public function process($ip, &$stats = array(), &$options = array(), &$post = array())
{
$email = $post['email'];
//$p=print_r($post,true);
//if ($post['email']=='*****@*****.**') {
//return false; // use to test plugin
//}
// can't ever block local server because of cron jobs
$ip = kpg_get_ip();
// we are losing ip occasionally
// for addons
$addons = array();
$addons = apply_filters('kpg_ss_addons_allow', $addons);
// these are the allow before addons
// returns array
//[0]=class location,[1]=class name (also used as counter),[2]=addon name,
//[3]=addon author, [4]=addon description
if (!empty($addons) && is_array($addons)) {
foreach ($addons as $add) {
if (!empty($add) && is_array($add)) {
$reason = be_load($add);
if ($reason !== false) {
// need to log a passed hit on post here.
kpg_ss_log_good(kpg_get_ip(), $reason, $add[1], $add);
// aded get ip because it might be altered
return $reason;
}
}
}
}
// checks the list of Allow List items according to the options being set
// if cloudflare or ip is local then the deny tests for ips are not done.
$actions = array('chkcloudflare', 'chkadminlog', 'chkaws', 'chkgcache', 'chkgenallowlist', 'chkgoogle', 'chkmiscallowlist', 'chkpaypal', 'chkscripts', 'chkwlem', 'chkwluserid', 'chkwlist', 'chkyahoomerchant');
foreach ($actions as $chk) {
if ($options[$chk] == 'Y') {
$reason = be_load($chk, kpg_get_ip(), $stats, $options, $post);
if ($reason !== false) {
// need to log a passed hit on post here.
kpg_ss_log_good(kpg_get_ip(), $reason, $chk);
return $reason;
}
} else {
//sfs_debug_msg('no wl check '.$chk);
}
}
// these are the allow after addons
// returns array
//[0]=class location,[1]=class name (also used as counter),[2]=addon name,
//[3]=addon author, [4]=addon description
return false;
}
public function process($ip, &$stats = array(), &$options = array(), &$post = array())
{
// load the chk404 module
if ($options['chk404'] !== 'Y') {
return false;
}
$reason = be_load('chk404', $ip);
if ($reason === false) {
return;
}
// update log
kpg_ss_log_bad($ip, $reason, 'chk404');
// need to deny access
$rejectmessage = $options['rejectmessage'];
wp_die("{$rejectmessage}", "Login Access Denied", array('response' => 403));
exit;
}
public function process($ip, &$stats = array(), &$options = array(), &$post = array())
{
// does all of the post checks.
// these are the deny before addons
// returns array
//[0]=class location,[1]=class name (also used as counter),[2]=addon name,
//[3]=addon author, [4]=addon description
$addons = array();
$addons = apply_filters('kpg_ss_addons_deny', $addons);
if (!empty($addons) && is_array($addons)) {
foreach ($addons as $add) {
if (!empty($add) && is_array($add)) {
$reason = be_load($add, kpg_get_ip(), $stats, $options, $post);
if ($reason !== false) {
// need to log a passed hit on post here.
kpg_ss_log_bad(kpg_get_ip(), $reason, $add[1], $add);
exit;
}
}
}
}
// here on a post only so it will not check GET vars.
$noipactions = array('chkagent', 'chkbbcode', 'chkblem', 'chkbluserid', 'chkdisp', 'chkexploits', 'chklong', 'chkreferer', 'chksession', 'chkspamwords', 'chktld', 'chkaccept', 'chkadmin');
$actions = array('chkamazon', 'chkbcache', 'chkblip', 'chkdisp', 'chkhosting', 'chkinvalidip', 'chkubiquity', 'chkmulti', 'chkgooglesafe', 'chkAD', 'chkAE', 'chkAF', 'chkAL', 'chkAM', 'chkAR', 'chkAT', 'chkAU', 'chkAX', 'chkAZ', 'chkBA', 'chkBB', 'chkBD', 'chkBE', 'chkBG', 'chkBH', 'chkBN', 'chkBO', 'chkBR', 'chkBS', 'chkBY', 'chkBZ', 'chkCA', 'chkCD', 'chkCH', 'chkCL', 'chkCN', 'chkCO', 'chkCR', 'chkCU', 'chkCW', 'chkCY', 'chkCZ', 'chkDE', 'chkDK', 'chkDO', 'chkDZ', 'chkEC', 'chkEE', 'chkES', 'chkEU', 'chkFI', 'chkFJ', 'chkFR', 'chkGB', 'chkGE', 'chkGF', 'chkGI', 'chkGP', 'chkGR', 'chkGT', 'chkGU', 'chkGY', 'chkHK', 'chkHN', 'chkHR', 'chkHT', 'chkHU', 'chkID', 'chkIE', 'chkIL', 'chkIN', 'chkIQ', 'chkIR', 'chkIS', 'chkIT', 'chkJM', 'chkJO', 'chkJP', 'chkKE', 'chkKG', 'chkKH', 'chkKR', 'chkKW', 'chkKY', 'chkKZ', 'chkLA', 'chkLB', 'chkLK', 'chkLT', 'chkLU', 'chkLV', 'chkMD', 'chkME', 'chkMK', 'chkMM', 'chkMN', 'chkMO', 'chkMP', 'chkMQ', 'chkMT', 'chkMV', 'chkMX', 'chkMY', 'chkNC', 'chkNI', 'chkNL', 'chkNO', 'chkNP', 'chkNZ', 'chkOM', 'chkPA', 'chkPE', 'chkPG', 'chkPH', 'chkPK', 'chkPL', 'chkPR', 'chkPS', 'chkPT', 'chkPW', 'chkPY', 'chkQA', 'chkRO', 'chkRS', 'chkRU', 'chkSA', 'chkSC', 'chkSE', 'chkSG', 'chkSI', 'chkSK', 'chkSV', 'chkSX', 'chkSY', 'chkTH', 'chkTJ', 'chkTM', 'chkTR', 'chkTT', 'chkTW', 'chkUA', 'chkUK', 'chkUS', 'chkUY', 'chkUZ', 'chkVC', 'chkVE', 'chkVN', 'chkYE', 'chksfs', 'chkhoney', 'chkbotscout', 'chkdnsbl');
$chk = '';
// start with the no ip list
foreach ($noipactions as $chk) {
if ($options[$chk] == 'Y') {
$reason = be_load($chk, kpg_get_ip(), $stats, $options, $post);
if ($reason !== false) {
break;
}
}
}
if ($reason === false) {
// check for a valid ip - if ip is valid we can do the ip checks
$actionvalid = array('chkvalidip');
// took out the cloudflare exclusion
foreach ($actionvalid as $chk) {
$reason = be_load($chk, kpg_get_ip(), $stats, $options, $post);
if ($reason !== false) {
break;
}
}
// if the ip is valid reason will be false
if ($reason !== false) {
return false;
}
}
if ($reason === false) {
foreach ($actions as $chk) {
if ($options[$chk] == 'Y') {
$reason = be_load($chk, kpg_get_ip(), $stats, $options, $post);
if ($reason !== false) {
break;
}
}
}
}
//sfs_debug_msg("check post $ip, ".print_r($post,true));
if (array_key_exists('email', $post) && $post['email'] == '*****@*****.**') {
$post['reason'] = "testing IP - will always be blocked";
// use to test plugin
be_load('kpg_ss_challenge', kpg_get_ip(), $stats, $options, $post);
return;
}
// these are the deny after addons
// returns array
//[0]=class location,[1]=class name (also used as counter),[2]=addon name,
//[3]=addon author, [4]=addon description
if ($reason === false) {
return false;
}
// here because we have a spammer that's been caught
kpg_ss_log_bad(kpg_get_ip(), $reason, $chk);
exit;
}
public function process($ip, &$stats = array(), &$options = array(), &$post = array())
{
extract($stats);
extract($post);
$sname = $this->getSname();
$now = date('Y/m/d H:i:s', time() + get_option('gmt_offset') * 3600);
// updates counters. Adds to log list. Adds to bad cache. Then updates stats when done
// start with the counters - does some extra checks in case the stats file gets corrupted
if (array_key_exists('spcount', $stats)) {
$stats['spcount']++;
} else {
$stats['spcount'] = 1;
}
if (array_key_exists('spmcount', $stats)) {
$stats['spmcount']++;
} else {
$stats['spmcount'] = 1;
}
if (array_key_exists('cnt' . $chk, $stats)) {
$stats['cnt' . $chk]++;
} else {
$stats['cnt' . $chk] = 1;
}
// now the cache - need to purge it for time and length
$kpg_sp_cache = $options['kpg_sp_cache'];
$badips[$ip] = $now;
asort($badips);
while (count($badips) > $kpg_sp_cache) {
array_shift($badips);
}
$nowtimeout = date('Y/m/d H:i:s', time() - 4 * 3600 + get_option('gmt_offset') * 3600);
foreach ($badips as $key => $data) {
if ($data < $nowtimeout) {
unset($badips[$key]);
}
}
$stats['badips'] = $badips;
// now we need to log the ip and reason
$blog = '';
if (function_exists('is_multisite') && is_multisite()) {
global $blog_id;
if (!isset($blog_id) || $blog_id != 1) {
$blog = $blog_id;
}
}
//
$kpg_sp_hist = $options['kpg_sp_hist'];
while (count($hist) > $kpg_sp_hist) {
array_shift($hist);
}
if (!empty($pwd)) {
$author = $author . '/' . $pwd;
}
$hist[$now] = array($ip, $email, $author, $sname, $reason, $blog);
$stats['hist'] = $hist;
if (array_key_exists('addon', $post)) {
kpg_ss_set_stats($stats, $post['addon']);
} else {
kpg_ss_set_stats($stats);
}
// we can report the spam to addons here
do_action('kpg_stop_spam_caught', $ip, $post);
// post has the chk and reason in the array plus all the other info
be_load('kpg_ss_challenge', $ip, $stats, $options, $post);
exit;
}
<?php
// get a list of all the addons using the filter
$addons = array();
$a1 = apply_filters('kpg_ss_addons_allow', $addons);
$a3 = apply_filters('kpg_ss_addons_deny', $addons);
$a5 = apply_filters('kpg_ss_addons_get', $addons);
$addons = array_merge($a1, $a3, $a5);
if (empty($addons)) {
echo "No addons installed<br";
} else {
?>
<fieldset style="border:thin solid black;padding:6px;width:100%;">
<legend><span style="font-weight:bold;font-size:1.2em" >Installed Addons</span></legend>
<ol>
<?php
foreach ($addons as $add) {
$ad0 = $add[0];
$ad1 = $add[1];
$ad2 = $add[2];
$ad3 = $add[3];
$reason = be_load($add, $ad1);
echo "<li>{$ad1}: by {$ad2}, {$ad3}</li>";
}
?>
</ol>
</fieldset>
<?php
}
?>
</div>
</form>
</fieldset>
<?php
}
$ip = kpg_get_ip();
?>
<p>Your current IP address is: <span style="font-weight:bold;font-size:1.1em;"><?php
echo $ip;
?>
.</span><p>
<?php
// check the ip to see if we are local
$ansa = be_load('chkvalidip', kpg_get_ip());
if ($ansa == false) {
$ansa = be_load('chkcloudflare', kpg_get_ip());
}
if ($ansa !== false) {
?>
<p>This address is invalid for testing for the following reason:
<span style="font-weight:bold;font-size:1.2em;"><?php
echo $ansa;
?>
</span>.<br>
If you working on a local installation of Wordpress, this might be OK. However, if the plugin reports that your IP is invalid it may be because you are using CloudFlare or a proxy server to access this page. This will make it impossible for the plugin to check IP addresses. You may want to go to the Stop Spammers Testing menu option in order to test all possible reasons that your IP is not appearing as the IP of the machine that your using to browse this site.<br>
It is possible to use the plugin if this problem appears, but most checking functions will be turned off. The plugin will still perform spam checks which do not require an IP.<br>
If the error says that this is a CloudFlare ip address, you can fix this by installing the cloudflare plugin. If you use CloudFlare to protect and speed up your site then you MUST install the CloudFlare plugin. This plugin will be crippled until you install it.
<p>
<?php
}
*/
echo $show;
?>
</td>
<?php
}
?>
<?php
if (count($goodips) > 0) {
arsort($goodips);
?>
<td style="border:1px solid black;font-size:.88em;padding:3px;" valign="top" id="goodips"><?php
// use the be_load to get badips
$options = kpg_ss_get_options();
$stats = kpg_ss_get_stats();
$show = be_load('kpg_ss_get_gcache', 'x', $stats, $options);
/*$show='';
$cont='goodips';
foreach ($goodips as $key => $value) {
$show.="<a href=\"http://www.stopforumspam.com/search?q=$key\" target=\"_stopspam\">$key: $value</a> ";
// try ajax on the delete from bad cache
$onclick="onclick=\"sfs_ajax_process('$key','$cont','delete_gcache','$ajaxurl');return false;\"";
$show.=" <a href=\"\" $onclick title=\"Delete $key from Cache\" alt=\"Delete $key from Cache\" ><img src=\"$trash\" width=\"16px\" /></a> ";
$onclick="onclick=\"sfs_ajax_process('$key','$cont','add_black','$ajaxurl');return false;\"";
$show.=" <a href=\"\" $onclick title=\"Add to $key Deny List\" alt=\"Add to Deny List\" ><img src=\"$tdown\" width=\"16px\" /></a> ";
$onclick="onclick=\"sfs_ajax_process('$key','$cont','add_white','$ajaxurl');return false;\"";
$show.=" <a href=\"\" $onclick title=\"Add to $key Allow List\" alt=\"Add to Allow List\" ><img src=\"$tup\" width=\"16px\" /></a> ";
$show.="<br/>";
}
*/
echo $show;
echo "</ul>";
}
$m1 = memory_get_usage(true);
$m2 = memory_get_peak_usage(true);
echo "<br>Memory used, peak: {$m1}, {$m2}<br>";
}
if (array_key_exists('testcountry', $_POST)) {
$optionlist = array('chkAD', 'chkAE', 'chkAF', 'chkAL', 'chkAM', 'chkAR', 'chkAT', 'chkAU', 'chkAX', 'chkAZ', 'chkBA', 'chkBB', 'chkBD', 'chkBE', 'chkBG', 'chkBH', 'chkBN', 'chkBO', 'chkBR', 'chkBS', 'chkBY', 'chkBZ', 'chkCA', 'chkCD', 'chkCH', 'chkCL', 'chkCN', 'chkCO', 'chkCR', 'chkCU', 'chkCW', 'chkCY', 'chkCZ', 'chkDE', 'chkDK', 'chkDO', 'chkDZ', 'chkEC', 'chkEE', 'chkES', 'chkEU', 'chkFI', 'chkFJ', 'chkFR', 'chkGB', 'chkGE', 'chkGF', 'chkGI', 'chkGP', 'chkGR', 'chkGT', 'chkGU', 'chkGY', 'chkHK', 'chkHN', 'chkHR', 'chkHT', 'chkHU', 'chkID', 'chkIE', 'chkIL', 'chkIN', 'chkIQ', 'chkIR', 'chkIS', 'chkIT', 'chkJM', 'chkJO', 'chkJP', 'chkKE', 'chkKG', 'chkKH', 'chkKR', 'chkKW', 'chkKY', 'chkKZ', 'chkLA', 'chkLB', 'chkLK', 'chkLT', 'chkLU', 'chkLV', 'chkMD', 'chkME', 'chkMK', 'chkMM', 'chkMN', 'chkMO', 'chkMP', 'chkMQ', 'chkMT', 'chkMV', 'chkMX', 'chkMY', 'chkNC', 'chkNI', 'chkNL', 'chkNO', 'chkNP', 'chkNZ', 'chkOM', 'chkPA', 'chkPE', 'chkPG', 'chkPH', 'chkPK', 'chkPL', 'chkPR', 'chkPS', 'chkPT', 'chkPW', 'chkPY', 'chkQA', 'chkRO', 'chkRS', 'chkRU', 'chkSA', 'chkSC', 'chkSE', 'chkSG', 'chkSI', 'chkSK', 'chkSV', 'chkSX', 'chkSY', 'chkTH', 'chkTJ', 'chkTM', 'chkTR', 'chkTT', 'chkTW', 'chkUA', 'chkUK', 'chkUS', 'chkUY', 'chkUZ', 'chkVC', 'chkVE', 'chkVN', 'chkYE');
//KE - Kenya
//chkMA missing
//SC - Seychelles
$m1 = memory_get_usage(true);
$m2 = memory_get_peak_usage(true);
echo "<br>Memory used, peak: {$m1}, {$m2}<br>";
foreach ($optionlist as $chk) {
$ansa = be_load($chk, $ip, $stats, $options, $post);
if (empty($ansa)) {
$ansa = 'OK';
}
echo "{$chk} : {$ansa}<br>";
}
$m1 = memory_get_usage(true);
$m2 = memory_get_peak_usage(true);
echo "<br>Memory used, peak: {$m1}, {$m2}<br>";
}
}
?>
</fieldset>
<div style="width:50%;float:left;">
<h3>Display All Options</h3>
<input type="hidden" name="kpg_stop_clear_wlreq" value="true" />
<p class="submit">
<input class="button-primary" value="Clear the Requests" type="submit" />
</p>
</form>
<?php
?>
<table style="background-color:#eeeeee;" cellspacing="2">
<thead>
<tr style="background-color:ivory;text-align:center;"><th>Time</th><th>IP</th><th>Email</th><th>Reason</th><th>url</th></tr>
</thead>
<tbody id="wlreq">
<?php
$show = '';
$cont = 'wlreqs';
// wlrequs has an array of arrays
//
// time,ip,email,author,reasion,info,sname
//time,ip,email,author,reasion,info,sname
// use the be_load to get badips
$options = kpg_ss_get_options();
$stats = kpg_ss_get_stats();
$show = be_load('kpg_ss_get_alreq', 'x', $stats, $options);
echo $show;
?>
</tbody>
</table>
<?php
}
function sfs_handle_ajax_sfs_process_watch($data)
{
// anything in data? never
// get the things out of the get
// check for valid get
if (!array_key_exists('func', $_GET)) {
echo "func not found";
exit;
}
$trash = KPG_SS_PLUGIN_URL . 'images/trash.png';
$tdown = KPG_SS_PLUGIN_URL . 'images/tdown.png';
$tup = KPG_SS_PLUGIN_URL . 'images/tup.png';
// fix this
$whois = KPG_SS_PLUGIN_URL . 'images/whois.png';
// fix this
$ip = $_GET['ip'];
$container = $_GET['cont'];
$func = $_GET['func'];
//echo "error $ip, $func, $container,".print_r($_GET,true);exit();
// container is blank, goodips, badips or log
// func is add_black, add_white, delete_gcache or delete_bcache
$options = kpg_ss_get_options();
$stats = kpg_ss_get_stats();
//$stats,$options);
$ansa = array();
switch ($func) {
case 'delete_gcache':
// deletes a good cache item
$ansa = be_load('kpg_ss_remove_gcache', $ip, $stats, $options);
$show = be_load('kpg_ss_get_gcache', 'x', $stats, $options);
echo $show;
exit;
break;
case 'delete_bcache':
// deletes a bad cache item
$ansa = be_load('kpg_ss_remove_bcache', $ip, $stats, $options);
$show = be_load('kpg_ss_get_bcache', 'x', $stats, $options);
echo $show;
exit;
break;
case 'add_black':
if ($container == 'badips') {
be_load('kpg_ss_remove_bcache', $ip, $stats, $options);
} else {
if ($container == 'goodips') {
be_load('kpg_ss_remove_gcache', $ip, $stats, $options);
} else {
// wlreq
be_load('kpg_ss_remove_bcache', $ip, $stats, $options);
be_load('kpg_ss_remove_gcache', $ip, $stats, $options);
}
}
be_load('kpg_ss_addtodenylist', $ip, $stats, $options);
break;
case 'add_white':
if ($container == 'badips') {
be_load('kpg_ss_remove_bcache', $ip, $stats, $options);
} else {
if ($container == 'goodips') {
be_load('kpg_ss_remove_gcache', $ip, $stats, $options);
} else {
be_load('kpg_ss_remove_bcache', $ip, $stats, $options);
be_load('kpg_ss_remove_gcache', $ip, $stats, $options);
}
}
be_load('kpg_ss_addtoallowlist', $ip, $stats, $options);
// if it is not good or bad ip we don't need the container as it is the log
break;
case 'delete_wl_row':
// this is from the allow request list
$ansa = be_load('kpg_ss_get_alreq', $ip, $stats, $options);
echo $ansa;
exit;
break;
case 'delete_wlip':
// this is from the allow request list
$ansa = be_load('kpg_ss_get_alreq', $ip, $stats, $options);
echo $ansa;
exit;
break;
case 'delete_wlem':
// this is from the allow request list
$ansa = be_load('kpg_ss_get_alreq', $ip, $stats, $options);
echo $ansa;
exit;
break;
default:
echo "\r\n\r\nUnrecognized function '{$func}'";
exit;
}
$ajaxurl = admin_url('admin-ajax.php');
$cachedel = 'delete_gcache';
switch ($container) {
case 'badips':
$show = be_load('kpg_ss_get_bcache', 'x', $stats, $options);
echo $show;
exit;
break;
case 'goodips':
$show = be_load('kpg_ss_get_gcache', 'x', $stats, $options);
echo $show;
exit;
break;
case 'wlreq':
$ansa = be_load('kpg_ss_get_alreq', $ip, $stats, $options);
echo $ansa;
exit;
default:
// coming from logs report we need to display an appropriate message, I think
echo "OK OK OK something is missing {$container} ";
exit;
}
}
function kpg_ss_check_white_block()
{
sfs_errorsonoff();
$options = kpg_ss_get_options();
$stats = kpg_ss_get_stats();
$post = get_post_variables();
$post['block'] = true;
$ansa = be_load('kpg_ss_check_white', kpg_get_ip(), $stats, $options, $post);
sfs_errorsonoff('off');
return $ansa;
}
function kpg_ss_user_reg_filter($user_login)
{
// the plugin should be all initialized
// check the ip, etc.
sfs_errorsonoff();
$options = kpg_ss_get_options();
$stats = kpg_ss_get_stats();
// fake out the post variables
$post = get_post_variables();
$post['author'] = $user_login;
$post['addon'] = 'chkRegister';
// no really an addon - but may be moved out when working.
if ($options['filterregistrations'] != 'Y') {
remove_filter('pre_user_login', kpg_ss_user_reg_filter, 1);
sfs_errorsonoff('off');
return $user_login;
}
// if the suspect is already in the bad cache he does not get a second chance?
// prevents looping
$reason = be_load('chkbcache', kpg_get_ip(), $stats, $options, $post);
sfs_errorsonoff();
if ($reason !== false) {
$rejectmessage = $options['rejectmessage'];
$post['reason'] = 'Failed Registration: bad cache';
$host['chk'] = 'chkbcache';
$ansa = be_load('kpg_ss_log_bad', kpg_get_ip(), $stats, $options, $post);
wp_die("{$rejectmessage}", "Login Access Denied", array('response' => 403));
exit;
}
// check the white list
$reason = kpg_ss_check_white();
sfs_errorsonoff();
if ($reason !== false) {
$post['reason'] = 'passed registration:' . $reason;
$ansa = be_load('kpg_ss_log_good', kpg_get_ip(), $stats, $options, $post);
sfs_errorsonoff('off');
return $user_login;
}
// check the black list
//sfs_debug_msg("Checking black list on registration: /r/n".print_r($post,true));
$ret = be_load('kpg_ss_check_post', kpg_get_ip(), $stats, $options, $post);
$post['reason'] = 'Passed Registration ' . $ret;
$ansa = be_load('kpg_ss_log_good', kpg_get_ip(), $stats, $options, $post);
return $user_login;
}
