for $offerURL

 

* Add content filler in the <noframes> section to help your quality score

 

* Edit the title

 

* Edit meta description content

 

* Edit meta keywords content

 

*

 

* Save As: new file name

 

* Upload to your server along with the r-decode.php file

 

*

 

* That's it!

 

*

 

*/

 

$offerURL = "http://www.hostgator.com/";//put your offer's affiliate jump link here

 

$offerURL = trim($offerURL);//do not edit this line

 

$thisRedirectUrl = base64_encode($offerURL);//do not edit this line

 

$thisRedirectUrl = "r-decode.php?{$thisRedirectUrl}";//do not edit this line

 

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"

 

"http://www.w3.org/TR/html4/strict.dtd">

 

<html>

 

<head>

 

<title>Edit Me</title>

 

<META name="description" content="">

 

<META name="keywords" content="">

 

</head>

 

<frameset rows="100%,*" border="0">

 

<frame src="<? echo $thisRedirectUrl; ?>" frameborder="0" />

 

<frame frameborder="0" noresize />

 

<noframes>

 

Put content here...

 

</noframes>

 

</frameset>

 

</html>

 

 

 

r-decode.php

 

<?php

 

// Note: there's no need to modify this file. Just upload it to your server along with the iframe file.

 

// this file redirects the user to your affiliate link while hiding the refer information from the destination URL

 

$thisReferringUrl = @$_SERVER["HTTP_REFERER"];//use default in case the requested url is invalid

 

$clientIPNumber = @$_SERVER["REMOTE_ADDR"];

 

$clitentBrowserUserAgent = @$_SERVER["HTTP_USER_AGENT"];

 

if (empty($clitentBrowserUserAgent)){

 

//no useragent means it's a bot

 

header("HTTP/1.0 301 Permanent Redirect");

 

header("Location: http://127.0.0.1",true,301);

 

exit;

 

}

 

$topMargin = rand(10,111);

 

$thisRedirectUrl = null;

 

$imagePropertiesArr = array();

 

if (!empty($imagesArr)){

 

$rand_key = array_rand($imagesArr, 1);

 

$imageProperties = $imagesArr[$rand_key];

 

$imagePropertiesArr = explode("|",$imageProperties);

 

}

 

$url_encoded = @$_SERVER["QUERY_STRING"];

 

if (!empty($url_encoded)){

 

$url_encoded = trim($url_encoded);

 

$url_decoded = base64_decode($url_encoded);

 

if (checkValidURL($url_decoded)){

 

$thisRedirectUrl = $url_decoded;

 

}

 

}

 

function checkValidURL($siteurl){

 

$siteurl = trim($siteurl);

 

$siteurlVal = $siteurl;

 

$siteurlVal = ereg_replace("[^a-zA-Z0-9?:=,;@#$|&+%\/._-]", "", $siteurlVal);//strip out invalid chars

 

if ($siteurl != $siteurlVal) return false;

 

if(ereg("^http://.+\\..+$", $siteurl) || ereg("^https://.+\\..+$", $siteurl))

 

return true;

 

else

 

return false;

 

}

 

if (empty($thisRedirectUrl)){

 

header("HTTP/1.1 404");

 

header("Location: 404");

 

exit;

 

}

 

//echo $thisRedirectUrl;

 

//exit;

 

//header("Expires: " . gmdate("D, d M Y H:i:s") . " GMT");

 

//header("Pragma: no-cache");

 

//header("HTTP/1.0 301 Permanent Redirect");

 

?><html>

 

<head>

 

<meta name="robots" content="noindex,nofollow">

 

<meta http-equiv="refresh" content="0;url=<? echo $thisRedirectUrl; ?>" />

 

</head>

 

<body>

 

<script language="JavaScript" type="text/javascript">

 

function go(){

 

document.location.href="<? echo $thisRedirectUrl; ?>";

 

}

 

setTimeout ('go()', 1);

 

</script>

 

</body>

 

</html>

 

 

 

Thanks for your help,

Natasha Thomas

Link to comment
https://forums.phpfreaks.com/topic/167257-what-does-this-piece-of-php-codes-do/
Share on other sites

From what I can see the scripts you are asking about are from an affiliate network.

 

The affiliate network look like they are using frames to display content such as adverts from third party advertisers on a webpage where these scripts are present. As for the second script, it looks as though It is collecting information about a user such as their browser and so on, which is also passed onto the affiliate network.

The first script loads an iframe and as a src it defines r-decode with some parameter. Now once the page loads the src is read and the php code inside r-decode executed. If it is a bot they are redirected to their loopback address.

  • 2 weeks later...

You said it collects info for an affiliate site?

 

Can you tell what affiliate site it is collecting for?

The only destination I see is "http://127.0.0.1"

which I thought was a loopback address?

Meaning it just loops back to to:

 

"$offerURL = "http://www.hostgator.com/";//put your offer's affiliate jump link here"

You said it collects info for an affiliate site?

 

Can you tell what affiliate site it is collecting for?

The only destination I see is "http://127.0.0.1"

which I thought was a loopback address?

Meaning it just loops back to to:

 

"$offerURL = "http://www.hostgator.com/";//put your offer's affiliate jump link here"

 

127.0.0.1 is indeed a loopback address depending on who is using it. If I use 127.0.0.1 then I'll be using my own loopback address and not yours (as you will use yours and not mine). 127.0.0.1 is a reserved class B network address. Like all addresses in the format x.x.x.0 and x.x.x.255. So when you order your crawler to go to 127.0.0.1 it will do so on its own server not yours (I think this must be the technical equivalent to: go **** yourself).

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.