public static function misc_form_bypass() { /** * Miscellaneous Form Spam Check Bypass */ /* Setup necessary variables */ $url = rs_wpss_get_url(); $url_lc = rs_wpss_casetrans('lower', $url); $req_uri = $_SERVER['REQUEST_URI']; $req_uri_lc = rs_wpss_casetrans('lower', $req_uri); $post_count = count($_POST); $ip = rs_wpss_get_ip_addr(); $user_agent = rs_wpss_get_user_agent(); $referer = rs_wpss_get_referrer(); /* IP / PROXY INFO - BEGIN */ global $wpss_ip_proxy_info; if (empty($wpss_ip_proxy_info)) { $wpss_ip_proxy_info = rs_wpss_ip_proxy_info(); } extract($wpss_ip_proxy_info); /* IP / PROXY INFO - END */ /* GEOLOCATION */ if ($post_count == 6 && isset($_POST['updatemylocation'], $_POST['log'], $_POST['lat'], $_POST['country'], $_POST['zip'], $_POST['myaddress'])) { return TRUE; } /* WP Remote */ if (defined('WPRP_PLUGIN_SLUG') && !empty($_POST['wpr_verify_key']) && preg_match("~\\ WP\\-Remote\$~", $user_agent) && preg_match("~\\.amazonaws\\.com\$~", $reverse_dns)) { return TRUE; } /* Ecommerce Plugins */ if ((rs_wpss_is_ssl() || !empty($_POST['add-to-cart']) || !empty($_POST['add_to_cart']) || !empty($_POST['addtocart']) || !empty($_POST['product-id']) || !empty($_POST['product_id']) || !empty($_POST['productid']) || $user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~(^|\\.)paypal\\.com\$~", $reverse_dns) && $fcrdns === '[Verified]') && self::is_ecom_enabled()) { return TRUE; } if ((rs_wpss_is_ssl() || self::is_ecom_enabled()) && $fcrdns === '[Verified]') { /* PayPal, Stripe, Authorize.net, Worldpay, etc */ if ($user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~(^|\\.)paypal\\.com\$~", $reverse_dns) || $reverse_dns === 'api.stripe.com' || preg_match("~(^|\\.)(authorize\\.net|worldpay\\.com|payfast\\.co\\.za|api\\.mollie\\.nl|api\\.simplifycommerce\\.com|wepayapi\\.com|2checkout\\.com|paylane\\.com)\$~", $reverse_dns)) { return TRUE; } } /* WooCommerce Payment Gateways */ if (self::is_woocom_enabled()) { if ($user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~^(ipn|ipnpb|notify|reports)(\\.sandbox)?\\.paypal\\.com\$~", $reverse_dns) || strpos($req_uri, 'WC_Gateway_Paypal') !== FALSE) { return TRUE; } if (preg_match("~(^|\\.)payfast\\.co\\.za\$~", $reverse_dns) || strpos($req_uri, 'wc-api') !== FALSE && strpos($req_uri, 'WC_Gateway_PayFast') !== FALSE) { return TRUE; } /* Plugin: 'woocommerce-gateway-payfast/gateway-payfast.php' */ if (preg_match("~((\\?|\\&)wc\\-api\\=WC_(Addons_)?Gateway_|/wc\\-api/.*WC_(Addons_)?Gateway_)~", $req_uri)) { return TRUE; } /* $wc_gateways = array( 'WC_Gateway_BACS', 'WC_Gateway_Cheque', 'WC_Gateway_COD', 'WC_Gateway_Paypal', 'WC_Addons_Gateway_Simplify_Commerce', 'WC_Gateway_Simplify_Commerce' ); */ } /* Easy Digital Downloads Payment Gateways */ if (defined('EDD_VERSION')) { if ($user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~^(ipn|ipnpb|notify|reports)(\\.sandbox)?\\.paypal\\.com\$~", $reverse_dns) || !empty($_GET['edd-listener']) && $_GET['edd-listener'] === 'IPN' || strpos($req_uri, 'edd-listener') !== FALSE && strpos($req_uri, 'IPN') !== FALSE) { return TRUE; } if (!empty($_GET['edd-listener']) && $_GET['edd-listener'] === 'amazon' || strpos($req_uri, 'edd-listener') !== FALSE && strpos($req_uri, 'amazon') !== FALSE) { return TRUE; } if (!empty($_GET['edd-listener']) || strpos($req_uri, 'edd-listener') !== FALSE) { return TRUE; } } /* Gravity Forms PayPal Payments Standard Add-On ( http://www.gravityforms.com/add-ons/paypal/ ) */ if (defined('GF_MIN_WP_VERSION') && defined('GF_PAYPAL_VERSION') || class_exists('GFForms') && class_exists('GF_PayPal_Bootstrap')) { if ($url === WPSS_SITE_URL . '/?page=gf_paypal_ipn' && isset($_POST['ipn_track_id'], $_POST['payer_id'], $_POST['receiver_id'], $_POST['txn_id'], $_POST['txn_type'], $_POST['verify_sign'])) { return TRUE; } } /* PayPal IPN */ if (isset($_POST['ipn_track_id'], $_POST['payer_id'], $_POST['payment_type'], $_POST['payment_status'], $_POST['receiver_id'], $_POST['txn_id'], $_POST['txn_type'], $_POST['verify_sign']) && FALSE !== strpos($req_uri_lc, 'paypal') && $user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~^(ipn|ipnpb|notify|reports)(\\.sandbox)?\\.paypal\\.com\$~", $reverse_dns) && $fcrdns === '[Verified]') { return TRUE; } /* Clef */ if (defined('CLEF_VERSION')) { if (preg_match("~^Clef/[0-9](\\.[0-9]+)+\\ \\(https\\://getclef\\.com\\)\$~", $user_agent) && preg_match("~((^|\\.)clef\\.io|\\.amazonaws\\.com)\$~", $reverse_dns)) { return TRUE; } } /* OA Social Login */ if (defined('OA_SOCIAL_LOGIN_VERSION')) { $ref_dom_rev = strrev(rs_wpss_get_domain($referer)); $oa_dom_rev = strrev('api.oneall.com'); if ($post_count >= 4 && isset($_GET['oa_social_login_source'], $_POST['oa_action'], $_POST['oa_social_login_token'], $_POST['connection_token'], $_POST['identity_vault_key']) && $_POST['oa_action'] === 'social_login' && strpos($ref_dom_rev, $oa_dom_rev) === 0) { return TRUE; } } /* Nothing was triggered */ return FALSE; }
private function ip_ban_htaccess() { /*** * Write the updated list of banned IP's to .htaccess. * Added 1.9.4 ***/ $hta_bak_dir = WPSS_CONTENT_DIR_PATH . '/backup'; $hta_wpss_bak_dir = $hta_bak_dir . '/wp-spamshield'; $hta_file = ABSPATH . '/.htaccess'; $hta_bak_file = $hta_wpss_bak_dir . '/original.htaccess'; $wpss_index_file = WPSS_PLUGIN_PATH . '/index.php'; $bak_dir_hta_file = WPSS_PLUGIN_PATH . '/lib/sec/.htaccess'; $ip = rs_wpss_get_ip_addr(); $wpss_ip_ban = get_option('spamshield_ip_ban'); if (empty($wpss_ip_ban)) { return FALSE; } $wpss_ip_ban = rs_wpss_sort_unique($wpss_ip_ban); $banned_ip_count = count($wpss_ip_ban); $ip_ban_rgx = '^(' . str_replace(array('.', ':'), array('\\.', '\\:'), implode('|', $wpss_ip_ban)) . ')$'; $wpss_hta_data = WPSS_EOL . WPSS_EOL . '# BEGIN WP-SpamShield' . WPSS_EOL . WPSS_EOL; $wpss_hta_data .= '<IfModule mod_setenvif.c>' . WPSS_EOL . "\t" . 'SetEnvIf Remote_Addr ' . $ip_ban_rgx . ' WPSS_SEC_THREAT' . WPSS_EOL . '</IfModule>'; $wpss_hta_data .= WPSS_EOL . WPSS_EOL . '# END WP-SpamShield' . WPSS_EOL . WPSS_EOL; $wpss_hta_data_wp = '# BEGIN WordPress'; if (file_exists($hta_file)) { if (!file_exists($hta_wpss_bak_dir)) { wp_mkdir_p($hta_wpss_bak_dir); @chmod($hta_wpss_bak_dir, 0750); @chmod($hta_bak_dir, 0750); @copy($bak_dir_hta_file, $hta_wpss_bak_dir . '/.htaccess'); @copy($wpss_index_file, $hta_wpss_bak_dir . '/index.php'); @copy($bak_dir_hta_file, $hta_bak_dir . '/.htaccess'); @copy($wpss_index_file, $hta_bak_dir . '/index.php'); } if (!file_exists($hta_bak_file)) { @copy($hta_file, $hta_bak_file); } $hta_contents = file_get_contents($hta_file); if (strpos($hta_contents, '# BEGIN WP-SpamShield') !== FALSE && strpos($hta_contents, '# END WP-SpamShield') !== FALSE) { $hta_contents_mod = preg_replace("~#\\ BEGIN\\ WP-SpamShield[\\w\\W]+#\\ END\\ WP-SpamShield~i", trim($wpss_hta_data, WPSS_EOL), $hta_contents); if ($hta_contents_mod !== $hta_contents) { file_put_contents($hta_file, $hta_contents_mod, LOCK_EX); } } elseif (strpos($hta_contents, '# BEGIN WordPress') !== FALSE) { $hta_contents_mod = preg_replace("~#\\ BEGIN\\ WordPress~i", $wpss_hta_data . $wpss_hta_data_wp, $hta_contents); file_put_contents($hta_file, $hta_contents_mod, LOCK_EX); } else { file_put_contents($hta_file, WPSS_EOL . WPSS_EOL . $wpss_hta_data . WPSS_EOL . WPSS_EOL, FILE_APPEND | LOCK_EX); } rs_wpss_append_log_data(WPSS_EOL . 'IP address banned and added to .htaccess block list. IP: ' . $ip, FALSE); } }
function insert_head_js() { /*** * This JavaScript is purposely NOT enqueued. It's not coded improperly. This is done exactly like it is for a very good reason. * It needs to not be modified by any other plugin. * The JS file is really a dynamically generated hybrid script that uses both server-side and client-side code so it requires the PHP functionality. * "But couldn't that be done by..." Stop right there...No, it cannot. ***/ if (TRUE === WPSS_COMPAT_MODE || defined('WPSS_SOFT_COMPAT_MODE')) { return; } if ((!is_admin() && is_user_logged_in() || !is_user_logged_in()) && !rs_wpss_is_admin_sproc()) { echo WPSS_EOL; global $wpss_ao_active; $ao_noop_open = $ao_noop_close = ''; if (empty($wpss_ao_active)) { $wpss_ao_active = rs_wpss_is_plugin_active('autoptimize/autoptimize.php'); } if (!empty($wpss_ao_active)) { $ao_noop_open = '<!--noptimize-->'; $ao_noop_close = '<!--/noptimize-->'; } echo $ao_noop_open . "<script type='text/javascript' src='" . WPSS_PLUGIN_JS_URL . "/jscripts.php'></script>" . $ao_noop_close . " " . WPSS_EOL; if (!empty($_SESSION['wpss_user_ip_init_' . WPSS_HASH])) { $_SESSION['wpss_user_ip_init_' . WPSS_HASH] = rs_wpss_get_ip_addr(); } } }
public static function disable_xmlrpc_multicall($methods) { /** * SECURITY - Disable the XML-RPC 'system.multicall' method * Protect against XML-RPC brute force amplification attacks without breaking functionality * Added 1.9.7.8 */ $ip = rs_wpss_get_ip_addr(); if (!rs_wpss_is_valid_ip($ip) || !preg_match("~^192\\.0\\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\\.~", $ip)) { /* 192.0.64.0-192.0.127.255 (CIDR:192.0.64.0/18) */ unset($methods['system.multicall']); } return $methods; }