function rs_wpss_comment_content_filter($commentdata, $spamshield_options) { /*** * Content Filter aka "The Algorithmic Layer" * Blocking the Obvious to Improve Human/Pingback/Trackback Defense ***/ /* Timer Start - Content Filter */ if (empty($commentdata['start_time_content_filter'])) { $wpss_start_time_content_filter = microtime(TRUE); $commentdata['start_time_content_filter'] = $wpss_start_time_content_filter; } $content_filter_status = $wpss_error_code = ''; /* Must go before tests */ rs_wpss_update_session_data($spamshield_options); /* TEST 0 - See if user has already been blacklisted this session */ if (!is_user_logged_in() && rs_wpss_ubl_cache()) { if (empty($content_filter_status)) { $content_filter_status = '3'; } /* 1.8 - Changed from '2' to '3' */ $wpss_error_code .= ' 0-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } $post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : ''; $post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs); /* CONTENT FILTERING - BEGIN */ $commentdata_comment_post_id = $commentdata['comment_post_ID']; $commentdata_comment_post_title = $commentdata['comment_post_title']; $commentdata_comment_post_title_lc = rs_wpss_casetrans('lower', $commentdata_comment_post_title); $commentdata_comment_post_title_lc_regex = rs_wpss_preg_quote($commentdata_comment_post_title_lc); $commentdata_comment_post_url = $commentdata['comment_post_url']; $commentdata_comment_post_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_post_url); $commentdata_comment_post_url_lc_regex = rs_wpss_preg_quote($commentdata_comment_post_url_lc); $commentdata_comment_post_type = $commentdata['comment_post_type']; /* Possible results: 'post', 'page', 'attachment', 'revision', 'nav_menu_item' */ /* Next two are boolean */ $commentdata_comment_post_comments_open = $commentdata['comment_post_comments_open']; $commentdata_comment_post_pings_open = $commentdata['comment_post_pings_open']; $commentdata_comment_author = $commentdata['comment_author']; $commentdata_comment_author_deslashed = stripslashes($commentdata_comment_author); $commentdata_comment_author_lc = rs_wpss_casetrans('lower', $commentdata_comment_author); $commentdata_comment_author_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_lc); $commentdata_comment_author_lc_words = rs_wpss_count_words($commentdata_comment_author_lc); $commentdata_comment_author_lc_space = ' ' . $commentdata_comment_author_lc . ' '; $commentdata_comment_author_lc_deslashed = stripslashes($commentdata_comment_author_lc); $commentdata_comment_author_lc_deslashed_regex = rs_wpss_preg_quote($commentdata_comment_author_lc_deslashed); $commentdata_comment_author_lc_deslashed_words = rs_wpss_count_words($commentdata_comment_author_lc_deslashed); $commentdata_comment_author_lc_deslashed_space = ' ' . $commentdata_comment_author_lc_deslashed . ' '; $commentdata_comment_author_email = $commentdata['comment_author_email']; $commentdata_comment_author_email_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_email); $commentdata_comment_author_email_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_email_lc); $commentdata_comment_author_url = $commentdata['comment_author_url']; $commentdata_comment_author_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_url); $commentdata_comment_author_url_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_url_lc); $commentdata_comment_author_url_domain_lc = rs_wpss_get_domain($commentdata_comment_author_url_lc); $commentdata_comment_content = $commentdata['comment_content']; $commentdata_comment_content_lc = rs_wpss_casetrans('lower', $commentdata_comment_content); $commentdata_comment_content_lc_deslashed = stripslashes($commentdata_comment_content_lc); $commentdata_comment_content_extracted_urls = rs_wpss_parse_links($commentdata_comment_content_lc_deslashed, 'url'); /* Parse comment content for all URLs */ $commentdata_comment_content_extracted_urls_at = rs_wpss_parse_links($commentdata_comment_content_lc_deslashed, 'url_at'); /* Parse comment content for Anchor Text Link URLs */ $commentdata_comment_content_num_links = count($commentdata_comment_content_extracted_urls); /* Count extracted URLS from body content - Added 1.8.4 */ $commentdata_comment_content_num_limit = 3; /* Max number of links in comment body content */ $replace_apostrophes = array('’', '`', '´', '`', ''', '`', 'e', '‘', '’', 'ž', '´', 'Ï', 'Ð', '‘', '’'); $commentdata_comment_content_lc_norm_apost = str_replace($replace_apostrophes, "'", $commentdata_comment_content_lc_deslashed); $commentdata_comment_type = $commentdata['comment_type']; /* if( $commentdata_comment_type !== 'pingback' && $commentdata_comment_type !== 'trackback' ) { $commentdata_comment_type = 'comment'; } */ $commentdata_user_agent = rs_wpss_get_user_agent(TRUE, FALSE); $commentdata_user_agent_lc = rs_wpss_casetrans('lower', $commentdata_user_agent); $user_http_accept = rs_wpss_get_http_accept(TRUE, TRUE); $user_http_accept_language = rs_wpss_get_http_accept(TRUE, TRUE, TRUE); $commentdata_remote_addr = rs_wpss_get_ip_addr(); $commentdata_remote_addr_regex = rs_wpss_preg_quote($commentdata_remote_addr); $commentdata_remote_addr_lc = rs_wpss_casetrans('lower', $commentdata_remote_addr); $commentdata_remote_addr_lc_regex = rs_wpss_preg_quote($commentdata_remote_addr_lc); $commentdata_referrer = rs_wpss_get_referrer(); $commentdata_referrer_lc = rs_wpss_casetrans('lower', $commentdata_referrer); $commentdata_php_self = $_SERVER['PHP_SELF']; $commentdata_php_self_lc = rs_wpss_casetrans('lower', $commentdata_php_self); $blog_server_ip = WPSS_SERVER_ADDR; $blog_server_name = WPSS_SERVER_NAME; /* IP / PROXY INFO - BEGIN */ global $wpss_ip_proxy_info; if (empty($wpss_ip_proxy_info)) { $wpss_ip_proxy_info = rs_wpss_ip_proxy_info(); } extract($wpss_ip_proxy_info); /* IP / PROXY INFO - END */ /*** * Post Type Filter - INVALTY * Removed V 1.1.7 - Found Exception ***/ /* Simple Filters */ /* BEING DEPRECATED... */ $blacklist_word_combo_total_limit = 10; /* you may increase to 30+ if blog's topic is adult in nature - DEPRECATED */ $blacklist_word_combo_total = 0; /* Body Content - Check for excessive number of links in message ( body_content ) - 1.8.4 */ if ($commentdata_comment_content_num_links > $commentdata_comment_content_num_limit) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 1-HT'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /*** * Authors Only - Non-Trackback * Removed Filters 300-423 and replaced with Regex ***/ /* Author Blacklist Check - Invalid Author Names - Stopping Human Spam */ if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback' && rs_wpss_anchortxt_blacklist_chk($commentdata_comment_author_lc_deslashed, '', 'author', $commentdata_comment_author_url_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10500A-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - BEGIN */ /* 10500-13000 - Complex Test for terms in Comment Author/URL - $commentdata_comment_author_lc_deslashed/$commentdata_comment_author_url_domain_lc */ /* Blacklisted Domains Check */ if (rs_wpss_domain_blacklist_chk($commentdata_comment_author_url_domain_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10500AU-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Check for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */ if (rs_wpss_at_link_spam_url_chk($commentdata_comment_author_url_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10510AU-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Testing for a unique identifying string from the comment content in the Author URL Domain */ preg_match("~\\s+([a-z0-9]{6,})\$~i", $commentdata_comment_content_lc_deslashed, $wpss_str_matches); if (!empty($wpss_str_matches[1])) { $wpss_spammer_id_string = $wpss_str_matches[1]; } else { $wpss_spammer_id_string = ''; } $commentdata_comment_author_url_domain_lc_elements = explode('.', $commentdata_comment_author_url_domain_lc); $commentdata_comment_author_url_domain_lc_elements_count = count($commentdata_comment_author_url_domain_lc_elements) - 1; if (!empty($wpss_spammer_id_string)) { $i = 0; /* The following line to prevent exploitation: */ $i_max = 20; while ($i < $commentdata_comment_author_url_domain_lc_elements_count && $i < $i_max) { if (!empty($commentdata_comment_author_url_domain_lc_elements[$i])) { if ($commentdata_comment_author_url_domain_lc_elements[$i] === $wpss_spammer_id_string) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10511AUA'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } ++$i; } } /*** * Potential Exploits * Includes protection for Trackbacks and Pingbacks ***/ /* Check Author URL for Exploits */ if (rs_wpss_exploit_url_chk($commentdata_comment_author_url_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 15000AU-XPL'; /* Added in 1.4 - Replacing 15001AU-XPL and 15002AU-XPL, and adds additional protection */ return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - END */ $blacklist_word_combo_limit = 7; $blacklist_word_combo = 0; $i = 0; /* Regular Expression Tests - 2nd Gen - Comment Content - BEGIN */ /* Miscellaneous Patterns that Keep Repeating */ if (preg_match("~^([0-9]{6})\\s([0-9]{6})(.*)\\s([0-9]{6})\$~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10401C'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Blacklisted Anchor Text Check - Links in Content - Stopping Human Spam */ if (rs_wpss_anchortxt_blacklist_chk($commentdata_comment_content_lc_deslashed, '', 'content') && $commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback') { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10500CAT-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Blacklisted Domains Check - Links in Content */ if (rs_wpss_link_blacklist_chk($commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10500CU-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Check Anchor Text Links for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */ if (rs_wpss_at_link_spam_url_chk($commentdata_comment_content_extracted_urls_at)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10510CU-BL'; /* Replacing 10510CU-MSC */ return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Check all URL's in Comment Content for Exploits */ if (rs_wpss_exploit_url_chk($commentdata_comment_content_extracted_urls)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 15000CU-XPL'; /* Added in 1.4 */ return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Regular Expression Tests - 2nd Gen - Comment Content - END */ /*** * Test Comment Author * Words in Comment Author Repeated in Content - With Keyword Density ***/ $repeated_terms_filters = array('.', '-', ':'); $repeated_terms_temp_phrase = str_replace($repeated_terms_filters, '', $commentdata_comment_author_lc_deslashed); $repeated_terms_test = explode(' ', $repeated_terms_temp_phrase); $repeated_terms_test_count = count($repeated_terms_test); $comment_content_total_words = rs_wpss_count_words($commentdata_comment_content_lc_deslashed); $i = 0; while ($i < $repeated_terms_test_count) { if (!empty($repeated_terms_test[$i])) { $repeated_terms_in_content_count = rs_wpss_substr_count($commentdata_comment_content_lc_deslashed, $repeated_terms_test[$i]); $repeated_terms_in_content_str_len = rs_wpss_strlen($repeated_terms_test[$i]); if ($repeated_terms_in_content_count > 1 && $comment_content_total_words < $repeated_terms_in_content_count) { $repeated_terms_in_content_count = 1; } $repeated_terms_in_content_density = $repeated_terms_in_content_count / $comment_content_total_words * 100; if ($repeated_terms_in_content_count >= 5 && $repeated_terms_in_content_str_len >= 4 && $repeated_terms_in_content_density > 40) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9000-' . $i; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } ++$i; } /* Comment Author and URL Tests */ if (!empty($commentdata_comment_author_url_lc) && !empty($commentdata_comment_author_lc_deslashed)) { /* Comment Author and Comment Author URL appearing in Content - REGEX VERSION */ if (preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*{$commentdata_comment_author_url_lc_regex}([a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]*)(['\"])?(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9100-1'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if ($commentdata_comment_author_url_lc === $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)\\s*(['\"])?\\s*(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9101'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if (preg_match("~^((ww[w0-9]|m)\\.)?{$commentdata_comment_author_lc_deslashed_regex}\$~i", $commentdata_comment_author_url_domain_lc) && !preg_match("~https?\\:/+~i", $commentdata_comment_author_lc_deslashed)) { /* Changed to include Trackbacks and Pingbacks in 1.1.4.4 */ if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9102'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if ($commentdata_comment_author_url_lc === $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9103'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /*** * Email Filters * New Test with Blacklists ***/ if (rs_wpss_email_blacklist_chk($commentdata_comment_author_email_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9200E-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* TEST REFERRERS 1 - TO THE COMMENT PROCESSOR */ if (strpos(WPSS_COMMENTS_POST_URL, $commentdata_php_self_lc) !== FALSE && $commentdata_referrer_lc === WPSS_COMMENTS_POST_URL) { /* Often spammers send the referrer as the URL for the wp-comments-post.php page. */ if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' REF-1-1011'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* TEST REFERRERS 2 - SPAMMERS SEARCHING FOR PAGES TO COMMENT ON */ if (!empty($post_ref2xjs)) { $ref2xJS = addslashes(urldecode($post_ref2xjs)); $ref2xJS = str_replace('%3A', ':', $ref2xJS); $ref2xJS = str_replace(' ', '+', $ref2xJS); $ref2xJS = esc_url_raw($ref2xJS); $ref2xJS_lc = rs_wpss_casetrans('lower', $ref2xJS); if (preg_match("~\\.google\\.co(m|\\.[a-z]{2})~i", $ref2xJS) && strpos($ref2xJS_lc, 'leave a comment') !== FALSE) { /* make test more robust for other versions of google & search query */ if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' REF-2-1021'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* add Keyword Script Here */ } /*** * TEST REFERRERS 3 - TO THE PAGE BEING COMMENTED ON * DISABLED IN V1.5.9 ***/ /* Spam Network - BEGIN */ /*** * PART OF BAD ROBOTS TEST - BEGIN * Test User-Agents ***/ if (empty($commentdata_user_agent_lc)) { /* There is no reason for a blank UA String, unless it's been altered or a bot. */ $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' UA1001'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } $commentdata_user_agent_lc_word_count = rs_wpss_count_words($commentdata_user_agent_lc); if (!empty($commentdata_user_agent_lc) && $commentdata_user_agent_lc_word_count < 3) { if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback' || strpos($commentdata_user_agent_lc, 'movabletype') === FALSE && $commentdata_comment_type === 'trackback') { /* Another test for altered UA's. */ $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' UA1003'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } if (rs_wpss_skiddie_ua_check($commentdata_user_agent_lc)) { /* There is no reason for a human to use one of these UA strings. Commonly used to attack/spam WP. */ $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' UA1004'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* PART OF BAD ROBOTS TEST - END */ if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback') { /*** * PART OF BAD ROBOTS TEST - BEGIN * Test HTTP_ACCEPT ***/ if (empty($user_http_accept)) { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HA1001'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* HA1002 removed in 1.9.0.3 */ if ($user_http_accept === '*') { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HA1003'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* More complex test for invalid 'HTTP_ACCEPT' */ $user_http_accept_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept); $user_http_accept_elements = explode(',', $user_http_accept_mod_1); $user_http_accept_elements_count = count($user_http_accept_elements); $i = 0; /* The following line to prevent exploitation: */ $i_max = 20; while ($i < $user_http_accept_elements_count && $i < $i_max) { if (!empty($user_http_accept_elements[$i])) { if ($user_http_accept_elements[$i] === '*') { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HA1004'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } ++$i; } /* Test HTTP_ACCEPT_LANGUAGE */ if (empty($user_http_accept_language)) { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HAL1001'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if ($user_http_accept_language === '*') { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HAL1002'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* More complex test for invalid 'HTTP_ACCEPT_LANGUAGE' */ $user_http_accept_language_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept_language); $user_http_accept_language_elements = explode(',', $user_http_accept_language_mod_1); $user_http_accept_language_elements_count = count($user_http_accept_language_elements); $i = 0; /* The following line to prevent exploitation: */ $i_max = 20; while ($i < $user_http_accept_language_elements_count && $i < $i_max) { if (!empty($user_http_accept_language_elements[$i])) { if ($user_http_accept_language_elements[$i] === '*' && strpos($commentdata_user_agent_lc, 'links (') !== 0) { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HAL1004'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } ++$i; } /*** * HAL1005 - NOT IMPLEMENTED * PART OF BAD ROBOTS TEST - END ***/ /*** * Test PROXY STATUS if option * Google Chrome Compression Proxy Bypass ***/ if ($ip_proxy === 'PROXY DETECTED' && $ip_proxy_chrome_compression !== 'TRUE' && empty($spamshield_options['allow_proxy_users'])) { $content_filter_status = '10'; $wpss_error_code .= ' PROXY1001'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /*** * Test IPs - was here * IP1003 - Removed in 1.8 ***/ /* Reverse DNS Server Tests - BEGIN */ if ($commentdata_comment_type !== 'pingback' && $commentdata_comment_type !== 'trackback') { /* Test Reverse DNS Hosts - Do all with Reverse DNS not Remote Host */ $rev_dns_filter_data = rs_wpss_revdns_filter('comment', $content_filter_status, $ip, $reverse_dns_lc, $commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc); $revdns_blacklisted = $rev_dns_filter_data['blacklisted']; if (!empty($revdns_blacklisted)) { $content_filter_status = $rev_dns_filter_data['status']; $wpss_error_code .= $rev_dns_filter_data['error_code']; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /* Reverse DNS Server Tests - END */ /* Spam Network - END */ /* Test Pingbacks and Trackbacks - OLD LOCATION */ /* Miscellaneous Preg Match Tests - Changed to regex in V1.8.4 */ $wpss_misc_spam_phrases_to_check = array('5000' => "~\\[\\.+\\]\\s+\\[\\.+\\]~", '5001' => "~^<new\\s+comment>\$~i", '5003' => "~^([a-z0-9\\s\\.,!]{0,12})?((he.a?|h([ily]{1,2}))(\\s+there)?|howdy|hello|bonjour|good\\s+day)([\\.,!])?\\s+(([ily]{1,2})\\s+know\\s+)?th([ily]{1,2})s\\s+([ily]{1,2})s\\s+([a-z\\s]{3,12}|somewhat|k([ily]{1,2})nd\\s*of)?(of{1,2}\\s+)?of{1,2}\\s+top([ily]{1,2})c\\s+(but|however)\\s+([ily]{1,2})\\s+(was\\s+wonder([ily]{1,2})nn?g?|need\\s+some\\s+adv([ily]{1,2})ce)~i", '5004' => "~^th([ily]{1,2})s\\s+([ily]{1,2})s\\s+k([ily]{1,2})nd\\s+of\\s+off\\s+top([ily]{1,2})c\\s+but~i"); /* 5002 - Removed in V1.8.4 */ foreach ($wpss_misc_spam_phrases_to_check as $ec => $rgx_phrase) { if (preg_match($rgx_phrase, $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' ' . $ec; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /* BOILERPLATE: Add common boilerplate/template spam phrases... Add Blacklist functions */ /* WP Blacklist Check - BEGIN */ /* Test WP Blacklist if option set */ if (!empty($spamshield_options['enhanced_comment_blacklist']) && empty($content_filter_status)) { if (rs_wpss_blacklist_check($commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc, $commentdata_comment_author_url_lc, $commentdata_comment_content_lc_deslashed, $ip, $commentdata_user_agent_lc, '')) { if (empty($content_filter_status)) { $content_filter_status = '100'; } $wpss_error_code .= ' WP-BLACKLIST'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /* WP Blacklist Check - END */ /* Timer End - Content Filter */ $wpss_end_time_content_filter = microtime(TRUE); $wpss_total_time_content_filter = rs_wpss_timer($commentdata['start_time_content_filter'], $wpss_end_time_content_filter, FALSE, 6, TRUE); $commentdata['total_time_content_filter'] = $wpss_total_time_content_filter; if (empty($wpss_error_code)) { $wpss_error_code = 'No Error'; } else { $wpss_error_code = trim($wpss_error_code); } /*** * $spamshield_error_data = array( $wpss_error_code, $blacklist_word_combo, $blacklist_word_combo_total ); */ $commentdata['wpss_error_code'] = trim($wpss_error_code); $commentdata['content_filter_status'] = $content_filter_status; return $commentdata; /* CONTENT FILTERING - END */ }
function rs_wpss_extra_notification_data($text, $spamshield_options = NULL, $cf7 = FALSE) { if (empty($spamshield_options)) { global $spamshield_options; if (empty($spamshield_options)) { $spamshield_options = get_option('spamshield_options'); } } rs_wpss_update_session_data($spamshield_options); $post_jsonst = !empty($_POST[WPSS_JSONST]) ? trim($_POST[WPSS_JSONST]) : ''; $post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : ''; $post_jsonst_lc = rs_wpss_casetrans('lower', $post_jsonst); $post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs); $eml_eol = "\r\n"; /* Added 1.9.7 */ if (!empty($cf7)) { $text .= $eml_eol; } /* IP / PROXY INFO - BEGIN */ global $wpss_ip_proxy_info; if (empty($wpss_ip_proxy_info)) { $wpss_ip_proxy_info = rs_wpss_ip_proxy_info(); } extract($wpss_ip_proxy_info); /* IP / PROXY INFO - END */ if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) { global $wpss_geolocation; if (empty($wpss_geolocation)) { $wpss_geolocation = rs_wpss_wf_geoiploc($ip, TRUE); } } else { global $wpss_geoloc_short; if (empty($wpss_geoloc_short)) { $wpss_geoloc_short = rs_wpss_wf_geoiploc_short($ip); } } /* Sanitized versions for output */ $wpss_http_accept_language = rs_wpss_get_http_accept(FALSE, FALSE, TRUE); $wpss_http_accept = rs_wpss_get_http_accept(); $wpss_http_user_agent = rs_wpss_get_user_agent(); $wpss_http_browser = rs_wpss_get_browser(); $wpss_http_referer = rs_wpss_get_referrer(FALSE, TRUE, TRUE); /* Initial referrer, aka "Referring Site" - Changed 1.7.9 */ if (empty($spamshield_options['hide_extra_data'])) { if (!empty($cf7)) { $text .= $eml_eol; } $text .= $eml_eol; $text .= '------------------------------------------------------------------------------' . $eml_eol; $text .= __('Additional Technical Data Added by WP-SpamShield', 'wp-spamshield') . $eml_eol; $text .= '------------------------------------------------------------------------------' . $eml_eol; /* DEBUG ONLY - BEGIN */ if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) { /* CF7 Only */ if (!empty($cf7)) { $wpss_log_session_data = rs_wpss_get_log_session_data(); extract($wpss_log_session_data); $noda = '[No Data]'; /* Timer - BEGIN*/ $wpss_time_end = microtime(TRUE); if (empty($wpss_time_init) && !empty($wpss_timestamp_init)) { $wpss_time_init = $wpss_timestamp_init; } if (!empty($wpss_time_init)) { $wpss_time_on_site = rs_wpss_timer($wpss_time_init, $wpss_time_end, TRUE, 2); } else { $wpss_time_on_site = $noda; } if (!empty($wpss_timestamp_init)) { $wpss_site_entry_time = get_date_from_gmt(date('Y-m-d H:i:s', $wpss_timestamp_init), 'Y-m-d (D) H:i:s e'); /* Added 1.7.3 */ } else { $wpss_site_entry_time = $noda; } /* Timer - END */ $wpss_hits_per_page = str_replace(WPSS_EOL, $eml_eol, $wpss_hits_per_page); $text .= "Pages Visited: " . $wpss_hits_per_page; $text .= "Time on Site: ['" . $wpss_time_on_site . "']" . $eml_eol; } if (!empty($post_ref2xjs)) { $ref2xJS = addslashes(urldecode($post_ref2xjs)); $ref2xJS = str_replace('%3A', ':', $ref2xJS); $ref2xJS = str_replace(' ', '+', $ref2xJS); $ref2xJS = esc_url_raw($ref2xJS); $text .= $eml_eol . "JS Page Referrer Check: {$ref2xJS}" . $eml_eol; } if (!empty($post_jsonst)) { $JSONST = sanitize_text_field($post_jsonst); $text .= $eml_eol . "JSONST: {$JSONST}" . $eml_eol; } } else { if (!empty($post_ref2xjs)) { $ref2xJS = addslashes(urldecode($post_ref2xjs)); $ref2xJS = str_replace('%3A', ':', $ref2xJS); $ref2xJS = str_replace(' ', '+', $ref2xJS); $ref2xJS = esc_url_raw($ref2xJS); $text .= $eml_eol . __('Page Referrer Check.', 'wp-spamshield') . ': ' . $ref2xJS . $eml_eol; } } $text .= $eml_eol; $text .= __('Referrer', 'wp-spamshield') . ': ' . $wpss_http_referer . $eml_eol . $eml_eol; /* Initial referrer, aka "Referring Site" - Changed 1.7.9 */ if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0 && !empty($_COOKIE['_referrer_og'])) { $text .= __('Clicky Referrer', 'wp-spamshield') . ': ' . $_COOKIE['_referrer_og'] . $eml_eol . $eml_eol; /* DEBUG ONLY - Added 1.9.7 */ } $text .= __('User-Agent (Browser/OS)', 'wp-spamshield') . ': ' . $wpss_http_user_agent . $eml_eol; if (!empty($wpss_http_browser)) { $text .= __('Browser', 'wp-spamshield') . ': ' . $wpss_http_browser . $eml_eol; } if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) { if (!empty($wpss_geolocation) && rs_wpss_is_lang_en_us()) { /* English only for now; TO DO: TRANSLATE */ $text .= __('Location', 'wp-spamshield') . ': ' . $wpss_geolocation . $eml_eol; } } else { if (!empty($wpss_geoloc_short) && rs_wpss_is_lang_en_us()) { /* English only for now; TO DO: TRANSLATE */ $text .= __('Country', 'wp-spamshield') . ': ' . $wpss_geoloc_short . $eml_eol; } } $text .= __('IP Address', 'wp-spamshield') . ': ' . $ip . $eml_eol; $text .= __('Server', 'wp-spamshield') . ': ' . $reverse_dns . $eml_eol; $text .= __('IP Address Lookup', 'wp-spamshield') . ': http://ipaddressdata.com/' . $ip . "\r\n\r\n"; $text .= '(' . __('This data is helpful if you need to submit a spam sample.', 'wp-spamshield') . ')' . $eml_eol; } return $text; }