コード例 #1
0
 public static function ajax_logHuman_callback()
 {
     self::getLog()->canLogHit = false;
     $UA = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
     $isCrawler = false;
     if ($UA) {
         if (wfCrawl::isCrawler($UA) || wfCrawl::isGoogleCrawler()) {
             $isCrawler = true;
         }
     }
     @ob_end_clean();
     if (!headers_sent()) {
         header('Content-type: text/javascript');
         header("Connection: close");
         header("Content-Length: 0");
         header("X-Robots-Tag: noindex");
         if (!$isCrawler && !wfConfig::get('disableCookies')) {
             setcookie('wordfence_verifiedHuman', self::getLog()->getVerifiedHumanCookieValue($UA, wfUtils::getIP()), time() + 86400, '/');
         }
     }
     flush();
     if (!$isCrawler) {
         $hid = $_GET['hid'];
         $hid = wfUtils::decrypt($hid);
         if (!preg_match('/^\\d+$/', $hid)) {
             exit;
         }
         $db = new wfDB();
         global $wpdb;
         $p = $wpdb->base_prefix;
         $db->queryWrite("update {$p}" . "wfHits set jsRun=1 where id=%d", $hid);
     }
     die("");
 }
コード例 #2
0
 public function logLeechAndBlock($type)
 {
     //404 or hit
     if (wfConfig::get('firewallEnabled')) {
         //Moved the following block into the "is fw enabled section" for optimization.
         $IP = wfUtils::getIP();
         $IPnum = wfUtils::inet_pton($IP);
         if ($this->isWhitelisted($IP)) {
             return;
         }
         if (wfConfig::get('neverBlockBG') == 'neverBlockUA' && wfCrawl::isGoogleCrawler()) {
             return;
         }
         if (wfConfig::get('neverBlockBG') == 'neverBlockVerified' && wfCrawl::isVerifiedGoogleCrawler()) {
             return;
         }
         if ($type == '404') {
             $allowed404s = wfConfig::get('allowed404s');
             if (is_string($allowed404s)) {
                 $allowed404s = array_filter(explode("\n", $allowed404s));
                 $allowed404sPattern = '';
                 foreach ($allowed404s as $allowed404) {
                     $allowed404sPattern .= preg_replace('/\\\\\\*/', '.*?', preg_quote($allowed404, '/')) . '|';
                 }
                 $uri = $_SERVER['REQUEST_URI'];
                 if (($index = strpos($uri, '?')) !== false) {
                     $uri = substr($uri, 0, $index);
                 }
                 if ($allowed404sPattern && preg_match('/^' . substr($allowed404sPattern, 0, -1) . '$/i', $uri)) {
                     return;
                 }
             }
         }
         if ($type == '404') {
             $table = $this->scanTable;
         } else {
             if ($type == 'hit') {
                 $table = $this->leechTable;
             } else {
                 wordfence::status(1, 'error', "Invalid type to logLeechAndBlock(): {$type}");
                 return;
             }
         }
         $this->getDB()->queryWrite("insert into {$table} (eMin, IP, hits) values (floor(unix_timestamp() / 60), %s, 1) ON DUPLICATE KEY update hits = IF(@wfcurrenthits := hits + 1, hits + 1, hits + 1)", wfUtils::inet_pton($IP));
         $hitsPerMinute = $this->getDB()->querySingle("select @wfcurrenthits");
         //end block moved into "is fw enabled" section
         //Range blocking was here. Moved to wordfenceClass::veryFirstAction
         if (wfConfig::get('blockFakeBots')) {
             if (wfCrawl::isGooglebot() && !wfCrawl::verifyCrawlerPTR($this->googlePattern, $IP)) {
                 $this->blockIP($IP, "Fake Google crawler automatically blocked");
                 wordfence::status(2, 'info', "Blocking fake Googlebot at IP {$IP}");
             }
         }
         if (wfConfig::get('bannedURLs', false)) {
             $URLs = explode(',', wfConfig::get('bannedURLs'));
             foreach ($URLs as $URL) {
                 if ($_SERVER['REQUEST_URI'] == trim($URL)) {
                     $this->blockIP($IP, "Accessed a banned URL.");
                     $this->do503(3600, "Accessed a banned URL.");
                     //exits
                 }
             }
         }
         if (wfConfig::get('maxGlobalRequests') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxGlobalRequests')) {
             //Applies to 404 or pageview
             $this->takeBlockingAction('maxGlobalRequests', "Exceeded the maximum global requests per minute for crawlers or humans.");
         }
         if ($type == '404') {
             global $wpdb;
             $p = $wpdb->base_prefix;
             if (wfConfig::get('other_WFNet')) {
                 $this->getDB()->queryWrite("insert IGNORE into {$p}" . "wfNet404s (sig, ctime, URI) values (UNHEX(MD5('%s')), unix_timestamp(), '%s')", $_SERVER['REQUEST_URI'], $_SERVER['REQUEST_URI']);
             }
             $pat = wfConfig::get('vulnRegex');
             if ($pat) {
                 $URL = wfUtils::getRequestedURL();
                 if (preg_match($pat, $URL)) {
                     $this->getDB()->queryWrite("insert IGNORE into {$p}" . "wfVulnScanners (IP, ctime, hits) values (%s, unix_timestamp(), 1) ON DUPLICATE KEY UPDATE ctime = unix_timestamp(), hits = hits + 1", wfUtils::inet_pton($IP));
                     if (wfConfig::get('maxScanHits') != 'DISABLED') {
                         if (empty($_SERVER['HTTP_REFERER'])) {
                             $this->getDB()->queryWrite("insert into " . $this->badLeechersTable . " (eMin, IP, hits) values (floor(unix_timestamp() / 60), %s, 1) ON DUPLICATE KEY update hits = IF(@wfblcurrenthits := hits + 1, hits + 1, hits + 1)", $IPnum);
                             $BL_hitsPerMinute = $this->getDB()->querySingle("select @wfblcurrenthits");
                             if ($BL_hitsPerMinute > wfConfig::get('maxScanHits')) {
                                 $this->takeBlockingAction('maxScanHits', "Exceeded the maximum number of 404 requests per minute for a known security vulnerability.");
                             }
                         }
                     }
                 }
             }
         }
         if (wfConfig::get('other_blockBadPOST') == '1' && $_SERVER['REQUEST_METHOD'] == 'POST' && empty($_SERVER['HTTP_USER_AGENT']) && empty($_SERVER['HTTP_REFERER'])) {
             $this->blockIP($IP, "POST received with blank user-agent and referer");
             $this->do503(3600, "POST received with blank user-agent and referer");
             //exits
         }
         if (isset($_SERVER['HTTP_USER_AGENT']) && wfCrawl::isCrawler($_SERVER['HTTP_USER_AGENT'])) {
             if ($type == 'hit' && wfConfig::get('maxRequestsCrawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsCrawlers')) {
                 $this->takeBlockingAction('maxRequestsCrawlers', "Exceeded the maximum number of requests per minute for crawlers.");
                 //may not exit
             } else {
                 if ($type == '404' && wfConfig::get('max404Crawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('max404Crawlers')) {
                     $this->takeBlockingAction('max404Crawlers', "Exceeded the maximum number of page not found errors per minute for a crawler.");
                 }
             }
         } else {
             if ($type == 'hit' && wfConfig::get('maxRequestsHumans') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsHumans')) {
                 $this->takeBlockingAction('maxRequestsHumans', "Exceeded the maximum number of page requests per minute for humans.");
             } else {
                 if ($type == '404' && wfConfig::get('max404Humans') != 'DISABLED' && $hitsPerMinute > wfConfig::get('max404Humans')) {
                     $this->takeBlockingAction('max404Humans', "Exceeded the maximum number of page not found errors per minute for humans.");
                 }
             }
         }
     }
 }
コード例 #3
0
ファイル: wfLog.php プロジェクト: roycocup/enclothed
 public function logLeechAndBlock($type)
 {
     //404 or hit
     if (wfConfig::get('firewallEnabled')) {
         //Moved the following block into the "is fw enabled section" for optimization.
         $IP = wfUtils::getIP();
         $IPnum = wfUtils::inet_aton($IP);
         if ($this->isWhitelisted($IP)) {
             return;
         }
         if ($type == '404') {
             $table = $this->scanTable;
         } else {
             if ($type == 'hit') {
                 $table = $this->leechTable;
             } else {
                 wordfence::status(1, 'error', "Invalid type to logLeechAndBlock(): {$type}");
                 return;
             }
         }
         $this->getDB()->queryWrite("insert into {$table} (eMin, IP, hits) values (floor(unix_timestamp() / 60), %s, 1) ON DUPLICATE KEY update hits = IF(@wfcurrenthits := hits + 1, hits + 1, hits + 1)", wfUtils::inet_aton($IP));
         $hitsPerMinute = $this->getDB()->querySingle("select @wfcurrenthits");
         //end block moved into "is fw enabled" section
         //Range blocking was here. Moved to wordfenceClass::veryFirstAction
         if (wfConfig::get('blockFakeBots')) {
             if (wfCrawl::isGooglebot() && !wfCrawl::verifyCrawlerPTR($this->googlePattern, $IP)) {
                 $this->blockIP($IP, "Fake Google crawler automatically blocked");
                 wordfence::status(2, 'info', "Blocking fake Googlebot at IP {$IP}");
             }
         }
         if (wfConfig::get('maxGlobalRequests') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxGlobalRequests')) {
             //Applies to 404 or pageview
             $this->takeBlockingAction('maxGlobalRequests', "Exceeded the maximum global requests per minute for crawlers or humans.");
         }
         if ($type == '404') {
             global $wpdb;
             $p = $wpdb->base_prefix;
             if (wfConfig::get('other_WFNet')) {
                 $this->getDB()->queryWrite("insert IGNORE into {$p}" . "wfNet404s (sig, ctime, URI) values (UNHEX(MD5('%s')), unix_timestamp(), '%s')", $_SERVER['REQUEST_URI'], $_SERVER['REQUEST_URI']);
             }
             $pat = wfConfig::get('vulnRegex');
             if ($pat) {
                 $URL = wfUtils::getRequestedURL();
                 if (preg_match($pat, $URL)) {
                     $this->getDB()->queryWrite("insert IGNORE into {$p}" . "wfVulnScanners (IP, ctime, hits) values (INET_ATON('%s'), unix_timestamp(), 1) ON DUPLICATE KEY UPDATE ctime = unix_timestamp(), hits = hits + 1", $IP);
                     if (wfConfig::get('maxScanHits') != 'DISABLED') {
                         if (empty($_SERVER['HTTP_REFERER'])) {
                             $this->getDB()->queryWrite("insert into " . $this->badLeechersTable . " (eMin, IP, hits) values (floor(unix_timestamp() / 60), %s, 1) ON DUPLICATE KEY update hits = IF(@wfblcurrenthits := hits + 1, hits + 1, hits + 1)", $IPnum);
                             $BL_hitsPerMinute = $this->getDB()->querySingle("select @wfblcurrenthits");
                             if ($BL_hitsPerMinute > wfConfig::get('maxScanHits')) {
                                 $this->takeBlockingAction('maxScanHits', "Exceeded the maximum number of 404 requests per minute for a known security vulnerability.");
                             }
                         }
                     }
                 }
             }
         }
         if (isset($_SERVER['HTTP_USER_AGENT']) && wfCrawl::isCrawler($_SERVER['HTTP_USER_AGENT'])) {
             if ($type == 'hit' && wfConfig::get('maxRequestsCrawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsCrawlers')) {
                 $this->takeBlockingAction('maxRequestsCrawlers', "Exceeded the maximum number of requests per minute for crawlers.");
                 //may not exit
             } else {
                 if ($type == '404' && wfConfig::get('max404Crawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('max404Crawlers')) {
                     $this->takeBlockingAction('max404Crawlers', "Exceeded the maximum number of page not found errors per minute for a crawler.");
                 }
             }
         } else {
             if ($type == 'hit' && wfConfig::get('maxRequestsHumans') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsHumans')) {
                 $this->takeBlockingAction('maxRequestsHumans', "Exceeded the maximum number of page requests per minute for humans.");
             } else {
                 if ($type == '404' && wfConfig::get('max404Humans') != 'DISABLED' && $hitsPerMinute > wfConfig::get('max404Humans')) {
                     $this->takeBlockingAction('max404Humans', "Exceeded the maximum number of page not found errors per minute for humans.");
                 }
             }
         }
     }
 }