/** * Display the honeypot URL */ public function getHtmlHoneyPotUrl() { $url = $this->_core->getOptionElement('php', 'honeypoturl'); $words = array('intermittently', 'tawse', 'goldurn', 'coemption', 'semipurposive', 'tensibly', 'dissident', 'reductive', 'plowstaff', 'sprang', 'intersoluble', 'mildly', 'unrumpled', 'freeway', 'overappreciative', 'prealliance', 'hypercoagulability', 'makalu', 'aspersive', 'colleagueship', 'feminacy', 'cuirie', 'vanir', 'unvitalized', 'noncreativity', 'interproportional', 'areosystyle', 'exsolve', 'replow', 'septuor', 'comptrollership', 'mortarless', 'ruddily', 'find', 'poppy', 'knowledgeless', 'amenorrheal', 'referenced', 'veranda', 'parishad', 'lexeme', 'expediency', 'anemotropism', 'bangalay', 'complexional', 'uneminent', 'stephenville', 'lozenge', 'archiepiscopacy', 'propitiable'); $keys = array_rand($words, 2); $text = $words[$keys[0]] . '-' . $words[$keys[1]]; $url_array[] = '<div style="display: none;"><a href="%s">%s</a></div>'; $url_array[] = '<a href="%s" style="display: none;">%s</a>'; $url_array[] = '<a href="%s"><span style="display: none;">%s</span></a>'; $url_array[] = '<a href="%s"><!-- %s --></a>'; $url_array[] = '<!-- <a href="%s">%s</a> -->'; $url_array[] = '<div style="position: absolute; top: -250px; left: -250px;"><a href="%s">%s</a></div>'; $url_array[] = '<a href="%s"><span style="display: none;">%s</span></a>'; $full_url = sprintf($url_array[array_rand($url_array)], $url, $text); return $full_url; }
/** * Do the HTTP call to and report the spammer * * @param string $username * @param string $email * @param string $ip_addr */ private function _handleReportSpammer($username, $email, $ip_addr) { if (!empty($email)) { $url = 'http://www.stopforumspam.com/add.php'; $call = wp_remote_post($url, array('user-agent' => 'WordPress/AVH ' . AVH_FDAS_Define::PLUGIN_VERSION . '; ' . get_bloginfo('url'), 'body' => array('username' => $username, 'ip_addr' => $ip_addr, 'email' => $email, 'api_key' => $this->_core->getOptionElement('sfs', 'sfsapikey')))); if (is_wp_error($call) || 200 != $call['response']['code']) { $to = get_option('admin_email'); $subject = sprintf('[%s] AVH First Defense Against Spam - ' . __('Error reporting spammer', 'avh-fdas'), wp_specialchars_decode(get_option('blogname'), ENT_QUOTES)); if (is_wp_error($call)) { $message = $call->get_error_messages(); } else { $message[] = $call['body']; } AVH_Common::sendMail($to, $subject, $message, $this->_settings->getSetting('mail_footer')); } } }
/** * Check the nonce field set with a comment. * * @WordPress Filter preprocess_comment * * @param mixed $commentdata * * @return mixed * @since 1.2 * */ public function filterCheckNonceFieldToComment($commentdata) { // When we're in Admin no need to check the nonce. if (!defined('WP_ADMIN') && !defined('XMLRPC_REQUEST')) { if (empty($commentdata['comment_type'])) { // If it's a trackback or pingback this has a value $nonce = wp_create_nonce('avh-first-defense-against-spam_' . $commentdata['comment_post_ID']); if (!wp_verify_nonce($_POST['_avh_first_defense_against_spam'], 'avh-first-defense-against-spam_' . $commentdata['comment_post_ID'])) { if (1 == $this->_core->getOptionElement('general', 'emailsecuritycheck')) { $to = get_option('admin_email'); $ip = AVH_Visitor::getUserIp(); $sfs_apikey = $this->_core->getOptionElement('sfs', 'sfsapikey'); $commentdata['comment_author_email'] = empty($commentdata['comment_author_email']) ? '*****@*****.**' : $commentdata['comment_author_email']; $subject = sprintf('[%s] AVH First Defense Against Spam - ' . __('Comment security check failed', 'avh-fdas'), wp_specialchars_decode(get_option('blogname'), ENT_QUOTES)); if (isset($_POST['_avh_first_defense_against_spam'])) { $message[] = __('Reason: The nonce check failed.', 'avh-fdas'); } else { $message[] = __('Reason: An attempt was made to directly access wp-comment-post.php', 'avh-fdas'); } $message[] = sprintf(__('Username: %s', 'avh-fdas'), $commentdata['comment_author']); $message[] = sprintf(__('Email: %s', 'avh-fdas'), $commentdata['comment_author_email']); $message[] = sprintf(__('IP: %s', 'avh-fdas'), $ip); $message[] = ''; $message[] = __('Comment trying to post:', 'avh-fdas'); $message[] = __('--- START OF COMMENT ---', 'avh-fdas'); $message[] = $commentdata['comment_content']; $message[] = __('--- END OF COMMENT ---', 'avh-fdas'); $message[] = ''; if ('' != $sfs_apikey && !empty($commentdata['comment_author_email'])) { $q['action'] = 'emailreportspammer'; $q['a'] = $commentdata['comment_author']; $q['e'] = $commentdata['comment_author_email']; $q['i'] = $ip; $q['_avhnonce'] = AVH_Security::createNonce($q['a'] . $q['e'] . $q['i']); $query = $this->_core->BuildQuery($q); $report_url = admin_url('admin.php?' . $query); $message[] = sprintf(__('Report spammer: %s'), $report_url); } $message[] = sprintf(__('For more information: http://www.stopforumspam.com/search?q=%s'), $ip); $blacklisturl = admin_url('admin.php?action=blacklist&i=') . $ip . '&_avhnonce=' . AVH_Security::createNonce($ip); $message[] = sprintf(__('Add to the local blacklist: %s'), $blacklisturl); AVH_Common::sendMail($to, $subject, $message, $this->_settings->getSetting('mail_footer')); } // Only keep track if we have the ability to report add Stop Forum Spam if ('' != $sfs_apikey && !empty($commentdata['comment_author_email'])) { // Prevent a spam attack to overflow the database. if (!$this->_checkDbNonces($q['_avhnonce'])) { $option = get_option($this->_core->getDbNonces()); $option[$q['_avhnonce']] = $q['a'] . $q['e'] . $q['i']; update_option($this->_core->getDbNonces(), $option); } } $m = __('<p>Cheating huh</p>', 'avh-fdas'); $m .= __('<p>Protected by: AVH First Defense Against Spam</p>', 'avh-fdas'); if ($this->_core->getOptionElement('php', 'usehoneypot')) { $m .= $this->_spamcheck->getHtmlHoneyPotUrl(); } wp_die($m); } } } return $commentdata; }