public static function ajax_logHuman_callback()
{
self::getLog()->canLogHit = false;
$UA = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
$isCrawler = false;
if ($UA) {
if (wfCrawl::isCrawler($UA) || wfCrawl::isGoogleCrawler()) {
$isCrawler = true;
}
}
@ob_end_clean();
if (!headers_sent()) {
header('Content-type: text/javascript');
header("Connection: close");
header("Content-Length: 0");
header("X-Robots-Tag: noindex");
if (!$isCrawler && !wfConfig::get('disableCookies')) {
setcookie('wordfence_verifiedHuman', self::getLog()->getVerifiedHumanCookieValue($UA, wfUtils::getIP()), time() + 86400, '/');
}
}
flush();
if (!$isCrawler) {
$hid = $_GET['hid'];
$hid = wfUtils::decrypt($hid);
if (!preg_match('/^\\d+$/', $hid)) {
exit;
}
$db = new wfDB();
global $wpdb;
$p = $wpdb->base_prefix;
$db->queryWrite("update {$p}" . "wfHits set jsRun=1 where id=%d", $hid);
}
die("");
}
public function logLeechAndBlock($type)
{
//404 or hit
if (wfConfig::get('firewallEnabled')) {
//Moved the following block into the "is fw enabled section" for optimization.
$IP = wfUtils::getIP();
$IPnum = wfUtils::inet_pton($IP);
if ($this->isWhitelisted($IP)) {
return;
}
if (wfConfig::get('neverBlockBG') == 'neverBlockUA' && wfCrawl::isGoogleCrawler()) {
return;
}
if (wfConfig::get('neverBlockBG') == 'neverBlockVerified' && wfCrawl::isVerifiedGoogleCrawler()) {
return;
}
if ($type == '404') {
$allowed404s = wfConfig::get('allowed404s');
if (is_string($allowed404s)) {
$allowed404s = array_filter(explode("\n", $allowed404s));
$allowed404sPattern = '';
foreach ($allowed404s as $allowed404) {
$allowed404sPattern .= preg_replace('/\\\\\\*/', '.*?', preg_quote($allowed404, '/')) . '|';
}
$uri = $_SERVER['REQUEST_URI'];
if (($index = strpos($uri, '?')) !== false) {
$uri = substr($uri, 0, $index);
}
if ($allowed404sPattern && preg_match('/^' . substr($allowed404sPattern, 0, -1) . '$/i', $uri)) {
return;
}
}
}
if ($type == '404') {
$table = $this->scanTable;
} else {
if ($type == 'hit') {
$table = $this->leechTable;
} else {
wordfence::status(1, 'error', "Invalid type to logLeechAndBlock(): {$type}");
return;
}
}
$this->getDB()->queryWrite("insert into {$table} (eMin, IP, hits) values (floor(unix_timestamp() / 60), %s, 1) ON DUPLICATE KEY update hits = IF(@wfcurrenthits := hits + 1, hits + 1, hits + 1)", wfUtils::inet_pton($IP));
$hitsPerMinute = $this->getDB()->querySingle("select @wfcurrenthits");
//end block moved into "is fw enabled" section
//Range blocking was here. Moved to wordfenceClass::veryFirstAction
if (wfConfig::get('blockFakeBots')) {
if (wfCrawl::isGooglebot() && !wfCrawl::verifyCrawlerPTR($this->googlePattern, $IP)) {
$this->blockIP($IP, "Fake Google crawler automatically blocked");
wordfence::status(2, 'info', "Blocking fake Googlebot at IP {$IP}");
}
}
if (wfConfig::get('bannedURLs', false)) {
$URLs = explode(',', wfConfig::get('bannedURLs'));
foreach ($URLs as $URL) {
if ($_SERVER['REQUEST_URI'] == trim($URL)) {
$this->blockIP($IP, "Accessed a banned URL.");
$this->do503(3600, "Accessed a banned URL.");
//exits
}
}
}
if (wfConfig::get('maxGlobalRequests') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxGlobalRequests')) {
//Applies to 404 or pageview
$this->takeBlockingAction('maxGlobalRequests', "Exceeded the maximum global requests per minute for crawlers or humans.");
}
if ($type == '404') {
global $wpdb;
$p = $wpdb->base_prefix;
if (wfConfig::get('other_WFNet')) {
$this->getDB()->queryWrite("insert IGNORE into {$p}" . "wfNet404s (sig, ctime, URI) values (UNHEX(MD5('%s')), unix_timestamp(), '%s')", $_SERVER['REQUEST_URI'], $_SERVER['REQUEST_URI']);
}
$pat = wfConfig::get('vulnRegex');
if ($pat) {
$URL = wfUtils::getRequestedURL();
if (preg_match($pat, $URL)) {
$this->getDB()->queryWrite("insert IGNORE into {$p}" . "wfVulnScanners (IP, ctime, hits) values (%s, unix_timestamp(), 1) ON DUPLICATE KEY UPDATE ctime = unix_timestamp(), hits = hits + 1", wfUtils::inet_pton($IP));
if (wfConfig::get('maxScanHits') != 'DISABLED') {
if (empty($_SERVER['HTTP_REFERER'])) {
$this->getDB()->queryWrite("insert into " . $this->badLeechersTable . " (eMin, IP, hits) values (floor(unix_timestamp() / 60), %s, 1) ON DUPLICATE KEY update hits = IF(@wfblcurrenthits := hits + 1, hits + 1, hits + 1)", $IPnum);
$BL_hitsPerMinute = $this->getDB()->querySingle("select @wfblcurrenthits");
if ($BL_hitsPerMinute > wfConfig::get('maxScanHits')) {
$this->takeBlockingAction('maxScanHits', "Exceeded the maximum number of 404 requests per minute for a known security vulnerability.");
}
}
}
}
}
}
if (wfConfig::get('other_blockBadPOST') == '1' && $_SERVER['REQUEST_METHOD'] == 'POST' && empty($_SERVER['HTTP_USER_AGENT']) && empty($_SERVER['HTTP_REFERER'])) {
$this->blockIP($IP, "POST received with blank user-agent and referer");
$this->do503(3600, "POST received with blank user-agent and referer");
//exits
}
if (isset($_SERVER['HTTP_USER_AGENT']) && wfCrawl::isCrawler($_SERVER['HTTP_USER_AGENT'])) {
if ($type == 'hit' && wfConfig::get('maxRequestsCrawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsCrawlers')) {
$this->takeBlockingAction('maxRequestsCrawlers', "Exceeded the maximum number of requests per minute for crawlers.");
//may not exit
} else {
if ($type == '404' && wfConfig::get('max404Crawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('max404Crawlers')) {
$this->takeBlockingAction('max404Crawlers', "Exceeded the maximum number of page not found errors per minute for a crawler.");
}
}
} else {
if ($type == 'hit' && wfConfig::get('maxRequestsHumans') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsHumans')) {
$this->takeBlockingAction('maxRequestsHumans', "Exceeded the maximum number of page requests per minute for humans.");
} else {
if ($type == '404' && wfConfig::get('max404Humans') != 'DISABLED' && $hitsPerMinute > wfConfig::get('max404Humans')) {
$this->takeBlockingAction('max404Humans', "Exceeded the maximum number of page not found errors per minute for humans.");
}
}
}
}
}
public function logLeechAndBlock($type)
{
//404 or hit
if (wfConfig::get('firewallEnabled')) {
//Moved the following block into the "is fw enabled section" for optimization.
$IP = wfUtils::getIP();
$IPnum = wfUtils::inet_aton($IP);
if ($this->isWhitelisted($IP)) {
return;
}
if ($type == '404') {
$table = $this->scanTable;
} else {
if ($type == 'hit') {
$table = $this->leechTable;
} else {
wordfence::status(1, 'error', "Invalid type to logLeechAndBlock(): {$type}");
return;
}
}
$this->getDB()->queryWrite("insert into {$table} (eMin, IP, hits) values (floor(unix_timestamp() / 60), %s, 1) ON DUPLICATE KEY update hits = IF(@wfcurrenthits := hits + 1, hits + 1, hits + 1)", wfUtils::inet_aton($IP));
$hitsPerMinute = $this->getDB()->querySingle("select @wfcurrenthits");
//end block moved into "is fw enabled" section
//Range blocking was here. Moved to wordfenceClass::veryFirstAction
if (wfConfig::get('blockFakeBots')) {
if (wfCrawl::isGooglebot() && !wfCrawl::verifyCrawlerPTR($this->googlePattern, $IP)) {
$this->blockIP($IP, "Fake Google crawler automatically blocked");
wordfence::status(2, 'info', "Blocking fake Googlebot at IP {$IP}");
}
}
if (wfConfig::get('maxGlobalRequests') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxGlobalRequests')) {
//Applies to 404 or pageview
$this->takeBlockingAction('maxGlobalRequests', "Exceeded the maximum global requests per minute for crawlers or humans.");
}
if ($type == '404') {
global $wpdb;
$p = $wpdb->base_prefix;
if (wfConfig::get('other_WFNet')) {
$this->getDB()->queryWrite("insert IGNORE into {$p}" . "wfNet404s (sig, ctime, URI) values (UNHEX(MD5('%s')), unix_timestamp(), '%s')", $_SERVER['REQUEST_URI'], $_SERVER['REQUEST_URI']);
}
$pat = wfConfig::get('vulnRegex');
if ($pat) {
$URL = wfUtils::getRequestedURL();
if (preg_match($pat, $URL)) {
$this->getDB()->queryWrite("insert IGNORE into {$p}" . "wfVulnScanners (IP, ctime, hits) values (INET_ATON('%s'), unix_timestamp(), 1) ON DUPLICATE KEY UPDATE ctime = unix_timestamp(), hits = hits + 1", $IP);
if (wfConfig::get('maxScanHits') != 'DISABLED') {
if (empty($_SERVER['HTTP_REFERER'])) {
$this->getDB()->queryWrite("insert into " . $this->badLeechersTable . " (eMin, IP, hits) values (floor(unix_timestamp() / 60), %s, 1) ON DUPLICATE KEY update hits = IF(@wfblcurrenthits := hits + 1, hits + 1, hits + 1)", $IPnum);
$BL_hitsPerMinute = $this->getDB()->querySingle("select @wfblcurrenthits");
if ($BL_hitsPerMinute > wfConfig::get('maxScanHits')) {
$this->takeBlockingAction('maxScanHits', "Exceeded the maximum number of 404 requests per minute for a known security vulnerability.");
}
}
}
}
}
}
if (isset($_SERVER['HTTP_USER_AGENT']) && wfCrawl::isCrawler($_SERVER['HTTP_USER_AGENT'])) {
if ($type == 'hit' && wfConfig::get('maxRequestsCrawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsCrawlers')) {
$this->takeBlockingAction('maxRequestsCrawlers', "Exceeded the maximum number of requests per minute for crawlers.");
//may not exit
} else {
if ($type == '404' && wfConfig::get('max404Crawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('max404Crawlers')) {
$this->takeBlockingAction('max404Crawlers', "Exceeded the maximum number of page not found errors per minute for a crawler.");
}
}
} else {
if ($type == 'hit' && wfConfig::get('maxRequestsHumans') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsHumans')) {
$this->takeBlockingAction('maxRequestsHumans', "Exceeded the maximum number of page requests per minute for humans.");
} else {
if ($type == '404' && wfConfig::get('max404Humans') != 'DISABLED' && $hitsPerMinute > wfConfig::get('max404Humans')) {
$this->takeBlockingAction('max404Humans', "Exceeded the maximum number of page not found errors per minute for humans.");
}
}
}
}
}
