/** * Test to verify that the import is working. This will verify that the syste can import the zipped CSV from the website. * * Note that the live sfs website is not actually used, but instead a local test zip. * * @setUseOutputBuffering */ public function testImport() { // This test file contains two entries: // "257.0.0.1","256","2012-12-14 22:49:31" // "257.0.0.2","128","2012-12-15 03:23:43" // Yes, I know 257. is an invalid IPv4 IP... that's why I'm using it as a test. // The import function just prints straight to stdout. Capture that to get the status. $file = ROOT_PDIR . 'components/security-suite/tests/test_listed_ip_1_all.zip'; SecuritySuite\StopForumSpam::ImportList($file); $out = $this->getActualOutput(); $string = 'Processed 2 records from ' . $file . ' successfully!'; $this->assertContains($string, $out, 'Checking that 2 records were processed successfully from the test zip'); // Try to remove them now. $record = new sfsBlacklistModel('257.0.0.1'); $this->assertEquals('256', $record->get('submissions'), 'Checking that record 257.0.0.1 contains 256 submissions'); $record->delete(); $this->assertTrue(!$record->exists(), 'Checking that record 257.0.0.1 can be removed'); $record = new sfsBlacklistModel('257.0.0.2'); $this->assertEquals('128', $record->get('submissions'), 'Checking that record 257.0.0.2 contains 128 submissions'); $record->delete(); $this->assertTrue(!$record->exists(), 'Checking that record 257.0.0.2 can be removed'); }
/** * Check the user's IP in the blacklist and see if it's found. * * If it is and has a high enough submission rate, (in a 24 hour period), then block the user completely and immediately. */ public static function CheckIP() { $record = \sfsBlacklistModel::Construct(REMOTE_IP); // It's not in there, YAY! if (!$record->exists()) { return; } // Is the submission score high enough? $highscore = 100; if ($record->get('submissions') > $highscore) { // YOU can haz good party tiem nau \SystemLogModel::LogSecurityEvent('/security/blocked', 'Blocking IP due to over ' . $highscore . ' submissions to sfs in a 24 hour period.'); die('IP Blocked due to high spam score'); } // Submissions listed, but not exceedingly high? $warnlevel = 5; if ($record->get('submissions') > $warnlevel) { if (\Core\Session::Get('security_antispam_allowed') === null) { $html = '<html><body>'; $html .= '<!-- You smell of spam.... are you sure you didn\'t come from a can?-->'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['happyfuntime']) && \Core\Session::Get('happyfuntimecheck')) { // It's an attempt! if ($_POST['happyfuntime'] == \Core\Session::Get('happyfuntimecheck')) { \SystemLogModel::LogSecurityEvent('/security/unblocked', 'User successfully answered an anti-bot math question, unblocking.'); \Core\Session::Set('security_antispam_allowed', true); } else { \SystemLogModel::LogSecurityEvent('/security/captchafailed', 'User attempted, but failed in answering an anti-bot math question.'); $html .= '<b>NOPE!</b>'; } } \SystemLogModel::LogSecurityEvent('/security/blocked', 'Blocking IP due to over ' . $warnlevel . ' submissions to sfs in a 24 hour period.'); $random1 = rand(4, 6) * 2; $random2 = rand(1, 3) * 2; $random3 = rand(1, 2); switch ($random3) { case 1: $result = $random1 / $random2; $operation = 'divided by'; break; case 2: $result = $random1 * $random2; $operation = 'multiplied by'; break; } \Core\Session::Set('happyfuntimecheck', $result); switch ($random2) { case 1: $random2 = 'oNe'; break; case 2: $random2 = 'Tw0'; break; case 3: $random2 = 'ThRe'; break; case 4: $random2 = 'Foor'; break; case 5: $random2 = 'fIve'; break; case 6: $random2 = 'Siix'; break; } $html .= '<form method="POST"><p>What is ' . $random1 . ' ' . $operation . ' ' . $random2 . '?</p><input type="text" name="happyfuntime" size="3"/><input type="submit" value="GO"/></form></body></html>'; die($html); } } }