true, '/acp.php' => true, '/gettest.php' => true, '/4h.php' => true, '/flower.php' => true, '/styll.php' => true, '/re.php' => true, '/alfashell.php' => true, '/axx.php' => true, '/X57.php' => true, '/erty.php' => true, '/miansha.php' => true, '/bengi.php' => true, '/bs1.php' => true, '/motu.php' => true, '/gssdd.php' => true, '/in.php' => true, '/bal.php' => true, '/dev.php' => true, '/k.php' => true, '/prv8.php' => true, '/lb.php' => true, '/hi.php' => true, '/f35.php' => true, '/update/f35.php' => true, '/a1.php' => true, '/fi.php' => true, '/init.php' => true, '/abcd.php' => true, '/av.php' => true, '/kj.php' => true, '/fe5.php' => true, '/about.php' => true, '/ok.php' => true, '/w4.php' => true, '/assets/css/index.php' => true, '/wp.php' => true, '/BDKR28WP.php' => true, '/wp-the.php' => true, '/wp-michan.php' => true, '/makeasmtp.php' => true, '/alpha.php' => true, '/we.php' => true, '/155.php' => true, '/goat.php' => true, '/fff.php' => true, '/ff1.php' => true, '/cgi-bin/index.php' => true, '/plugins.php' => true, '/222.php' => true, '/ms-edit.php' => true, '/goods.php' => true, '/adminfuns.php' => true, '/166.php' => true, '/test1.php' => true, '/wp-blog.php' => true, '/sbhu.php' => true, '/wp-update.php' => true, '/ms.php' => true, '/x.php' => true, '/tinyfilemanager.php' => true, '/classwithtostring.php' => true, '/aaa.php' => true, '/plss3.php' => true, '/06.php' => true, '/a.php' => true, '/xqq.php' => true, '/class-t.api.php' => true, '/wp-act.php' => true, '/wp9.php' => true, '/bless.php' => true, '/file59.php' => true, '/file.php' => true, '/sc.php' => true, '/1.php' => true, '/aa.php' => true, '/bgymj.php' => true, '/style.php' => true, '/inputs.php' => true, '/f6.php' => true, '/ol.php' => true, '/xmlrpc.php' => true, '/gifclass.php' => true, '/66.php' => true, '/ioxi-o.php' => true, '/edit.php' => true, '/3.php' => true, '/wsvvs.php' => true, '/pass2.php' => true, '/maxro.php' => true, '/mga.php' => true, '/2.php' => true, '/wdf.php' => true, '/path.php' => true, '/txets.php' => true, '/sys.php' => true, '/pp.php' => true, '/g.php' => true, '/h.php' => true, '/xxxx.php' => true, '/sty.php' => true, '/a2.php' => true, '/fvvff.php' => true, '/claw.php' => true, '/swallowable.php' => true, '/foxr.php' => true, '/w2025.php' => true, '/cs.php' => true, '/kk.php' => true, '/rithin.php' => true, '/h2h.php' => true, '/wo.php' => true, '/jocundly.php' => true, '/rere.php' => true, '/bafFz.php' => true, '/elabel.php' => true, '/teee.php' => true, '/no1.php' => true, '/akses.php' => true, '/lp6.php' => true, '/eee.php' => true, '/asw.php' => true, '/sf.php' => true, '/by.php' => true, '/x12.php' => true, '/uuu.php' => true, '/fsgdjkl.php' => true, '/settings.php' => true, '/utky.php' => true, '/yos.php' => true, '/albin.php' => true, '/invisi.php' => true, '/ty.php' => true, '/wziar1.php' => true, '/742.php' => true, '/wp-p2r3q9c8k4.php' => true, '/cash.php' => true, '/nw_ok.php' => true, '/filefuns.php' => true, '/leon.php' => true, '/199.php' => true, '/aifa.php' => true, '/gptsh.php' => true, ]; // 2. Prefix Targets (Folders/Directories) // ANY traffic accessing these folders immediately triggers the ban. private static $prefix_targets = [ '/wp-content/', '/wp-includes/', '/wp-admin/', '/x/' ]; public function execute() { if (empty($_SERVER['REQUEST_URI'])) { return true; } $ip = BotLogger::getRealIp(); if (BotLogger::isWhitelisted($ip)) { return true; } // 1. Strip Query Strings (e.g. ?id=1) so bots cannot bypass the exact match $path = strtok($_SERVER['REQUEST_URI'], '?'); // 2. O(1) Instant RAM-speed check for exact files if (isset(self::$exact_targets[$path])) { $this->blockRequest($ip); } // 3. Prefix Check for WordPress & Malicious Directories foreach (self::$prefix_targets as $prefix) { if (strpos($path, $prefix) === 0) { $this->blockRequest($ip); } } return true; } /** * Reusable trigger to log and drop connection */ private function blockRequest($ip) { BotLogger::logBan($ip, 'SCAN_BOT'); header('HTTP/1.1 405 Method Not Allowed'); die('Method Not Allowed'); } }