ＳＫＹＳＨＥＬＬＭＡＮＡＧＥＲ

📁 ＳＫＹＳＨＥＬＬＭＡＮＡＧＥＲ PHP v7.4.33

Path:root/home/clients/24bc4cc68eb7a0f1b96eb8e8f40cae6e/web/guggul/

Name	Size	Perm	Actions
📁 wp-includes	-	0755	🗑️ 🏷️
📁 wp-admin	-	0755	🗑️ 🏷️
📁 wp-content	-	0755	🗑️ 🏷️
📄 wp-config.php	4.06 KB	0755	🗑️ 🏷️ ⬇️ ✏️
📄 wp-trackback.php	5.09 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-signup.php	33.81 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-settings.php	31.88 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-mail.php	8.52 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-login.php	50.63 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-load.php	3.84 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-links-opml.php	2.43 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-cron.php	5.49 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-comments-post.php	2.27 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-config-sample.php	3.26 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-blog-header.php	0.34 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-activate.php	7.2 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wordfence-waf.php	0.18 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 readme.2cb81e78f70f22911f289dd51833c9d7.html	7.23 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 mma-export-processing-invoices.php	8.41 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 mma-export-processing-invoices-dyn.php	33.82 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 license.txt	19.44 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 index.php	0.4 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 .htaccess.bak_20260612_085256	3.89 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 .htaccess	4.85 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 xmlrpc.php	3.13 KB	0644	🗑️ 🏷️ ⬇️ ✏️

Edit: deploy_shield.sh

#!/bin/bash

echo "🛡️ Déploiement du Bouclier V5 (Filtre JSON & PayPal)..."

find ./sites ./web -maxdepth 3 -name "wp-config.php" -type f 2>/dev/null | while read -r config_file; do
    site_dir=$(dirname "$config_file")
    mu_dir="$site_dir/wp-content/mu-plugins"
    plugin_file="$mu_dir/perfline-anti-carding.php"

echo "▶ Traitement de : $site_dir"
    mkdir -p "$mu_dir"

cat << 'EOF' > "$plugin_file"
<?php
/**
 * Plugin Name: Perfline Anti-Carding Shield
 * Description: Bloque les attaques JSON headless et l'exploit PayPal Payments.
 * Version: 5.0 (Ultimate)
 * Author: Perfline SA
 */

if ( ! defined( 'ABSPATH' ) ) exit;

function perfline_get_ip() {
    $headers = ['HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP', 'REMOTE_ADDR'];
    foreach ($headers as $h) { if (!empty($_SERVER[$h])) return trim(explode(',', $_SERVER[$h])[0]); }
    return '0.0.0.0';
}

add_action( 'init', 'perfline_ultimate_bot_blocker', 1 );
function perfline_ultimate_bot_blocker() {
    if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) return;

$uri = $_SERVER['REQUEST_URI'] ?? '';

// 1. BLOCAGE DU STORE API WOOCOMMERCE (Bypass .htaccess)
    // Les bots utilisent l'API Store pour remplir le panier en douce. FunnelKit n'en a pas besoin.
    if ( strpos( $uri, 'wp-json/wc/store/' ) !== false ) {
        perfline_log_block( "Tentative d'utilisation du Store API ({$uri})" );
        status_header( 403 ); exit('Access Denied (API).');
    }

// 2. BLOCAGE DE L'EXPLOIT PAYPAL (La signature du Bot)
    // On analyse les requêtes envoyées spécifiquement à PayPal
    if ( strpos( $uri, 'wc-ajax=ppc-create-order' ) !== false ) {
        $raw_data = file_get_contents('php://input');
        if ( !empty($raw_data) ) {
            $json = json_decode($raw_data, true);
            
            // Si c'est une création de commande depuis le checkout...
            if ( isset($json['context']) && $json['context'] === 'checkout' ) {
                // ...et que le formulaire encodé est vide (Signature du bot !)
                if ( empty($json['form_encoded']) ) {
                    perfline_log_block( "Exploit PayPal détecté (form_encoded vide)" );
                    status_header( 403 ); exit('Access Denied (PP).');
                }
            }
        }
    }
}

// 3. HONEYPOT CLASSIQUE (Pour les bots plus basiques)
add_filter( 'woocommerce_checkout_fields' , 'perfline_add_trap_fields' );
function perfline_add_trap_fields( $fields ) {
    $fields['billing']['billing_fax_company_ext'] = array(
        'type' => 'text', 'class' => array('perfline-hp-hidden'), 'required' => false,
    );
    return $fields;
}
add_action('wp_head', function() {
    echo '<style>.perfline-hp-hidden { display: none !important; opacity: 0 !important; position: absolute !important; left: -9999px !important; z-index: -1 !important; }</style>';
});
add_action('woocommerce_checkout_process', function() {
    if ( ! empty( $_POST['billing_fax_company_ext'] ) ) {
        perfline_log_block( 'Honeypot classique rempli' );
        status_header( 403 ); exit('Access Denied (HP).');
    }
});
EOF

echo "   ✅ Bouclier V5 déployé avec succès."
done

echo "🎉 Terminé ! Les portes dérobées sont condamnées."

Fatal error: Uncaught Error: Call to undefined function wp_check_php_mysql_versions() in /home/clients/24bc4cc68eb7a0f1b96eb8e8f40cae6e/web/guggul/wp-settings.php:40 Stack trace: #0 /home/clients/24bc4cc68eb7a0f1b96eb8e8f40cae6e/web/guggul/wp-config.php(91): require_once() #1 /home/clients/24bc4cc68eb7a0f1b96eb8e8f40cae6e/web/guggul/wp-load.php(50): require_once('/home/clients/2...') #2 /home/clients/24bc4cc68eb7a0f1b96eb8e8f40cae6e/web/guggul/wp-blog-header.php(13): require_once('/home/clients/2...') #3 /home/clients/24bc4cc68eb7a0f1b96eb8e8f40cae6e/web/guggul/index.php(17): require('/home/clients/2...') #4 {main} thrown in /home/clients/24bc4cc68eb7a0f1b96eb8e8f40cae6e/web/guggul/wp-settings.php on line 40

📁 ＳＫＹＳＨＥＬＬ ＭＡＮＡＧＥＲ PHP v7.4.33

Edit: deploy_shield.sh

📁 ＳＫＹＳＨＥＬＬＭＡＮＡＧＥＲ PHP v7.4.33