/**
* Quick-add an IP address to the blacklist.
*/
public function blacklistip_add()
{
$view = $this->getView();
$request = $this->getPageRequest();
$ban = new IpBlacklistModel();
$ban->set('ip_addr', $request->getParameter('ip_addr'));
$ban->set('message', 'Your IP address has been blocked from this site by the administrator!');
$form = new Form();
$form->set('callsmethod', 'SecurityController::SaveBlacklistIp');
$form->addModel($ban, 'model');
$form->addElement('submit', ['name' => 'submit', 'value' => 'Ban IP!']);
$view->title = 'Ban IP';
$view->assign('form', $form);
}
public function wpadmin()
{
$view = $this->getView();
$request = $this->getPageRequest();
if ($request->isPost()) {
// Did they actually try to submit this form?...... silly bot ;)
SystemLogModel::LogSecurityEvent('/wp-admin Honeypot POST', 'POST submission to /wp-admin detected!', print_r($_POST, true));
$expireback = new CoreDateTime();
$expireback->modify('+2 days');
$block = IpBlacklistModel::Find(['ip_addr = ' . REMOTE_IP . '/32'], 1);
if (!$block) {
$block = new IpBlacklistModel();
$block->set('ip_addr', REMOTE_IP . '/32');
}
$block->setFromArray(['expires' => $expireback->getFormatted('U', Time::TIMEZONE_GMT), 'message' => 'You tried to submit a wp-admin page.... this is not a WP site!', 'comment' => 'Bot or user submitted to wp-admin']);
$block->save();
} else {
// Just record the hit.
SystemLogModel::LogSecurityEvent('/wp-admin Honeypot GET', 'GET request to /wp-admin detected!');
}
$view->templatename = 'pages/wphoneypot/wpadmin.phtml';
$view->mastertemplate = false;
}
