public function logHit()
{
if (!wfConfig::liveTrafficEnabled()) {
return;
}
$headers = array();
foreach ($_SERVER as $h => $v) {
if (preg_match('/^HTTP_(.+)$/', $h, $matches)) {
$headers[$matches[1]] = $v;
}
}
$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
$this->getDB()->queryWrite("insert into " . $this->hitsTable . " (ctime, is404, isGoogle, IP, userID, newVisit, URL, referer, UA, jsRun) values (%f, %d, %d, %s, %s, %d, '%s', '%s', '%s', %d)", sprintf('%.6f', microtime(true)), is_404() ? 1 : 0, wfCrawl::isGoogleCrawler() ? 1 : 0, wfUtils::inet_pton(wfUtils::getIP()), $this->getCurrentUserID(), wordfence::$newVisit ? 1 : 0, wfUtils::getRequestedURL(), isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '', $ua, (int) (isset($_COOKIE['wordfence_verifiedHuman']) && wp_verify_nonce($_COOKIE['wordfence_verifiedHuman'], 'wordfence_verifiedHuman' . $ua . wfUtils::getIP())));
return $this->getDB()->querySingle("select last_insert_id()");
}
public function logLeechAndBlock($type)
{
//404 or hit
if (wfConfig::get('firewallEnabled')) {
//Moved the following block into the "is fw enabled section" for optimization.
$IP = wfUtils::getIP();
$IPnum = wfUtils::inet_pton($IP);
if ($this->isWhitelisted($IP)) {
return;
}
if (wfConfig::get('neverBlockBG') == 'neverBlockUA' && wfCrawl::isGoogleCrawler()) {
return;
}
if (wfConfig::get('neverBlockBG') == 'neverBlockVerified' && wfCrawl::isVerifiedGoogleCrawler()) {
return;
}
if ($type == '404') {
$allowed404s = wfConfig::get('allowed404s');
if (is_string($allowed404s)) {
$allowed404s = array_filter(explode("\n", $allowed404s));
$allowed404sPattern = '';
foreach ($allowed404s as $allowed404) {
$allowed404sPattern .= preg_replace('/\\\\\\*/', '.*?', preg_quote($allowed404, '/')) . '|';
}
$uri = $_SERVER['REQUEST_URI'];
if (($index = strpos($uri, '?')) !== false) {
$uri = substr($uri, 0, $index);
}
if ($allowed404sPattern && preg_match('/^' . substr($allowed404sPattern, 0, -1) . '$/i', $uri)) {
return;
}
}
}
if ($type == '404') {
$table = $this->scanTable;
} else {
if ($type == 'hit') {
$table = $this->leechTable;
} else {
wordfence::status(1, 'error', "Invalid type to logLeechAndBlock(): {$type}");
return;
}
}
$this->getDB()->queryWrite("insert into {$table} (eMin, IP, hits) values (floor(unix_timestamp() / 60), %s, 1) ON DUPLICATE KEY update hits = IF(@wfcurrenthits := hits + 1, hits + 1, hits + 1)", wfUtils::inet_pton($IP));
$hitsPerMinute = $this->getDB()->querySingle("select @wfcurrenthits");
//end block moved into "is fw enabled" section
//Range blocking was here. Moved to wordfenceClass::veryFirstAction
if (wfConfig::get('maxGlobalRequests') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxGlobalRequests')) {
//Applies to 404 or pageview
$this->takeBlockingAction('maxGlobalRequests', "Exceeded the maximum global requests per minute for crawlers or humans.");
}
if ($type == '404') {
global $wpdb;
$p = $wpdb->base_prefix;
if (wfConfig::get('other_WFNet')) {
$this->getDB()->queryWrite("insert IGNORE into {$p}" . "wfNet404s (sig, ctime, URI) values (UNHEX(MD5('%s')), unix_timestamp(), '%s')", $_SERVER['REQUEST_URI'], $_SERVER['REQUEST_URI']);
}
$pat = wfConfig::get('vulnRegex');
if ($pat) {
$URL = wfUtils::getRequestedURL();
if (preg_match($pat, $URL)) {
$this->getDB()->queryWrite("insert IGNORE into {$p}" . "wfVulnScanners (IP, ctime, hits) values (%s, unix_timestamp(), 1) ON DUPLICATE KEY UPDATE ctime = unix_timestamp(), hits = hits + 1", wfUtils::inet_pton($IP));
if (wfConfig::get('maxScanHits') != 'DISABLED') {
if (empty($_SERVER['HTTP_REFERER'])) {
$this->getDB()->queryWrite("insert into " . $this->badLeechersTable . " (eMin, IP, hits) values (floor(unix_timestamp() / 60), %s, 1) ON DUPLICATE KEY update hits = IF(@wfblcurrenthits := hits + 1, hits + 1, hits + 1)", $IPnum);
$BL_hitsPerMinute = $this->getDB()->querySingle("select @wfblcurrenthits");
if ($BL_hitsPerMinute > wfConfig::get('maxScanHits')) {
$this->takeBlockingAction('maxScanHits', "Exceeded the maximum number of 404 requests per minute for a known security vulnerability.");
}
}
}
}
}
}
if (isset($_SERVER['HTTP_USER_AGENT']) && wfCrawl::isCrawler($_SERVER['HTTP_USER_AGENT'])) {
if ($type == 'hit' && wfConfig::get('maxRequestsCrawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsCrawlers')) {
$this->takeBlockingAction('maxRequestsCrawlers', "Exceeded the maximum number of requests per minute for crawlers.");
//may not exit
} else {
if ($type == '404' && wfConfig::get('max404Crawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('max404Crawlers')) {
$this->takeBlockingAction('max404Crawlers', "Exceeded the maximum number of page not found errors per minute for a crawler.");
}
}
} else {
if ($type == 'hit' && wfConfig::get('maxRequestsHumans') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsHumans')) {
$this->takeBlockingAction('maxRequestsHumans', "Exceeded the maximum number of page requests per minute for humans.");
} else {
if ($type == '404' && wfConfig::get('max404Humans') != 'DISABLED' && $hitsPerMinute > wfConfig::get('max404Humans')) {
$this->takeBlockingAction('max404Humans', "Exceeded the maximum number of page not found errors per minute for humans.");
}
}
}
}
}
