function rs_wpss_trackback_content_filter($commentdata, $spamshield_options)
{
/***
* Trackback Content Filter
* This will knock out 98% of Trackback Spam
* Keeping this separate and before trackback IP filter because it's fast
* If passes this, then next filter will take out the rest
***/
/* Timer Start - Content Filter */
if (empty($commentdata['start_time_content_filter'])) {
$wpss_start_time_content_filter = microtime(TRUE);
$commentdata['start_time_content_filter'] = $wpss_start_time_content_filter;
}
$content_filter_status = $wpss_error_code = '';
/* Must go before tests */
$block_all_trackbacks = $spamshield_options['block_all_trackbacks'];
$block_all_pingbacks = $spamshield_options['block_all_pingbacks'];
$commentdata_comment_type = $commentdata['comment_type'];
$commentdata_comment_author = $commentdata['comment_author'];
$commentdata_comment_author_deslashed = stripslashes($commentdata_comment_author);
$commentdata_comment_author_lc = rs_wpss_casetrans('lower', $commentdata_comment_author);
$commentdata_comment_author_lc_deslashed = stripslashes($commentdata_comment_author_lc);
$commentdata_comment_author_url = $commentdata['comment_author_url'];
$commentdata_comment_author_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_url);
$commentdata_comment_author_url_domain_lc = rs_wpss_get_domain($commentdata_comment_author_url_lc);
$commentdata_comment_content = $commentdata['comment_content'];
$commentdata_comment_content_lc = rs_wpss_casetrans('lower', $commentdata_comment_content);
$commentdata_comment_content_lc_deslashed = stripslashes($commentdata_comment_content_lc);
/***
* For 1-HT Test - Other version using rs_wpss_parse_links() is more robust but not needed yet - current implementation is faster.
***/
$server_ip_cbl = rs_wpss_get_ip_cbl(WPSS_SERVER_ADDR);
/* Site Server IP C-Block */
$commentdata_remote_addr = rs_wpss_get_ip_addr();
$commentdata_remote_addr_lc = rs_wpss_casetrans('lower', $commentdata_remote_addr);
$commentdata_ip_cbl = rs_wpss_get_ip_cbl($commentdata_remote_addr_lc);
$commentdata_user_agent = rs_wpss_get_user_agent(TRUE, FALSE);
$commentdata_user_agent_lc = rs_wpss_casetrans('lower', $commentdata_user_agent);
$commentdata_user_agent_lc_word_count = rs_wpss_count_words($commentdata_user_agent_lc);
$trackback_length = $commentdata['body_content_len'];
$trackback_max_length = 3072;
/* 3kb */
$commentdata_comment_author_lc_spam_strong = '<strong>' . $commentdata_comment_author_lc_deslashed . '</strong>';
/* Trackbacks */
$commentdata_comment_author_lc_spam_strong_dot1 = '...</strong>';
/* Trackbacks */
$commentdata_comment_author_lc_spam_strong_dot2 = '...</b>';
/* Trackbacks */
$commentdata_comment_author_lc_spam_strong_dot3 = '<strong>...';
/* Trackbacks */
$commentdata_comment_author_lc_spam_strong_dot4 = '<b>...';
/* Trackbacks */
$commentdata_comment_author_lc_spam_a1 = $commentdata_comment_author_lc_deslashed . '</a>';
/* Trackbacks/Pingbacks */
$commentdata_comment_author_lc_spam_a2 = $commentdata_comment_author_lc_deslashed . ' </a>';
/* Trackbacks/Pingbacks */
if ($commentdata_remote_addr === WPSS_SERVER_ADDR && $commentdata['comment_type'] === 'pingback') {
$local_pingback = TRUE;
} else {
$local_pingback = FALSE;
}
if (!empty($block_all_trackbacks) && $commentdata['comment_type'] === 'trackback') {
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
$wpss_error_code .= ' BLOCKING-TRACKBACKS ';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if (!empty($block_all_pingbacks) && $commentdata['comment_type'] === 'pingback') {
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
$wpss_error_code .= ' BLOCKING-PINGBACKS';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Check Length */
if ($trackback_length > $trackback_max_length) {
/* There is no reason for an exceptionally long Trackback or Pingback. */
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
$wpss_error_code .= ' T-LONG3K';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Test User-Agents */
if (empty($commentdata_user_agent_lc)) {
/* There is no reason for a blank UA String, unless it's been altered. */
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
$wpss_error_code .= ' TUA1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
$trackback_is_mobile = wp_is_mobile();
$trackback_is_firefox = rs_wpss_is_firefox();
global $is_chrome, $is_IE, $is_gecko, $is_opera, $is_safari, $is_iphone, $is_lynx, $is_NS4;
if ($trackback_is_mobile || $trackback_is_firefox || $is_chrome || $is_IE || $is_gecko || $is_opera || $is_safari || $is_iphone || $is_lynx || $is_NS4) {
/* There is no reason for a normal browser's UA String to be used in a Trackback/Pingback, unless it's been altered. */
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
$wpss_error_code .= ' TUA1002';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/***
* TUA1003 - Another test for altered UA's.
* DEPRECATED - Removed 1.7.5
***/
if (rs_wpss_skiddie_ua_check($commentdata_user_agent_lc)) {
/* There is no reason for a human or Trackback/Pingback to use one of these UA strings. Commonly used to attack/spam WP. */
$content_filter_status = '3';
$wpss_error_code .= ' TUA1004';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* TRACKBACK/PINGBACK SPECIFIC TESTS - BEGIN */
/* TRACKBACK COOKIE TEST - Trackbacks can't have cookies, but some fake ones do. SMH. */
if (!empty($_COOKIE)) {
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
$wpss_error_code .= ' T-COOKIE';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Body Content - Check for excessive number of links (any) in trackback ( body_content ) */
$trackback_count_http = rs_wpss_substr_count($commentdata_comment_content_lc_deslashed, 'http://');
$trackback_count_https = rs_wpss_substr_count($commentdata_comment_content_lc_deslashed, 'https://');
$trackback_num_links = $trackback_count_http + $trackback_count_https;
$trackback_num_limit = 0;
if (empty($local_pingback) && $trackback_num_links > $trackback_num_limit) {
/* Not using rs_wpss_parse_links() since this should be zero anyway, this is faster */
/* Genuine trackbacks should have text only, not hyperlinks */
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
$wpss_error_code .= ' T-1-HT';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if (preg_match("~\\[\\.{1,3}\\]\\s*\\[\\.{1,3}\\]~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
$wpss_error_code .= ' T200-1';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/***
* T3000-1 - WordPress UA for a Trackback
* DEPRECATED - Removed 1.7.5
***/
/***
* T1001-1, T1002-1, T1003-1
* Testing if Bot Uses Faked User-Agent for WordPress version that doesn't exist yet
* Check History of WordPress User-Agents and Keep up to Date
* Current: 'The Incutio XML-RPC PHP Library -- WordPress/4.0.1'
* DEPRECATED - Removed 1.7.5
***/
/***
* T1010-1
* Check to see if Comment Author is lowercase. Normal blog ping Authors are properly capitalized. No brainer.
* DEPRECATED - Removed 1.7.5
***/
/* IP / PROXY INFO - BEGIN */
global $wpss_ip_proxy_info;
if (empty($wpss_ip_proxy_info)) {
$wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
}
extract($wpss_ip_proxy_info);
/* IP / PROXY INFO - END */
$local_pingback_proxy = FALSE;
if ($commentdata_ip_cbl === $server_ip_cbl && $ip_proxy === 'PROXY DETECTED' && $commentdata['comment_type'] === 'pingback') {
/* For sites using proxies like Cloudflare, etc. - Added 1.9.6.8 */
$local_pingback_proxy = TRUE;
}
if (empty($local_pingback) && empty($local_pingback_proxy) && $ip_proxy === 'PROXY DETECTED') {
/* Check to see if Trackback/Pingback is using proxy. (With exceptions for sites using proxies such as Cloudflare.) Real ones don't since they come directly from a website/server. (Or they hide their tracks better.) */
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
$wpss_error_code .= ' T1011-FPD-1';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* REVDNS FILTER */
$rev_dns_filter_data = rs_wpss_revdns_filter('trackback', $content_filter_status, $ip, $reverse_dns_lc, $commentdata_comment_author_lc_deslashed);
$revdns_blacklisted = $rev_dns_filter_data['blacklisted'];
if (!empty($revdns_blacklisted)) {
$content_filter_status = $rev_dns_filter_data['status'];
$wpss_error_code .= $rev_dns_filter_data['error_code'];
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/***
* MISC - T1020-1, T2003-1, T2003-1, T2004-1, T2005-1, T2006-1, T2007-1-1, T2007-2-1, T2010-1, T3001-1, T3002-1, T3003-1-1, T3003-2-1, T3003-3-1, T9000 Variants
* DEPRECATED - Removed 1.7.5
***/
/* Blacklisted Domains Check */
if (rs_wpss_domain_blacklist_chk($commentdata_comment_author_url_domain_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
$wpss_error_code .= ' T-10500AU-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Check for URL Shorteners, Bogus Long URLs, Social Media, and Misc Spam Domains */
if (rs_wpss_at_link_spam_url_chk($commentdata_comment_author_url_lc, 'trackback')) {
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
$wpss_error_code .= ' T-10510AU-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* TRACKBACK/PINGBACK SPECIFIC TESTS - END */
/***
* return rs_wpss_exit_content_filter( $commentdata, $spamshield_options, $wpss_error_code, $content_filter_status );
***/
/* After rs_wpss_exit_content_filter() implemented, can remove following code - BEGIN */
if (!empty($wpss_error_code)) {
$wpss_error_code = trim($wpss_error_code);
/* Timer End - Content Filter */
$wpss_end_time_content_filter = microtime(TRUE);
$wpss_total_time_content_filter = rs_wpss_timer($commentdata['start_time_content_filter'], $wpss_end_time_content_filter, FALSE, 6, TRUE);
$commentdata['total_time_content_filter'] = $wpss_total_time_content_filter;
}
/* After rs_wpss_exit_content_filter() implemented, can remove previous code - END */
$commentdata['wpss_error_code'] = trim($wpss_error_code);
$commentdata['content_filter_status'] = $content_filter_status;
return $commentdata;
}
function rs_wpss_compare_ip_cbl($ip_1 = NULL, $ip_2 = NULL)
{
/**
* Compare two IP address C-Blocks to see if they match
*/
if (empty($ip_1) || empty($ip_2)) {
return FALSE;
}
$ip_1_cbl = rs_wpss_get_ip_cbl($ip_1);
$ip_2_cbl = rs_wpss_get_ip_cbl($ip_2);
if ($ip_1_cbl === $ip_2_cbl) {
return TRUE;
}
return FALSE;
}
