function rs_wpss_trackback_content_filter($commentdata, $spamshield_options) { /*** * Trackback Content Filter * This will knock out 98% of Trackback Spam * Keeping this separate and before trackback IP filter because it's fast * If passes this, then next filter will take out the rest ***/ /* Timer Start - Content Filter */ if (empty($commentdata['start_time_content_filter'])) { $wpss_start_time_content_filter = microtime(TRUE); $commentdata['start_time_content_filter'] = $wpss_start_time_content_filter; } $content_filter_status = $wpss_error_code = ''; /* Must go before tests */ $block_all_trackbacks = $spamshield_options['block_all_trackbacks']; $block_all_pingbacks = $spamshield_options['block_all_pingbacks']; $commentdata_comment_type = $commentdata['comment_type']; $commentdata_comment_author = $commentdata['comment_author']; $commentdata_comment_author_deslashed = stripslashes($commentdata_comment_author); $commentdata_comment_author_lc = rs_wpss_casetrans('lower', $commentdata_comment_author); $commentdata_comment_author_lc_deslashed = stripslashes($commentdata_comment_author_lc); $commentdata_comment_author_url = $commentdata['comment_author_url']; $commentdata_comment_author_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_url); $commentdata_comment_author_url_domain_lc = rs_wpss_get_domain($commentdata_comment_author_url_lc); $commentdata_comment_content = $commentdata['comment_content']; $commentdata_comment_content_lc = rs_wpss_casetrans('lower', $commentdata_comment_content); $commentdata_comment_content_lc_deslashed = stripslashes($commentdata_comment_content_lc); /*** * For 1-HT Test - Other version using rs_wpss_parse_links() is more robust but not needed yet - current implementation is faster. ***/ $server_ip_cbl = rs_wpss_get_ip_cbl(WPSS_SERVER_ADDR); /* Site Server IP C-Block */ $commentdata_remote_addr = rs_wpss_get_ip_addr(); $commentdata_remote_addr_lc = rs_wpss_casetrans('lower', $commentdata_remote_addr); $commentdata_ip_cbl = rs_wpss_get_ip_cbl($commentdata_remote_addr_lc); $commentdata_user_agent = rs_wpss_get_user_agent(TRUE, FALSE); $commentdata_user_agent_lc = rs_wpss_casetrans('lower', $commentdata_user_agent); $commentdata_user_agent_lc_word_count = rs_wpss_count_words($commentdata_user_agent_lc); $trackback_length = $commentdata['body_content_len']; $trackback_max_length = 3072; /* 3kb */ $commentdata_comment_author_lc_spam_strong = '<strong>' . $commentdata_comment_author_lc_deslashed . '</strong>'; /* Trackbacks */ $commentdata_comment_author_lc_spam_strong_dot1 = '...</strong>'; /* Trackbacks */ $commentdata_comment_author_lc_spam_strong_dot2 = '...</b>'; /* Trackbacks */ $commentdata_comment_author_lc_spam_strong_dot3 = '<strong>...'; /* Trackbacks */ $commentdata_comment_author_lc_spam_strong_dot4 = '<b>...'; /* Trackbacks */ $commentdata_comment_author_lc_spam_a1 = $commentdata_comment_author_lc_deslashed . '</a>'; /* Trackbacks/Pingbacks */ $commentdata_comment_author_lc_spam_a2 = $commentdata_comment_author_lc_deslashed . ' </a>'; /* Trackbacks/Pingbacks */ if ($commentdata_remote_addr === WPSS_SERVER_ADDR && $commentdata['comment_type'] === 'pingback') { $local_pingback = TRUE; } else { $local_pingback = FALSE; } if (!empty($block_all_trackbacks) && $commentdata['comment_type'] === 'trackback') { if (empty($content_filter_status)) { $content_filter_status = '3'; } $wpss_error_code .= ' BLOCKING-TRACKBACKS '; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if (!empty($block_all_pingbacks) && $commentdata['comment_type'] === 'pingback') { if (empty($content_filter_status)) { $content_filter_status = '3'; } $wpss_error_code .= ' BLOCKING-PINGBACKS'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Check Length */ if ($trackback_length > $trackback_max_length) { /* There is no reason for an exceptionally long Trackback or Pingback. */ if (empty($content_filter_status)) { $content_filter_status = '3'; } $wpss_error_code .= ' T-LONG3K'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Test User-Agents */ if (empty($commentdata_user_agent_lc)) { /* There is no reason for a blank UA String, unless it's been altered. */ if (empty($content_filter_status)) { $content_filter_status = '3'; } $wpss_error_code .= ' TUA1001'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } $trackback_is_mobile = wp_is_mobile(); $trackback_is_firefox = rs_wpss_is_firefox(); global $is_chrome, $is_IE, $is_gecko, $is_opera, $is_safari, $is_iphone, $is_lynx, $is_NS4; if ($trackback_is_mobile || $trackback_is_firefox || $is_chrome || $is_IE || $is_gecko || $is_opera || $is_safari || $is_iphone || $is_lynx || $is_NS4) { /* There is no reason for a normal browser's UA String to be used in a Trackback/Pingback, unless it's been altered. */ if (empty($content_filter_status)) { $content_filter_status = '3'; } $wpss_error_code .= ' TUA1002'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /*** * TUA1003 - Another test for altered UA's. * DEPRECATED - Removed 1.7.5 ***/ if (rs_wpss_skiddie_ua_check($commentdata_user_agent_lc)) { /* There is no reason for a human or Trackback/Pingback to use one of these UA strings. Commonly used to attack/spam WP. */ $content_filter_status = '3'; $wpss_error_code .= ' TUA1004'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* TRACKBACK/PINGBACK SPECIFIC TESTS - BEGIN */ /* TRACKBACK COOKIE TEST - Trackbacks can't have cookies, but some fake ones do. SMH. */ if (!empty($_COOKIE)) { if (empty($content_filter_status)) { $content_filter_status = '3'; } $wpss_error_code .= ' T-COOKIE'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Body Content - Check for excessive number of links (any) in trackback ( body_content ) */ $trackback_count_http = rs_wpss_substr_count($commentdata_comment_content_lc_deslashed, 'http://'); $trackback_count_https = rs_wpss_substr_count($commentdata_comment_content_lc_deslashed, 'https://'); $trackback_num_links = $trackback_count_http + $trackback_count_https; $trackback_num_limit = 0; if (empty($local_pingback) && $trackback_num_links > $trackback_num_limit) { /* Not using rs_wpss_parse_links() since this should be zero anyway, this is faster */ /* Genuine trackbacks should have text only, not hyperlinks */ if (empty($content_filter_status)) { $content_filter_status = '3'; } $wpss_error_code .= ' T-1-HT'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if (preg_match("~\\[\\.{1,3}\\]\\s*\\[\\.{1,3}\\]~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '3'; } $wpss_error_code .= ' T200-1'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /*** * T3000-1 - WordPress UA for a Trackback * DEPRECATED - Removed 1.7.5 ***/ /*** * T1001-1, T1002-1, T1003-1 * Testing if Bot Uses Faked User-Agent for WordPress version that doesn't exist yet * Check History of WordPress User-Agents and Keep up to Date * Current: 'The Incutio XML-RPC PHP Library -- WordPress/4.0.1' * DEPRECATED - Removed 1.7.5 ***/ /*** * T1010-1 * Check to see if Comment Author is lowercase. Normal blog ping Authors are properly capitalized. No brainer. * DEPRECATED - Removed 1.7.5 ***/ /* IP / PROXY INFO - BEGIN */ global $wpss_ip_proxy_info; if (empty($wpss_ip_proxy_info)) { $wpss_ip_proxy_info = rs_wpss_ip_proxy_info(); } extract($wpss_ip_proxy_info); /* IP / PROXY INFO - END */ $local_pingback_proxy = FALSE; if ($commentdata_ip_cbl === $server_ip_cbl && $ip_proxy === 'PROXY DETECTED' && $commentdata['comment_type'] === 'pingback') { /* For sites using proxies like Cloudflare, etc. - Added 1.9.6.8 */ $local_pingback_proxy = TRUE; } if (empty($local_pingback) && empty($local_pingback_proxy) && $ip_proxy === 'PROXY DETECTED') { /* Check to see if Trackback/Pingback is using proxy. (With exceptions for sites using proxies such as Cloudflare.) Real ones don't since they come directly from a website/server. (Or they hide their tracks better.) */ if (empty($content_filter_status)) { $content_filter_status = '3'; } $wpss_error_code .= ' T1011-FPD-1'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* REVDNS FILTER */ $rev_dns_filter_data = rs_wpss_revdns_filter('trackback', $content_filter_status, $ip, $reverse_dns_lc, $commentdata_comment_author_lc_deslashed); $revdns_blacklisted = $rev_dns_filter_data['blacklisted']; if (!empty($revdns_blacklisted)) { $content_filter_status = $rev_dns_filter_data['status']; $wpss_error_code .= $rev_dns_filter_data['error_code']; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /*** * MISC - T1020-1, T2003-1, T2003-1, T2004-1, T2005-1, T2006-1, T2007-1-1, T2007-2-1, T2010-1, T3001-1, T3002-1, T3003-1-1, T3003-2-1, T3003-3-1, T9000 Variants * DEPRECATED - Removed 1.7.5 ***/ /* Blacklisted Domains Check */ if (rs_wpss_domain_blacklist_chk($commentdata_comment_author_url_domain_lc)) { if (empty($content_filter_status)) { $content_filter_status = '3'; } $wpss_error_code .= ' T-10500AU-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Check for URL Shorteners, Bogus Long URLs, Social Media, and Misc Spam Domains */ if (rs_wpss_at_link_spam_url_chk($commentdata_comment_author_url_lc, 'trackback')) { if (empty($content_filter_status)) { $content_filter_status = '3'; } $wpss_error_code .= ' T-10510AU-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* TRACKBACK/PINGBACK SPECIFIC TESTS - END */ /*** * return rs_wpss_exit_content_filter( $commentdata, $spamshield_options, $wpss_error_code, $content_filter_status ); ***/ /* After rs_wpss_exit_content_filter() implemented, can remove following code - BEGIN */ if (!empty($wpss_error_code)) { $wpss_error_code = trim($wpss_error_code); /* Timer End - Content Filter */ $wpss_end_time_content_filter = microtime(TRUE); $wpss_total_time_content_filter = rs_wpss_timer($commentdata['start_time_content_filter'], $wpss_end_time_content_filter, FALSE, 6, TRUE); $commentdata['total_time_content_filter'] = $wpss_total_time_content_filter; } /* After rs_wpss_exit_content_filter() implemented, can remove previous code - END */ $commentdata['wpss_error_code'] = trim($wpss_error_code); $commentdata['content_filter_status'] = $content_filter_status; return $commentdata; }
function rs_wpss_compare_ip_cbl($ip_1 = NULL, $ip_2 = NULL) { /** * Compare two IP address C-Blocks to see if they match */ if (empty($ip_1) || empty($ip_2)) { return FALSE; } $ip_1_cbl = rs_wpss_get_ip_cbl($ip_1); $ip_2_cbl = rs_wpss_get_ip_cbl($ip_2); if ($ip_1_cbl === $ip_2_cbl) { return TRUE; } return FALSE; }