function rs_wpss_misc_form_spam_check() { /*** * Checks all miscellaneous form POST submissions for spam * Added 1.8.9.9 ***/ if (rs_wpss_is_user_admin() || rs_wpss_is_admin_sproc()) { return; } global $spamshield_options; if (empty($spamshield_options)) { $spamshield_options = get_option('spamshield_options'); } rs_wpss_update_session_data($spamshield_options); if (!empty($spamshield_options['disable_misc_form_shield'])) { return; } $url = rs_wpss_get_url(); $url_lc = rs_wpss_casetrans('lower', $url); $req_uri = $_SERVER['REQUEST_URI']; $req_uri_lc = rs_wpss_casetrans('lower', $req_uri); /* BYPASS - GENERAL */ if (empty($_POST) || 'POST' !== $_SERVER['REQUEST_METHOD'] || isset($_POST[WPSS_REF2XJS]) || isset($_POST[WPSS_JSONST]) || isset($_POST['wpss_contact_message']) || isset($_POST['signup_username']) || isset($_POST['signup_email']) || isset($_POST['ws_plugin__s2member_registration']) || isset($_POST['_wpcf7_version']) || isset($_POST['gform_submit']) || isset($_POST['gform_unique_id'])) { return; } if (is_admin() && !rs_wpss_is_login_page()) { return; } if (rs_wpss_is_login_page() && (!isset($_GET['action']) || $_GET['action'] !== 'register')) { return; } if (rs_wpss_is_doing_ajax() || rs_wpss_is_doing_cron() || rs_wpss_is_xmlrpc() || defined('WP_INSTALLING')) { return; } if (rs_wpss_is_ajax_request() || rs_wpss_is_comment_request() || is_trackback()) { return; } if (current_user_can('moderate_comments')) { return; } if (is_user_logged_in()) { return; } /* May remove later */ $post_count = count($_POST); if ($post_count == 4 && isset($_POST['excerpt'], $_POST['url'], $_POST['title'], $_POST['blog_name'])) { return; } $ip = rs_wpss_get_ip_addr(); if ($ip === WPSS_SERVER_ADDR) { return; } /* Skip website IP address */ if (strpos($ip, '.') !== FALSE) { $ip_arr = explode('.', $ip); unset($ip_arr[3]); $ip_c = implode('.', $ip_arr) . '.'; if (strpos(WPSS_SERVER_ADDR, $ip_c) === 0) { return; } /* Skip anything on same C-Block as website */ } $ecom_urls = array('/checkout/', '/store/', '/shop/', '/cart/'); foreach ($ecom_urls as $k => $u) { if (strpos($req_uri, $u) !== FALSE) { return; } } $admin_url = WPSS_ADMIN_URL . '/'; if ($post_count >= 5 && isset($_POST['log'], $_POST['pwd'], $_POST['wp-submit'], $_POST['testcookie'], $_POST['redirect_to']) && $_POST['redirect_to'] === $admin_url) { return; } if ($post_count >= 5 && isset($_POST['log'], $_POST['pwd'], $_POST['login'], $_POST['testcookie'], $_POST['redirect_to'])) { return; } if ($post_count >= 5 && isset($_POST['username'], $_POST['password'], $_POST['login'], $_POST['_wpnonce'], $_POST['_wp_http_referer']) && rs_wpss_is_wc_login_page()) { return; } if (WPSS_Compatibility::misc_form_bypass()) { return; } /* BYPASS - HOOK */ $mfsc_bypass = apply_filters('wpss_misc_form_spam_check_bypass', FALSE); if (!empty($mfsc_bypass)) { return; } $msc_filter_status = $wpss_error_code = $log_pref = ''; $msc_jsck_error = $msc_badrobot_error = FALSE; $form_type = 'misc form'; $pref = 'MSC-'; $errors_3p = array(); $error_txt = rs_wpss_error_txt(); $server_name = WPSS_SERVER_NAME; $server_email_domain = rs_wpss_get_email_domain($server_name); $msc_serial_post = serialize($_POST); $form_auth_dat = array('comment_author' => '', 'comment_author_email' => '', 'comment_author_url' => ''); /* Check for Specific Contact Form Plugins */ if (defined('JETPACK__VERSION') && isset($_POST['action']) && $_POST['action'] === 'grunion-contact-form') { $form_type = 'jetpack form'; $pref = 'JP-'; } elseif (defined('NF_PLUGIN_VERSION') && isset($_POST['_ninja_forms_display_submit'])) { $form_type = 'ninja forms'; $pref = 'NF-'; } elseif ((defined('MC4WP_VERSION') || defined('MC4WP_LITE_VERSION')) && (isset($_POST['_mc4wp_form_id']) || isset($_POST['_mc4wp_form_submit']))) { $form_type = 'mailchimp form'; $pref = 'MCF-'; } /* JS/JQUERY CHECK */ $wpss_key_values = rs_wpss_get_key_values(); $wpss_jq_key = $wpss_key_values['wpss_jq_key']; $wpss_jq_val = $wpss_key_values['wpss_jq_val']; if (TRUE === WPSS_COMPAT_MODE || defined('WPSS_SOFT_COMPAT_MODE')) { /* Fall back to FVFJS Keys instead of jQuery keys from jscripts.php */ $wpss_jq_key = $wpss_key_values['wpss_js_key']; $wpss_jq_val = $wpss_key_values['wpss_js_val']; } $wpss_jsck_jquery_val = !empty($_POST[$wpss_jq_key]) ? $_POST[$wpss_jq_key] : ''; if ($wpss_jsck_jquery_val !== $wpss_jq_val) { $wpss_error_code .= ' ' . $pref . 'JQHFT-5'; $msc_jsck_error = TRUE; $err_cod = 'jsck_error'; $err_msg = __('Sorry, there was an error. Please be sure JavaScript and Cookies are enabled in your browser and try again.', WPSS_PLUGIN_NAME); $errors_3p[$err_cod] = $err_msg; } if (!isset($_POST['wp-submit'])) { /* Don't use on default WordPress Login, Registration, or Forgot Email pages /* EMAIL BLACKLIST */ if ($form_type === 'mailchimp form') { foreach ($_POST as $k => $v) { if (!is_string($v)) { continue; } $k_lc = rs_wpss_casetrans('lower', $k); $v_lc = rs_wpss_casetrans('lower', trim(stripslashes($v))); if (strpos($k_lc, 'email') !== FALSE) { if (!is_email($v_lc)) { $wpss_error_code .= ' ' . $pref . '9200E-BL'; if ($msc_jsck_error !== TRUE) { $err_cod = 'blacklist_email_error'; $err_msg = __('Sorry, that email address is not allowed!') . ' ' . __('Please enter a valid email address.'); $errors_3p[$err_cod] = $err_msg; } break; } elseif (is_email($v_lc)) { $email_domain = rs_wpss_parse_email($v_lc, 'domain'); if ($email_domain === $server_email_domain) { continue; } if (rs_wpss_email_blacklist_chk($v_lc)) { $wpss_error_code .= ' ' . $pref . '9200E-BL'; if ($msc_jsck_error !== TRUE) { $err_cod = 'blacklist_email_error'; $err_msg = __('Sorry, that email address is not allowed!') . ' ' . __('Please enter a valid email address.'); $errors_3p[$err_cod] = $err_msg; } break; } } } } } else { foreach ($_POST as $k => $v) { if (!is_string($v)) { continue; } $k_lc = rs_wpss_casetrans('lower', $k); $v_lc = rs_wpss_casetrans('lower', trim(stripslashes($v))); if (strpos($k_lc, 'email') !== FALSE && is_email($v_lc)) { $email_domain = rs_wpss_parse_email($v_lc, 'domain'); if ($email_domain === $server_email_domain) { continue; } if (rs_wpss_email_blacklist_chk($v_lc)) { $wpss_error_code .= ' ' . $pref . '9200E-BL'; if ($msc_jsck_error !== TRUE) { $err_cod = 'blacklist_email_error'; $err_msg = __('Sorry, that email address is not allowed!') . ' ' . __('Please enter a valid email address.'); $errors_3p[$err_cod] = $err_msg; } break; } } } } if ($form_type === 'jetpack form' || $form_type === 'ninja forms') { /* CONTACT FORM CONTENT BLACKLIST */ foreach ($_POST as $k => $v) { if (!is_string($v)) { continue; } $k_lc = rs_wpss_casetrans('lower', $k); $v_lc = rs_wpss_casetrans('lower', trim(stripslashes($v))); if ((strpos($k_lc, 'message') !== FALSE || strpos($k_lc, 'comment') !== FALSE) && rs_wpss_cf_content_blacklist_chk($v_lc)) { $wpss_error_code .= ' ' . $pref . '10400C-BL'; if ($msc_jsck_error !== TRUE) { $err_cod = 'blacklist_content_error'; $err_msg = __('Message appears to be spam.', WPSS_PLUGIN_NAME); $errors_3p[$err_cod] = $err_msg; } break; } } } /* BAD ROBOT BLACKLIST */ $bad_robot_filter_data = rs_wpss_bad_robot_blacklist_chk($form_type, $msc_filter_status); $msc_filter_status = $bad_robot_filter_data['status']; $bad_robot_blacklisted = $bad_robot_filter_data['blacklisted']; if (!empty($bad_robot_blacklisted)) { $wpss_error_code .= $bad_robot_filter_data['error_code']; $msc_badrobot_error = TRUE; if ($msc_jsck_error !== TRUE) { $err_cod = 'badrobot_error'; $err_msg = __('That action is currently not allowed.'); $errors_3p[$err_cod] = $err_msg; } } /* BLACKLISTED USER */ if (empty($wpss_error_code) && rs_wpss_ubl_cache()) { $wpss_error_code .= ' ' . $pref . '0-BL'; $err_cod = 'blacklisted_user_error'; $err_msg = __('That action is currently not allowed.'); /* TO DO: TRANSLATE */ $errors_3p[$err_cod] = $err_msg; } } /* Done with Tests */ $wpss_error_code = trim($wpss_error_code); if (strpos($wpss_error_code, '0-BL') !== FALSE) { rs_wpss_append_log_data('Blacklisted user detected. Miscellaneous forms have been temporarily disabled to prevent spam. ERROR CODE: ' . $wpss_error_code, FALSE); } if (!empty($wpss_error_code)) { rs_wpss_update_accept_status($form_auth_dat, 'r', 'Line: ' . __LINE__, $wpss_error_code); /* If enabled, run security check to make sure this POST submission wasn't a security threat: vulnerability probe or hack attempt */ if (TRUE === WPSS_IP_BAN_ENABLE) { $wpss_security = new WPSS_Security(); if ($wpss_security->check_post_sec()) { global $wpss_sec_threat; $wpss_sec_threat = TRUE; } } if (!empty($spamshield_options['comment_logging'])) { rs_wpss_log_data($form_auth_dat, $wpss_error_code, $form_type, $msc_serial_post); } if (TRUE === WPSS_IP_BAN_ENABLE) { if (!empty($wpss_sec_threat)) { $wpss_security->ip_ban(); } } } else { rs_wpss_update_accept_status($form_auth_dat, 'a', 'Line: ' . __LINE__); if (!empty($spamshield_options['comment_logging']) && !empty($spamshield_options['comment_logging_all'])) { rs_wpss_log_data($form_auth_dat, $wpss_error_code, $form_type, $msc_serial_post); } } /* Now output error message */ if (!empty($wpss_error_code)) { $error_msg = ''; foreach ($errors_3p as $c => $m) { $error_msg .= '<strong>' . $error_txt . ':</strong> ' . $m . '<br /><br />' . WPSS_EOL; } $args = array('response' => '403'); wp_die($error_msg, '', $args); } }
public static function early_post_intercept() { /** * SECURITY - Checks all incoming POST requests early for malicious behavior * Added 1.9.7.8 */ if ('POST' !== $_SERVER['REQUEST_METHOD'] || rs_wpss_is_local_request() || is_user_logged_in()) { return; } global $spamshield_options; if (empty($spamshield_options)) { $spamshield_options = get_option('spamshield_options'); } if (!empty($spamshield_options['disable_misc_form_shield'])) { return; } $url = rs_wpss_get_url(); $url_lc = rs_wpss_casetrans('lower', $url); $req_uri = $_SERVER['REQUEST_URI']; $req_uri_lc = rs_wpss_casetrans('lower', $req_uri); $epc_filter_status = $wpss_error_code = $log_pref = ''; $epc_jsck_error = $epc_badrobot_error = FALSE; $form_type = 'misc form'; $pref = 'EPC-'; $errors_3p = array(); $error_txt = rs_wpss_error_txt(); $server_name = WPSS_SERVER_NAME; $server_email_domain = rs_wpss_get_email_domain($server_name); $epc_serial_post = json_encode($_POST); $form_auth_dat = array('comment_author' => '', 'comment_author_email' => '', 'comment_author_url' => ''); $blocked = FALSE; $c = array('name' => '', 'value' => '1', 'expire' => time() + 60 * 60 * 24 * 365 * 1, 'path' => '/', 'domain' => rs_wpss_get_cookie_domain(), 'secure' => FALSE, 'httponly' => FALSE); if (rs_wpss_is_xmlrpc()) { if (empty($_POST) || !empty($_GET)) { $blocked = TRUE; } rs_wpss_start_session(); $c['name'] = 'P_XMLRPC'; } if (rs_wpss_is_doing_ajax()) { if (empty($_POST) && empty($_GET) || empty($_REQUEST['action'])) { $wpss_error_code .= ' ' . $pref . 'FAR1020'; $err_cod = 'fake_ajax_request_error'; $err_msg = __('That action is currently not allowed.'); $errors_3p[$err_cod] = $err_msg; } } if (rs_wpss_skiddie_ua_check()) { $wpss_error_code .= ' ' . $pref . 'UA1004'; $err_cod = 'badrobot_skiddie_error'; $err_msg = __('That action is currently not allowed.'); $errors_3p[$err_cod] = $err_msg; } if (rs_wpss_ubl_cache()) { if (TRUE === WPSS_IP_BAN_ENABLE && rs_wpss_is_xmlrpc()) { self::ip_ban(); } $wpss_error_code .= ' ' . $pref . '0-BL'; $err_cod = 'blacklisted_user_error'; $err_msg = __('That action is currently not allowed.'); $errors_3p[$err_cod] = $err_msg; } if (!empty($c['name'])) { /* Setting cookie to honeypot bad actors */ @setcookie($c['name'], $c['value'], $c['expire'], $c['path'], $c['domain'], $c['secure'], $c['httponly']); } if (!empty($wpss_error_code)) { rs_wpss_update_accept_status($form_auth_dat, 'r', 'Line: ' . __LINE__, $wpss_error_code); if (!empty($spamshield_options['comment_logging'])) { rs_wpss_log_data($form_auth_dat, $wpss_error_code, $form_type, $epc_serial_post); } } else { rs_wpss_update_accept_status($form_auth_dat, 'a', 'Line: ' . __LINE__); } /* Now output error message */ if (!empty($wpss_error_code)) { $error_msg = ''; foreach ($errors_3p as $c => $m) { $error_msg .= '<strong>' . $error_txt . ':</strong> ' . $m . '<br /><br />' . WPSS_EOL; } WP_SpamShield::wp_die($error_msg, TRUE); } }