public function logHit() { if (!wfConfig::liveTrafficEnabled()) { return; } $headers = array(); foreach ($_SERVER as $h => $v) { if (preg_match('/^HTTP_(.+)$/', $h, $matches)) { $headers[$matches[1]] = $v; } } $ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $this->getDB()->queryWrite("insert into " . $this->hitsTable . " (ctime, is404, isGoogle, IP, userID, newVisit, URL, referer, UA, jsRun) values (%f, %d, %d, %s, %s, %d, '%s', '%s', '%s', %d)", sprintf('%.6f', microtime(true)), is_404() ? 1 : 0, wfCrawl::isGoogleCrawler() ? 1 : 0, wfUtils::inet_pton(wfUtils::getIP()), $this->getCurrentUserID(), wordfence::$newVisit ? 1 : 0, wfUtils::getRequestedURL(), isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '', $ua, (int) (isset($_COOKIE['wordfence_verifiedHuman']) && wp_verify_nonce($_COOKIE['wordfence_verifiedHuman'], 'wordfence_verifiedHuman' . $ua . wfUtils::getIP()))); return $this->getDB()->querySingle("select last_insert_id()"); }
public function logLeechAndBlock($type) { //404 or hit if (wfConfig::get('firewallEnabled')) { //Moved the following block into the "is fw enabled section" for optimization. $IP = wfUtils::getIP(); $IPnum = wfUtils::inet_pton($IP); if ($this->isWhitelisted($IP)) { return; } if (wfConfig::get('neverBlockBG') == 'neverBlockUA' && wfCrawl::isGoogleCrawler()) { return; } if (wfConfig::get('neverBlockBG') == 'neverBlockVerified' && wfCrawl::isVerifiedGoogleCrawler()) { return; } if ($type == '404') { $allowed404s = wfConfig::get('allowed404s'); if (is_string($allowed404s)) { $allowed404s = array_filter(explode("\n", $allowed404s)); $allowed404sPattern = ''; foreach ($allowed404s as $allowed404) { $allowed404sPattern .= preg_replace('/\\\\\\*/', '.*?', preg_quote($allowed404, '/')) . '|'; } $uri = $_SERVER['REQUEST_URI']; if (($index = strpos($uri, '?')) !== false) { $uri = substr($uri, 0, $index); } if ($allowed404sPattern && preg_match('/^' . substr($allowed404sPattern, 0, -1) . '$/i', $uri)) { return; } } } if ($type == '404') { $table = $this->scanTable; } else { if ($type == 'hit') { $table = $this->leechTable; } else { wordfence::status(1, 'error', "Invalid type to logLeechAndBlock(): {$type}"); return; } } $this->getDB()->queryWrite("insert into {$table} (eMin, IP, hits) values (floor(unix_timestamp() / 60), %s, 1) ON DUPLICATE KEY update hits = IF(@wfcurrenthits := hits + 1, hits + 1, hits + 1)", wfUtils::inet_pton($IP)); $hitsPerMinute = $this->getDB()->querySingle("select @wfcurrenthits"); //end block moved into "is fw enabled" section //Range blocking was here. Moved to wordfenceClass::veryFirstAction if (wfConfig::get('maxGlobalRequests') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxGlobalRequests')) { //Applies to 404 or pageview $this->takeBlockingAction('maxGlobalRequests', "Exceeded the maximum global requests per minute for crawlers or humans."); } if ($type == '404') { global $wpdb; $p = $wpdb->base_prefix; if (wfConfig::get('other_WFNet')) { $this->getDB()->queryWrite("insert IGNORE into {$p}" . "wfNet404s (sig, ctime, URI) values (UNHEX(MD5('%s')), unix_timestamp(), '%s')", $_SERVER['REQUEST_URI'], $_SERVER['REQUEST_URI']); } $pat = wfConfig::get('vulnRegex'); if ($pat) { $URL = wfUtils::getRequestedURL(); if (preg_match($pat, $URL)) { $this->getDB()->queryWrite("insert IGNORE into {$p}" . "wfVulnScanners (IP, ctime, hits) values (%s, unix_timestamp(), 1) ON DUPLICATE KEY UPDATE ctime = unix_timestamp(), hits = hits + 1", wfUtils::inet_pton($IP)); if (wfConfig::get('maxScanHits') != 'DISABLED') { if (empty($_SERVER['HTTP_REFERER'])) { $this->getDB()->queryWrite("insert into " . $this->badLeechersTable . " (eMin, IP, hits) values (floor(unix_timestamp() / 60), %s, 1) ON DUPLICATE KEY update hits = IF(@wfblcurrenthits := hits + 1, hits + 1, hits + 1)", $IPnum); $BL_hitsPerMinute = $this->getDB()->querySingle("select @wfblcurrenthits"); if ($BL_hitsPerMinute > wfConfig::get('maxScanHits')) { $this->takeBlockingAction('maxScanHits', "Exceeded the maximum number of 404 requests per minute for a known security vulnerability."); } } } } } } if (isset($_SERVER['HTTP_USER_AGENT']) && wfCrawl::isCrawler($_SERVER['HTTP_USER_AGENT'])) { if ($type == 'hit' && wfConfig::get('maxRequestsCrawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsCrawlers')) { $this->takeBlockingAction('maxRequestsCrawlers', "Exceeded the maximum number of requests per minute for crawlers."); //may not exit } else { if ($type == '404' && wfConfig::get('max404Crawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('max404Crawlers')) { $this->takeBlockingAction('max404Crawlers', "Exceeded the maximum number of page not found errors per minute for a crawler."); } } } else { if ($type == 'hit' && wfConfig::get('maxRequestsHumans') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsHumans')) { $this->takeBlockingAction('maxRequestsHumans', "Exceeded the maximum number of page requests per minute for humans."); } else { if ($type == '404' && wfConfig::get('max404Humans') != 'DISABLED' && $hitsPerMinute > wfConfig::get('max404Humans')) { $this->takeBlockingAction('max404Humans', "Exceeded the maximum number of page not found errors per minute for humans."); } } } } }