function rs_wpss_comment_content_filter($commentdata, $spamshield_options) { /*** * Content Filter aka "The Algorithmic Layer" * Blocking the Obvious to Improve Human/Pingback/Trackback Defense ***/ /* Timer Start - Content Filter */ if (empty($commentdata['start_time_content_filter'])) { $wpss_start_time_content_filter = microtime(TRUE); $commentdata['start_time_content_filter'] = $wpss_start_time_content_filter; } $content_filter_status = $wpss_error_code = ''; /* Must go before tests */ rs_wpss_update_session_data($spamshield_options); /* TEST 0 - See if user has already been blacklisted this session */ if (!is_user_logged_in() && rs_wpss_ubl_cache()) { if (empty($content_filter_status)) { $content_filter_status = '3'; } /* 1.8 - Changed from '2' to '3' */ $wpss_error_code .= ' 0-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } $post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : ''; $post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs); /* CONTENT FILTERING - BEGIN */ $commentdata_comment_post_id = $commentdata['comment_post_ID']; $commentdata_comment_post_title = $commentdata['comment_post_title']; $commentdata_comment_post_title_lc = rs_wpss_casetrans('lower', $commentdata_comment_post_title); $commentdata_comment_post_title_lc_regex = rs_wpss_preg_quote($commentdata_comment_post_title_lc); $commentdata_comment_post_url = $commentdata['comment_post_url']; $commentdata_comment_post_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_post_url); $commentdata_comment_post_url_lc_regex = rs_wpss_preg_quote($commentdata_comment_post_url_lc); $commentdata_comment_post_type = $commentdata['comment_post_type']; /* Possible results: 'post', 'page', 'attachment', 'revision', 'nav_menu_item' */ /* Next two are boolean */ $commentdata_comment_post_comments_open = $commentdata['comment_post_comments_open']; $commentdata_comment_post_pings_open = $commentdata['comment_post_pings_open']; $commentdata_comment_author = $commentdata['comment_author']; $commentdata_comment_author_deslashed = stripslashes($commentdata_comment_author); $commentdata_comment_author_lc = rs_wpss_casetrans('lower', $commentdata_comment_author); $commentdata_comment_author_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_lc); $commentdata_comment_author_lc_words = rs_wpss_count_words($commentdata_comment_author_lc); $commentdata_comment_author_lc_space = ' ' . $commentdata_comment_author_lc . ' '; $commentdata_comment_author_lc_deslashed = stripslashes($commentdata_comment_author_lc); $commentdata_comment_author_lc_deslashed_regex = rs_wpss_preg_quote($commentdata_comment_author_lc_deslashed); $commentdata_comment_author_lc_deslashed_words = rs_wpss_count_words($commentdata_comment_author_lc_deslashed); $commentdata_comment_author_lc_deslashed_space = ' ' . $commentdata_comment_author_lc_deslashed . ' '; $commentdata_comment_author_email = $commentdata['comment_author_email']; $commentdata_comment_author_email_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_email); $commentdata_comment_author_email_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_email_lc); $commentdata_comment_author_url = $commentdata['comment_author_url']; $commentdata_comment_author_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_url); $commentdata_comment_author_url_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_url_lc); $commentdata_comment_author_url_domain_lc = rs_wpss_get_domain($commentdata_comment_author_url_lc); $commentdata_comment_content = $commentdata['comment_content']; $commentdata_comment_content_lc = rs_wpss_casetrans('lower', $commentdata_comment_content); $commentdata_comment_content_lc_deslashed = stripslashes($commentdata_comment_content_lc); $commentdata_comment_content_extracted_urls = rs_wpss_parse_links($commentdata_comment_content_lc_deslashed, 'url'); /* Parse comment content for all URLs */ $commentdata_comment_content_extracted_urls_at = rs_wpss_parse_links($commentdata_comment_content_lc_deslashed, 'url_at'); /* Parse comment content for Anchor Text Link URLs */ $commentdata_comment_content_num_links = count($commentdata_comment_content_extracted_urls); /* Count extracted URLS from body content - Added 1.8.4 */ $commentdata_comment_content_num_limit = 3; /* Max number of links in comment body content */ $replace_apostrophes = array('’', '`', '´', '`', ''', '`', 'e', '‘', '’', 'ž', '´', 'Ï', 'Ð', '‘', '’'); $commentdata_comment_content_lc_norm_apost = str_replace($replace_apostrophes, "'", $commentdata_comment_content_lc_deslashed); $commentdata_comment_type = $commentdata['comment_type']; /* if( $commentdata_comment_type !== 'pingback' && $commentdata_comment_type !== 'trackback' ) { $commentdata_comment_type = 'comment'; } */ $commentdata_user_agent = rs_wpss_get_user_agent(TRUE, FALSE); $commentdata_user_agent_lc = rs_wpss_casetrans('lower', $commentdata_user_agent); $user_http_accept = rs_wpss_get_http_accept(TRUE, TRUE); $user_http_accept_language = rs_wpss_get_http_accept(TRUE, TRUE, TRUE); $commentdata_remote_addr = rs_wpss_get_ip_addr(); $commentdata_remote_addr_regex = rs_wpss_preg_quote($commentdata_remote_addr); $commentdata_remote_addr_lc = rs_wpss_casetrans('lower', $commentdata_remote_addr); $commentdata_remote_addr_lc_regex = rs_wpss_preg_quote($commentdata_remote_addr_lc); $commentdata_referrer = rs_wpss_get_referrer(); $commentdata_referrer_lc = rs_wpss_casetrans('lower', $commentdata_referrer); $commentdata_php_self = $_SERVER['PHP_SELF']; $commentdata_php_self_lc = rs_wpss_casetrans('lower', $commentdata_php_self); $blog_server_ip = WPSS_SERVER_ADDR; $blog_server_name = WPSS_SERVER_NAME; /* IP / PROXY INFO - BEGIN */ global $wpss_ip_proxy_info; if (empty($wpss_ip_proxy_info)) { $wpss_ip_proxy_info = rs_wpss_ip_proxy_info(); } extract($wpss_ip_proxy_info); /* IP / PROXY INFO - END */ /*** * Post Type Filter - INVALTY * Removed V 1.1.7 - Found Exception ***/ /* Simple Filters */ /* BEING DEPRECATED... */ $blacklist_word_combo_total_limit = 10; /* you may increase to 30+ if blog's topic is adult in nature - DEPRECATED */ $blacklist_word_combo_total = 0; /* Body Content - Check for excessive number of links in message ( body_content ) - 1.8.4 */ if ($commentdata_comment_content_num_links > $commentdata_comment_content_num_limit) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 1-HT'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /*** * Authors Only - Non-Trackback * Removed Filters 300-423 and replaced with Regex ***/ /* Author Blacklist Check - Invalid Author Names - Stopping Human Spam */ if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback' && rs_wpss_anchortxt_blacklist_chk($commentdata_comment_author_lc_deslashed, '', 'author', $commentdata_comment_author_url_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10500A-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - BEGIN */ /* 10500-13000 - Complex Test for terms in Comment Author/URL - $commentdata_comment_author_lc_deslashed/$commentdata_comment_author_url_domain_lc */ /* Blacklisted Domains Check */ if (rs_wpss_domain_blacklist_chk($commentdata_comment_author_url_domain_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10500AU-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Check for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */ if (rs_wpss_at_link_spam_url_chk($commentdata_comment_author_url_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10510AU-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Testing for a unique identifying string from the comment content in the Author URL Domain */ preg_match("~\\s+([a-z0-9]{6,})\$~i", $commentdata_comment_content_lc_deslashed, $wpss_str_matches); if (!empty($wpss_str_matches[1])) { $wpss_spammer_id_string = $wpss_str_matches[1]; } else { $wpss_spammer_id_string = ''; } $commentdata_comment_author_url_domain_lc_elements = explode('.', $commentdata_comment_author_url_domain_lc); $commentdata_comment_author_url_domain_lc_elements_count = count($commentdata_comment_author_url_domain_lc_elements) - 1; if (!empty($wpss_spammer_id_string)) { $i = 0; /* The following line to prevent exploitation: */ $i_max = 20; while ($i < $commentdata_comment_author_url_domain_lc_elements_count && $i < $i_max) { if (!empty($commentdata_comment_author_url_domain_lc_elements[$i])) { if ($commentdata_comment_author_url_domain_lc_elements[$i] === $wpss_spammer_id_string) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10511AUA'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } ++$i; } } /*** * Potential Exploits * Includes protection for Trackbacks and Pingbacks ***/ /* Check Author URL for Exploits */ if (rs_wpss_exploit_url_chk($commentdata_comment_author_url_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 15000AU-XPL'; /* Added in 1.4 - Replacing 15001AU-XPL and 15002AU-XPL, and adds additional protection */ return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - END */ $blacklist_word_combo_limit = 7; $blacklist_word_combo = 0; $i = 0; /* Regular Expression Tests - 2nd Gen - Comment Content - BEGIN */ /* Miscellaneous Patterns that Keep Repeating */ if (preg_match("~^([0-9]{6})\\s([0-9]{6})(.*)\\s([0-9]{6})\$~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10401C'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Blacklisted Anchor Text Check - Links in Content - Stopping Human Spam */ if (rs_wpss_anchortxt_blacklist_chk($commentdata_comment_content_lc_deslashed, '', 'content') && $commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback') { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10500CAT-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Blacklisted Domains Check - Links in Content */ if (rs_wpss_link_blacklist_chk($commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10500CU-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Check Anchor Text Links for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */ if (rs_wpss_at_link_spam_url_chk($commentdata_comment_content_extracted_urls_at)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 10510CU-BL'; /* Replacing 10510CU-MSC */ return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Check all URL's in Comment Content for Exploits */ if (rs_wpss_exploit_url_chk($commentdata_comment_content_extracted_urls)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 15000CU-XPL'; /* Added in 1.4 */ return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* Regular Expression Tests - 2nd Gen - Comment Content - END */ /*** * Test Comment Author * Words in Comment Author Repeated in Content - With Keyword Density ***/ $repeated_terms_filters = array('.', '-', ':'); $repeated_terms_temp_phrase = str_replace($repeated_terms_filters, '', $commentdata_comment_author_lc_deslashed); $repeated_terms_test = explode(' ', $repeated_terms_temp_phrase); $repeated_terms_test_count = count($repeated_terms_test); $comment_content_total_words = rs_wpss_count_words($commentdata_comment_content_lc_deslashed); $i = 0; while ($i < $repeated_terms_test_count) { if (!empty($repeated_terms_test[$i])) { $repeated_terms_in_content_count = rs_wpss_substr_count($commentdata_comment_content_lc_deslashed, $repeated_terms_test[$i]); $repeated_terms_in_content_str_len = rs_wpss_strlen($repeated_terms_test[$i]); if ($repeated_terms_in_content_count > 1 && $comment_content_total_words < $repeated_terms_in_content_count) { $repeated_terms_in_content_count = 1; } $repeated_terms_in_content_density = $repeated_terms_in_content_count / $comment_content_total_words * 100; if ($repeated_terms_in_content_count >= 5 && $repeated_terms_in_content_str_len >= 4 && $repeated_terms_in_content_density > 40) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9000-' . $i; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } ++$i; } /* Comment Author and URL Tests */ if (!empty($commentdata_comment_author_url_lc) && !empty($commentdata_comment_author_lc_deslashed)) { /* Comment Author and Comment Author URL appearing in Content - REGEX VERSION */ if (preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*{$commentdata_comment_author_url_lc_regex}([a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]*)(['\"])?(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9100-1'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if ($commentdata_comment_author_url_lc === $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)\\s*(['\"])?\\s*(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9101'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if (preg_match("~^((ww[w0-9]|m)\\.)?{$commentdata_comment_author_lc_deslashed_regex}\$~i", $commentdata_comment_author_url_domain_lc) && !preg_match("~https?\\:/+~i", $commentdata_comment_author_lc_deslashed)) { /* Changed to include Trackbacks and Pingbacks in 1.1.4.4 */ if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9102'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if ($commentdata_comment_author_url_lc === $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)~i", $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9103'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /*** * Email Filters * New Test with Blacklists ***/ if (rs_wpss_email_blacklist_chk($commentdata_comment_author_email_lc)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' 9200E-BL'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* TEST REFERRERS 1 - TO THE COMMENT PROCESSOR */ if (strpos(WPSS_COMMENTS_POST_URL, $commentdata_php_self_lc) !== FALSE && $commentdata_referrer_lc === WPSS_COMMENTS_POST_URL) { /* Often spammers send the referrer as the URL for the wp-comments-post.php page. */ if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' REF-1-1011'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* TEST REFERRERS 2 - SPAMMERS SEARCHING FOR PAGES TO COMMENT ON */ if (!empty($post_ref2xjs)) { $ref2xJS = addslashes(urldecode($post_ref2xjs)); $ref2xJS = str_replace('%3A', ':', $ref2xJS); $ref2xJS = str_replace(' ', '+', $ref2xJS); $ref2xJS = esc_url_raw($ref2xJS); $ref2xJS_lc = rs_wpss_casetrans('lower', $ref2xJS); if (preg_match("~\\.google\\.co(m|\\.[a-z]{2})~i", $ref2xJS) && strpos($ref2xJS_lc, 'leave a comment') !== FALSE) { /* make test more robust for other versions of google & search query */ if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' REF-2-1021'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* add Keyword Script Here */ } /*** * TEST REFERRERS 3 - TO THE PAGE BEING COMMENTED ON * DISABLED IN V1.5.9 ***/ /* Spam Network - BEGIN */ /*** * PART OF BAD ROBOTS TEST - BEGIN * Test User-Agents ***/ if (empty($commentdata_user_agent_lc)) { /* There is no reason for a blank UA String, unless it's been altered or a bot. */ $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' UA1001'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } $commentdata_user_agent_lc_word_count = rs_wpss_count_words($commentdata_user_agent_lc); if (!empty($commentdata_user_agent_lc) && $commentdata_user_agent_lc_word_count < 3) { if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback' || strpos($commentdata_user_agent_lc, 'movabletype') === FALSE && $commentdata_comment_type === 'trackback') { /* Another test for altered UA's. */ $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' UA1003'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } if (rs_wpss_skiddie_ua_check($commentdata_user_agent_lc)) { /* There is no reason for a human to use one of these UA strings. Commonly used to attack/spam WP. */ $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' UA1004'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* PART OF BAD ROBOTS TEST - END */ if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback') { /*** * PART OF BAD ROBOTS TEST - BEGIN * Test HTTP_ACCEPT ***/ if (empty($user_http_accept)) { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HA1001'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* HA1002 removed in 1.9.0.3 */ if ($user_http_accept === '*') { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HA1003'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* More complex test for invalid 'HTTP_ACCEPT' */ $user_http_accept_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept); $user_http_accept_elements = explode(',', $user_http_accept_mod_1); $user_http_accept_elements_count = count($user_http_accept_elements); $i = 0; /* The following line to prevent exploitation: */ $i_max = 20; while ($i < $user_http_accept_elements_count && $i < $i_max) { if (!empty($user_http_accept_elements[$i])) { if ($user_http_accept_elements[$i] === '*') { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HA1004'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } ++$i; } /* Test HTTP_ACCEPT_LANGUAGE */ if (empty($user_http_accept_language)) { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HAL1001'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } if ($user_http_accept_language === '*') { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HAL1002'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } /* More complex test for invalid 'HTTP_ACCEPT_LANGUAGE' */ $user_http_accept_language_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept_language); $user_http_accept_language_elements = explode(',', $user_http_accept_language_mod_1); $user_http_accept_language_elements_count = count($user_http_accept_language_elements); $i = 0; /* The following line to prevent exploitation: */ $i_max = 20; while ($i < $user_http_accept_language_elements_count && $i < $i_max) { if (!empty($user_http_accept_language_elements[$i])) { if ($user_http_accept_language_elements[$i] === '*' && strpos($commentdata_user_agent_lc, 'links (') !== 0) { $content_filter_status = '3'; /* Was 1, changed to 3 - V1.8.4 */ $wpss_error_code .= ' HAL1004'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } ++$i; } /*** * HAL1005 - NOT IMPLEMENTED * PART OF BAD ROBOTS TEST - END ***/ /*** * Test PROXY STATUS if option * Google Chrome Compression Proxy Bypass ***/ if ($ip_proxy === 'PROXY DETECTED' && $ip_proxy_chrome_compression !== 'TRUE' && empty($spamshield_options['allow_proxy_users'])) { $content_filter_status = '10'; $wpss_error_code .= ' PROXY1001'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /*** * Test IPs - was here * IP1003 - Removed in 1.8 ***/ /* Reverse DNS Server Tests - BEGIN */ if ($commentdata_comment_type !== 'pingback' && $commentdata_comment_type !== 'trackback') { /* Test Reverse DNS Hosts - Do all with Reverse DNS not Remote Host */ $rev_dns_filter_data = rs_wpss_revdns_filter('comment', $content_filter_status, $ip, $reverse_dns_lc, $commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc); $revdns_blacklisted = $rev_dns_filter_data['blacklisted']; if (!empty($revdns_blacklisted)) { $content_filter_status = $rev_dns_filter_data['status']; $wpss_error_code .= $rev_dns_filter_data['error_code']; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /* Reverse DNS Server Tests - END */ /* Spam Network - END */ /* Test Pingbacks and Trackbacks - OLD LOCATION */ /* Miscellaneous Preg Match Tests - Changed to regex in V1.8.4 */ $wpss_misc_spam_phrases_to_check = array('5000' => "~\\[\\.+\\]\\s+\\[\\.+\\]~", '5001' => "~^<new\\s+comment>\$~i", '5003' => "~^([a-z0-9\\s\\.,!]{0,12})?((he.a?|h([ily]{1,2}))(\\s+there)?|howdy|hello|bonjour|good\\s+day)([\\.,!])?\\s+(([ily]{1,2})\\s+know\\s+)?th([ily]{1,2})s\\s+([ily]{1,2})s\\s+([a-z\\s]{3,12}|somewhat|k([ily]{1,2})nd\\s*of)?(of{1,2}\\s+)?of{1,2}\\s+top([ily]{1,2})c\\s+(but|however)\\s+([ily]{1,2})\\s+(was\\s+wonder([ily]{1,2})nn?g?|need\\s+some\\s+adv([ily]{1,2})ce)~i", '5004' => "~^th([ily]{1,2})s\\s+([ily]{1,2})s\\s+k([ily]{1,2})nd\\s+of\\s+off\\s+top([ily]{1,2})c\\s+but~i"); /* 5002 - Removed in V1.8.4 */ foreach ($wpss_misc_spam_phrases_to_check as $ec => $rgx_phrase) { if (preg_match($rgx_phrase, $commentdata_comment_content_lc_deslashed)) { if (empty($content_filter_status)) { $content_filter_status = '1'; } $wpss_error_code .= ' ' . $ec; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /* BOILERPLATE: Add common boilerplate/template spam phrases... Add Blacklist functions */ /* WP Blacklist Check - BEGIN */ /* Test WP Blacklist if option set */ if (!empty($spamshield_options['enhanced_comment_blacklist']) && empty($content_filter_status)) { if (rs_wpss_blacklist_check($commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc, $commentdata_comment_author_url_lc, $commentdata_comment_content_lc_deslashed, $ip, $commentdata_user_agent_lc, '')) { if (empty($content_filter_status)) { $content_filter_status = '100'; } $wpss_error_code .= ' WP-BLACKLIST'; return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status); } } /* WP Blacklist Check - END */ /* Timer End - Content Filter */ $wpss_end_time_content_filter = microtime(TRUE); $wpss_total_time_content_filter = rs_wpss_timer($commentdata['start_time_content_filter'], $wpss_end_time_content_filter, FALSE, 6, TRUE); $commentdata['total_time_content_filter'] = $wpss_total_time_content_filter; if (empty($wpss_error_code)) { $wpss_error_code = 'No Error'; } else { $wpss_error_code = trim($wpss_error_code); } /*** * $spamshield_error_data = array( $wpss_error_code, $blacklist_word_combo, $blacklist_word_combo_total ); */ $commentdata['wpss_error_code'] = trim($wpss_error_code); $commentdata['content_filter_status'] = $content_filter_status; return $commentdata; /* CONTENT FILTERING - END */ }
public static function early_post_intercept() { /** * SECURITY - Checks all incoming POST requests early for malicious behavior * Added 1.9.7.8 */ if ('POST' !== $_SERVER['REQUEST_METHOD'] || rs_wpss_is_local_request() || is_user_logged_in()) { return; } global $spamshield_options; if (empty($spamshield_options)) { $spamshield_options = get_option('spamshield_options'); } if (!empty($spamshield_options['disable_misc_form_shield'])) { return; } $url = rs_wpss_get_url(); $url_lc = rs_wpss_casetrans('lower', $url); $req_uri = $_SERVER['REQUEST_URI']; $req_uri_lc = rs_wpss_casetrans('lower', $req_uri); $epc_filter_status = $wpss_error_code = $log_pref = ''; $epc_jsck_error = $epc_badrobot_error = FALSE; $form_type = 'misc form'; $pref = 'EPC-'; $errors_3p = array(); $error_txt = rs_wpss_error_txt(); $server_name = WPSS_SERVER_NAME; $server_email_domain = rs_wpss_get_email_domain($server_name); $epc_serial_post = json_encode($_POST); $form_auth_dat = array('comment_author' => '', 'comment_author_email' => '', 'comment_author_url' => ''); $blocked = FALSE; $c = array('name' => '', 'value' => '1', 'expire' => time() + 60 * 60 * 24 * 365 * 1, 'path' => '/', 'domain' => rs_wpss_get_cookie_domain(), 'secure' => FALSE, 'httponly' => FALSE); if (rs_wpss_is_xmlrpc()) { if (empty($_POST) || !empty($_GET)) { $blocked = TRUE; } rs_wpss_start_session(); $c['name'] = 'P_XMLRPC'; } if (rs_wpss_is_doing_ajax()) { if (empty($_POST) && empty($_GET) || empty($_REQUEST['action'])) { $wpss_error_code .= ' ' . $pref . 'FAR1020'; $err_cod = 'fake_ajax_request_error'; $err_msg = __('That action is currently not allowed.'); $errors_3p[$err_cod] = $err_msg; } } if (rs_wpss_skiddie_ua_check()) { $wpss_error_code .= ' ' . $pref . 'UA1004'; $err_cod = 'badrobot_skiddie_error'; $err_msg = __('That action is currently not allowed.'); $errors_3p[$err_cod] = $err_msg; } if (rs_wpss_ubl_cache()) { if (TRUE === WPSS_IP_BAN_ENABLE && rs_wpss_is_xmlrpc()) { self::ip_ban(); } $wpss_error_code .= ' ' . $pref . '0-BL'; $err_cod = 'blacklisted_user_error'; $err_msg = __('That action is currently not allowed.'); $errors_3p[$err_cod] = $err_msg; } if (!empty($c['name'])) { /* Setting cookie to honeypot bad actors */ @setcookie($c['name'], $c['value'], $c['expire'], $c['path'], $c['domain'], $c['secure'], $c['httponly']); } if (!empty($wpss_error_code)) { rs_wpss_update_accept_status($form_auth_dat, 'r', 'Line: ' . __LINE__, $wpss_error_code); if (!empty($spamshield_options['comment_logging'])) { rs_wpss_log_data($form_auth_dat, $wpss_error_code, $form_type, $epc_serial_post); } } else { rs_wpss_update_accept_status($form_auth_dat, 'a', 'Line: ' . __LINE__); } /* Now output error message */ if (!empty($wpss_error_code)) { $error_msg = ''; foreach ($errors_3p as $c => $m) { $error_msg .= '<strong>' . $error_txt . ':</strong> ' . $m . '<br /><br />' . WPSS_EOL; } WP_SpamShield::wp_die($error_msg, TRUE); } }