/** * {@inheritdoc} */ public function checkVisitor(Visitor $visitor) { if ($this->blacklist->match($visitor->getIP())) { return CheckInterface::RESULT_BLOCK; } $uastring = $visitor->getUserAgent()->getUserAgentString(); if ($this->untrustedUserAgents->match($uastring)) { return CheckInterface::RESULT_BLOCK; } return CheckInterface::RESULT_OKAY; }
/** * {@inheritdoc} */ public function insert(Visitor $visitor, ResultInterface $result) { $explanation = $result->getExplanation(); $message = $explanation['logtext']; $context = $visitor->toArray(); if ($result instanceof PositiveResult) { $this->logPositiveResult($message, $context); } elseif ($result instanceof NegativeResult) { $this->logNegativeResult($message, $context); } }
/** * {@inheritdoc} */ public function checkVisitor(Visitor $visitor) { foreach ($this->getBadPatterns() as $reason => $items) { foreach ($items as $item) { if ($this->match($visitor->getRequestURI(), $item['pattern'], $item['ignore_case'])) { return $reason ?: CheckInterface::RESULT_BLOCK; } } } return CheckInterface::RESULT_OKAY; }
/** * {@inheritdoc} */ public function checkVisitor(Visitor $visitor) { $ip = $visitor->getIP(); $revip = Utils::isIPv6($ip) ? $this->getIPv6Arpa($ip) : $this->getIPv4Arpa($ip); foreach ($this->lists as $list) { if (checkdnsrr("{$revip}.{$list}.", 'A')) { return CheckInterface::RESULT_BLOCK; } } return CheckInterface::RESULT_OKAY; }
/** * {@inheritdoc} */ public function checkVisitor(Visitor $visitor) { $params = http_build_query(['ip' => $visitor->getIP()]); $response = @simplexml_load_file(self::CHECK_URL . '?' . $params); if ($response === false) { return CheckInterface::RESULT_OKAY; } foreach ($response->appears as $appears) { if ($appears == 'yes') { return CheckInterface::RESULT_BLOCK; } } return CheckInterface::RESULT_OKAY; }
/** * Checks if the visitor is whitelisted. * * @param \FlameCore\Gatekeeper\Visitor $visitor The visitor * @return bool */ protected function isWhitelisted(Visitor $visitor) { if ($this->whitelist->match($visitor->getIP())) { return true; } $uastring = $visitor->getUserAgent()->getUserAgentString(); if ($this->trustedUserAgents->match($uastring)) { return true; } return false; }
/** * Analyzes user agents claiming to be Baidu Spider. * * @param \FlameCore\Gatekeeper\Visitor $visitor The visitor information * @return int * @throws \FlameCore\Gatekeeper\Exceptions\StopScreeningException */ protected function checkBaiduBot(Visitor $visitor) { if (Utils::isIPv6($visitor->getIP())) { return CheckInterface::RESULT_OKAY; } if (Utils::matchCIDR($visitor->getIP(), ['119.63.192.0/21', '123.125.71.0/24', '180.76.0.0/16', '220.181.0.0/16'])) { throw new StopScreeningException(); } return CheckInterface::RESULT_UNSURE; }
/** * {@inheritdoc} */ public function checkVisitor(Visitor $visitor) { $ip = $visitor->getIP(); // Can't use IPv6 addresses yet if (Utils::isIPv6($ip)) { return CheckInterface::RESULT_OKAY; } $revip = $this->getIPv4Arpa($ip); $result = gethostbynamel("{$this->apiKey}.{$revip}.dnsbl.httpbl.org."); if (!empty($result)) { $resip = explode('.', $result[0]); if ($resip[0] == 127 && $resip[3] & 7 && $resip[2] >= $this->threatLevel && $resip[1] <= $this->maxAge) { return CheckInterface::RESULT_BLOCK; } } return CheckInterface::RESULT_OKAY; }
/** * Analyzes the request headers. * * @param \FlameCore\Gatekeeper\Visitor $visitor * @return bool|string */ protected function checkHeaders(Visitor $visitor) { $headers = $visitor->getRequestHeaders(); $uastring = $visitor->getUserAgent()->getUserAgentString(); if ($visitor->getRequestMethod() != 'POST' && empty($uastring)) { return 'f9f2b8b9'; } // 'Range:' field exists and begins with 0. Real user-agents do not start ranges at 0. (Also blocks whois.sc bot. No big loss.) // Exceptions: MT (not fixable); LJ (refuses to fix; may be blocked again in the future); Facebook if ($this->settings['strict'] && $headers->has('Range') && strpos($headers->get('Range'), '=0-') !== false) { if (strncmp($uastring, 'MovableType', 11) && strncmp($uastring, 'URI::Fetch', 10) && strncmp($uastring, 'php-openid/', 11) && strncmp($uastring, 'facebookexternalhit', 19)) { return '7ad04a8a'; } } // Content-Range is a response header, not a request header if ($headers->has('Content-Range')) { return '7d12528e'; } // pinappleproxy is used by referrer spammers if ($headers->has('Via')) { if (stripos($headers->get('Via'), 'pinappleproxy') !== false || stripos($headers->get('Via'), 'PCNETSERVER') !== false || stripos($headers->get('Via'), 'Invisiware') !== false) { return '939a6fbb'; } } // 'TE:' if present must have 'Connection: TE' (RFC 2616 14.39) // Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft to obtain a hotfix. if ($this->settings['strict'] && $headers->has('Te')) { if (!preg_match('/\\bTE\\b/', $headers->get('Connection'))) { return '582ec5e4'; } } // Analyze the Connection header if it exists if ($headers->has('Connection') && ($result = $this->checkConnectionHeader($headers->get('Connection')))) { return $result; } // Headers which are not seen from normal user agents; only malicious bots if ($headers->has('X-Aaaaaaaaaaaa') || $headers->has('X-Aaaaaaaaaa')) { return 'b9cc1d86'; } // 'Proxy-Connection' does not exist and should never be seen in the wild. // - http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html // - http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html if ($this->settings['strict'] && $headers->has('Proxy-Connection')) { return 'b7830251'; } // Analyze the Referer header if it exists if ($headers->has('Referer') && ($result = $this->checkRefererHeader($headers->get('Referer')))) { return $result; } return false; }
/** * Analyzes trackbacks. * * @param \FlameCore\Gatekeeper\Visitor $visitor * @return bool|string */ protected function checkTrackback(Visitor $visitor) { $headers = $visitor->getRequestHeaders(); // Web browsers don't send trackbacks if ($visitor->isBrowser()) { return 'f0dcb3fd'; } // Proxy servers don't send trackbacks either if ($headers->has('Via') || $headers->has('Max-Forwards') || $headers->has('X-Forwarded-For') || $headers->has('Client-Ip')) { return 'd60b87c7'; } // Real WordPress trackbacks may contain 'Accept:' and have a charset defined if (strpos($visitor->getUserAgent()->getUserAgentString(), 'WordPress/') !== false) { if (strpos($headers->get('Accept'), 'charset=') === false) { return 'e3990b47'; } } return false; }