/** * Do the HTTP call to and report the spammer * * @param string $username * @param string $email * @param string $ip_addr */ private function _handleReportSpammer($username, $email, $ip_addr) { if (!empty($email)) { $url = 'http://www.stopforumspam.com/add.php'; $call = wp_remote_post($url, array('user-agent' => 'WordPress/AVH ' . AVH_FDAS_Define::PLUGIN_VERSION . '; ' . get_bloginfo('url'), 'body' => array('username' => $username, 'ip_addr' => $ip_addr, 'email' => $email, 'api_key' => $this->_core->getOptionElement('sfs', 'sfsapikey')))); if (is_wp_error($call) || 200 != $call['response']['code']) { $to = get_option('admin_email'); $subject = sprintf('[%s] AVH First Defense Against Spam - ' . __('Error reporting spammer', 'avh-fdas'), wp_specialchars_decode(get_option('blogname'), ENT_QUOTES)); if (is_wp_error($call)) { $message = $call->get_error_messages(); } else { $message[] = $call['body']; } AVH_Common::sendMail($to, $subject, $message, $this->_settings->getSetting('mail_footer')); } } }
/** * Check the nonce field set with a comment. * * @WordPress Filter preprocess_comment * * @param mixed $commentdata * * @return mixed * @since 1.2 * */ public function filterCheckNonceFieldToComment($commentdata) { // When we're in Admin no need to check the nonce. if (!defined('WP_ADMIN') && !defined('XMLRPC_REQUEST')) { if (empty($commentdata['comment_type'])) { // If it's a trackback or pingback this has a value $nonce = wp_create_nonce('avh-first-defense-against-spam_' . $commentdata['comment_post_ID']); if (!wp_verify_nonce($_POST['_avh_first_defense_against_spam'], 'avh-first-defense-against-spam_' . $commentdata['comment_post_ID'])) { if (1 == $this->_core->getOptionElement('general', 'emailsecuritycheck')) { $to = get_option('admin_email'); $ip = AVH_Visitor::getUserIp(); $sfs_apikey = $this->_core->getOptionElement('sfs', 'sfsapikey'); $commentdata['comment_author_email'] = empty($commentdata['comment_author_email']) ? '*****@*****.**' : $commentdata['comment_author_email']; $subject = sprintf('[%s] AVH First Defense Against Spam - ' . __('Comment security check failed', 'avh-fdas'), wp_specialchars_decode(get_option('blogname'), ENT_QUOTES)); if (isset($_POST['_avh_first_defense_against_spam'])) { $message[] = __('Reason: The nonce check failed.', 'avh-fdas'); } else { $message[] = __('Reason: An attempt was made to directly access wp-comment-post.php', 'avh-fdas'); } $message[] = sprintf(__('Username: %s', 'avh-fdas'), $commentdata['comment_author']); $message[] = sprintf(__('Email: %s', 'avh-fdas'), $commentdata['comment_author_email']); $message[] = sprintf(__('IP: %s', 'avh-fdas'), $ip); $message[] = ''; $message[] = __('Comment trying to post:', 'avh-fdas'); $message[] = __('--- START OF COMMENT ---', 'avh-fdas'); $message[] = $commentdata['comment_content']; $message[] = __('--- END OF COMMENT ---', 'avh-fdas'); $message[] = ''; if ('' != $sfs_apikey && !empty($commentdata['comment_author_email'])) { $q['action'] = 'emailreportspammer'; $q['a'] = $commentdata['comment_author']; $q['e'] = $commentdata['comment_author_email']; $q['i'] = $ip; $q['_avhnonce'] = AVH_Security::createNonce($q['a'] . $q['e'] . $q['i']); $query = $this->_core->BuildQuery($q); $report_url = admin_url('admin.php?' . $query); $message[] = sprintf(__('Report spammer: %s'), $report_url); } $message[] = sprintf(__('For more information: http://www.stopforumspam.com/search?q=%s'), $ip); $blacklisturl = admin_url('admin.php?action=blacklist&i=') . $ip . '&_avhnonce=' . AVH_Security::createNonce($ip); $message[] = sprintf(__('Add to the local blacklist: %s'), $blacklisturl); AVH_Common::sendMail($to, $subject, $message, $this->_settings->getSetting('mail_footer')); } // Only keep track if we have the ability to report add Stop Forum Spam if ('' != $sfs_apikey && !empty($commentdata['comment_author_email'])) { // Prevent a spam attack to overflow the database. if (!$this->_checkDbNonces($q['_avhnonce'])) { $option = get_option($this->_core->getDbNonces()); $option[$q['_avhnonce']] = $q['a'] . $q['e'] . $q['i']; update_option($this->_core->getDbNonces(), $option); } } $m = __('<p>Cheating huh</p>', 'avh-fdas'); $m .= __('<p>Protected by: AVH First Defense Against Spam</p>', 'avh-fdas'); if ($this->_core->getOptionElement('php', 'usehoneypot')) { $m .= $this->_spamcheck->getHtmlHoneyPotUrl(); } wp_die($m); } } } return $commentdata; }
/** * Handle a spammer found in the IP cache * */ private function _handleSpammerCache() { if ($this->_core_options['ipcache']['email']) { // General part of the email $to = get_option('admin_email'); $subject = sprintf('[%s] AVH First Defense Against Spam - ' . __('Spammer detected [%s]', 'avh-fdas'), wp_specialchars_decode(get_option('blogname'), ENT_QUOTES), $this->_visiting_ip); $message = array(); $message[] = sprintf(__('Spam IP: %s', 'avh-fdas'), $this->_visiting_ip); $message[] = $this->_accessing; $message[] = ''; $message[] = __('IP exists in the cache', 'avh-fdas'); $message[] = ' ' . sprintf(__('Check took: %s', 'avh-fdas'), $this->_spaminfo['cache']['time']); $message[] = ''; // General End $blacklisturl = admin_url('admin.php?action=blacklist&i=') . $this->_visiting_ip . '&_avhnonce=' . AVH_Security::createNonce($this->_visiting_ip); $message[] = sprintf(__('Add to the local blacklist: %s'), $blacklisturl); AVH_Common::sendMail($to, $subject, $message, $this->_settings->getSetting('mail_footer')); } // Update the counter $this->_updateSpamCounter(); // Update Last seen value $this->_ipcachedb->updateIpCache(array('ip' => $this->_visiting_ip, 'lastseen' => current_time('mysql'))); // Terminate the connection $this->_doTerminateConnection(); }