/** * Admin magic starts here. * * @since 1.0.5 * @return void */ public static function admin_init() { $dirname = dirname(self::$settings['plugin_file']); require_once $dirname . '/core/class-qwall-util.php'; require_once $dirname . '/core/class-qwall-setup.php'; require_once $dirname . '/core/class-qwall-notice.php'; require_once $dirname . '/core/class-qwall-admin.php'; require_once $dirname . '/core/class-qwall-monitor.php'; register_activation_hook(self::$settings['plugin_file'], array('QWall_Setup', 'on_activate')); register_deactivation_hook(self::$settings['plugin_file'], array('QWall_Setup', 'on_deactivate')); register_uninstall_hook(self::$settings['plugin_file'], array('QWall_Setup', 'on_uninstall')); add_action('activated_plugin', array('QWall_Setup', 'on_activated_plugin')); if (isset($_POST['qwall_purge_logs_now'])) { require_once ABSPATH . 'wp-includes/pluggable.php'; if (wp_verify_nonce($_POST['qwall_purge_logs_nonce'], 'qwall_purge_logs') && current_user_can('manage_options')) { $affected_rows = QWall_DIC::get('monitor')->purge_logs((int) $_POST['qwall_purge_logs_older_than']); if (false === $affected_rows) { new QWall_Notice(__('Oh noes! An error occurred while attempting to purge the logs. You may open a support ticket here <a href="https://wordpress.org/support/plugin/querywall">QueryWall Support Forum</a> or here <a href="https://github.com/4ley/querywall/issues">Github QueryWall Issues</a>.', 'querywall'), array('notice-error', 'is-dismissible')); } else { new QWall_Notice(sprintf(_n('Success! %s entry purged.', 'Success! %s entries purged.', $affected_rows, 'querywall'), $affected_rows), array('notice-success', 'is-dismissible')); } } } if (isset($_POST['qwall_purge_logs_daily']) || isset($_POST['qwall_purge_logs_unschedule'])) { require_once ABSPATH . 'wp-includes/pluggable.php'; if (wp_verify_nonce($_POST['qwall_purge_logs_nonce'], 'qwall_purge_logs') && current_user_can('manage_options')) { QWall_Util::unschedule_event('qwall_purge_logs'); if (isset($_POST['qwall_purge_logs_daily'])) { wp_schedule_event(current_time('timestamp'), 'daily', 'qwall_purge_logs', (int) $_POST['qwall_purge_logs_older_than']); $message = __('Success! You have scheduled to purge logs periodically.', 'querywall'); } else { $message = __('Success! You have unscheduled periodical cleaning.', 'querywall'); } new QWall_Notice($message, array('notice-success', 'is-dismissible')); } } if (isset($_POST['qwall_avc_rules'])) { require_once ABSPATH . 'wp-includes/pluggable.php'; if (wp_verify_nonce($_POST['qwall_av_rules_nonce'], 'qwall_av_rules') && current_user_can('manage_options')) { $attack_vector = QWall_DIC::get('firewall_rules')->get_attack_vectors($_POST['qwall_attack_vector']); if ($attack_vector) { $attack_vector_custom_rules = base64_encode(preg_replace('/[\\r\\n]+/', '##', $_POST['qwall_avc_rules'])); if (update_option('qwall_avc_' . $_POST['qwall_attack_vector'], $attack_vector_custom_rules)) { new QWall_Notice(__('Success! You have updated the firewall rules.', 'querywall'), array('notice-success', 'is-dismissible')); } /* else { new QWall_Notice( __( 'Oh noes! An error occurred while attempting to save the rules. You may open a support ticket here <a href="https://wordpress.org/support/plugin/querywall">QueryWall Support Forum</a> or here <a href="https://github.com/4ley/querywall/issues">Github QueryWall Issues</a>.', 'querywall' ), array( 'notice-error', 'is-dismissible' ) ); }*/ } else { new QWall_Notice(__('Oh noes! An error occurred while attempting to save the rules. The attack vector seems to be missing in the list of available vectors. You may open a support ticket here <a href="https://wordpress.org/support/plugin/querywall">QueryWall Support Forum</a> or here <a href="https://github.com/4ley/querywall/issues">Github QueryWall Issues</a>.', 'querywall'), array('notice-error', 'is-dismissible')); } } } }
/** * Remove plugin options * * @since 1.0.7 * @return void */ private static function remove_options() { QWall_DIC::get('settings')->delete('settings'); }
* Enqueue actions to build the admin menu. * * Calls all the needed actions to build the admin menu. * * @since 1.0.1 * @return void */ public function cb_admin_menu() { // add_menu_page( $page_title, $menu_title, $capability, $menu_slug, $function, $icon_url, $position ); add_menu_page(__('Firewall Request Monitor', 'querywall'), __('QueryWall', 'querywall'), 'manage_options', 'querywall', '', 'dashicons-shield'); } /** * Add rating link to plugin page. * * @since 1.0.7 * @return array */ public function cb_plugin_meta($links, $file) { if (strpos($file, 'querywall.php') !== false) { // style="padding:0 2px;color:#fff;vertical-align:middle;border-radius:2px;background:#00b9eb;" $links[] = '<a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/querywall?rate=5#postform" title="Rate and review QueryWall on WordPress.org">Rate on WordPress.org</a>'; $links[] = '<a target="_blank" href="https://github.com/4ley/querywall" title="Contribute to QueryWall on GitHub">Contribute on GitHub</a>'; $links[] = '<a target="_blank" href="https://www.facebook.com/querywall" title="Visit QueryWall on Facebook">Visit on Facebook</a>'; } return $links; } } QWall_DIC::set('admin', new QWall_Admin()); }
_e('Blocked requests are shown in the list below.', 'querywall'); ?> </p> </div> <?php $fw_monitor->display(); ?> </div> <?php } /** * Purge blocked request logs. * * @since 1.0.5 * @return int|boolen */ public function purge_logs($older_than_hours = 0) { global $wpdb; if ($older_than_hours == 0) { return $wpdb->query("DELETE FROM `" . $wpdb->base_prefix . "qwall_monitor`;"); } else { if (in_array($older_than_hours, array(24, 72, 120, 168, 336, 672))) { return $wpdb->query("DELETE FROM `" . $wpdb->base_prefix . "qwall_monitor` WHERE `date_time_gmt` < '" . current_time('mysql', 1) . "' - INTERVAL " . esc_sql((int) $older_than_hours) . " HOUR;"); } } return false; } } QWall_DIC::set('monitor', new QWall_Monitor()); }
/** * Log request * * @param string $filter_group Filter group * @param string $filter_match Filter match * @param string $filter_input Filter input * * @since 1.0.1 * @return void */ private static function log($filter_group, $filter_match, $filter_input) { global $wpdb; if (isset($_SERVER['HTTP_USER_AGENT'])) { $user_agent = $_SERVER['HTTP_USER_AGENT']; } else { $user_agent = ''; } if (QWall_DIC::get('settings')->get('settings', 'anonymize_ip')) { $ipv4 = long2ip(ip2long($_SERVER['REMOTE_ADDR']) & 4294967040.0); } else { $ipv4 = $_SERVER['REMOTE_ADDR']; } $wpdb->insert($wpdb->base_prefix . 'qwall_monitor', array('date_time' => current_time('mysql'), 'date_time_gmt' => current_time('mysql', 1), 'ipv4' => sprintf('%u', ip2long($ipv4)), 'agent' => $user_agent, 'filter_group' => $filter_group, 'filter_match' => $filter_match, 'filter_input' => $filter_input)); }
$namespace = 'qwall_' . $namespace; if (!isset($this->settings[$namespace])) { $this->settings[$namespace] = get_option($namespace, $this->default_settings[$namespace]); } if (null === $name) { return $this->settings[$namespace]; } else { if (isset($this->settings[$namespace][$name])) { return $this->settings[$namespace][$name]; } else { if (isset($this->default_settings[$namespace][$name])) { return $this->default_settings[$namespace][$name]; } else { return $default; } } } } /** * Delete option settings. * * @since 1.0.7 * @return array */ public function delete($namespace) { delete_option('qwall_' . $namespace); } } QWall_DIC::set('settings', new QWall_Settings()); }
* * @since 1.1.0 * @return string|array */ public function get_attack_vectors($vector = null) { if (!isset($this->attack_vectors)) { $this->attack_vectors = array('request_uri' => array('name' => 'REQUEST_URI', 'default_pattern' => array('eval\\(', 'UNION(.*)SELECT', 'GROUP_CONCAT', 'CONCAT\\s*\\(', '\\(null\\)', 'base64_', '\\/localhost', '\\%2Flocalhost', '\\/pingserver', '\\/config\\.', '\\/wwwroot', '\\/makefile', 'crossdomain\\.', 'proc\\/self\\/environ', 'etc\\/passwd', '\\/https\\:', '\\/http\\:', '\\/ftp\\:', '\\/cgi\\/', '\\.cgi', '\\.exe', '\\.sql', '\\.ini', '\\.dll', '\\.asp', '\\.jsp', '\\/\\.bash', '\\/\\.git', '\\/\\.svn', '\\/\\.tar', ' ', '\\<', '\\>', '\\/\\=', '\\.\\.\\.', '\\+\\+\\+', '\\/&&', '\\/Nt\\.', '\\;Nt\\.', '\\=Nt\\.', '\\,Nt\\.', '\\.exec\\(', '\\)\\.html\\(', '\\{x\\.html\\(', '\\(function\\(', '\\.php\\([0-9]+\\)', '(benchmark|sleep)(\\s|%20)*\\(')), 'query_string' => array('name' => 'QUERY_STRING', 'default_pattern' => array('\\.\\.\\/', '127\\.0\\.0\\.1', 'localhost', 'loopback', '\\%0A', '\\%0D', '\\%00', '\\%2e\\%2e', 'input_file', 'execute', 'mosconfig', 'path\\=\\.', 'mod\\=\\.', 'wp-config\\.php')), 'files' => array('name' => 'FILES', 'default_pattern' => array('\\.dll$', '\\.rb$', '\\.py$', '\\.exe$', '\\.php[3-6]?$', '\\.pl$', '\\.perl$', '\\.ph[34]$', '\\.phl$', '\\.phtml$', '\\.phtm$')), 'http_user_agent' => array('name' => 'HTTP_USER_AGENT', 'default_pattern' => array('acapbot', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu')), 'http_referer' => array('name' => 'HTTP_REFERER', 'default_pattern' => array()), 'http_cookie' => array('name' => 'HTTP_COOKIE', 'default_pattern' => array()), 'remote_addr' => array('name' => 'REMOTE_ADDR', 'default_pattern' => array())); foreach ($this->attack_vectors as $idx => $v) { $option = get_option('qwall_avc_' . $idx); $custom_pattern = array(); if ($option && !empty($option)) { $option = base64_decode($option); if ($option && !empty($option)) { $custom_pattern = explode('##', $option); } } $this->attack_vectors[$idx]['custom_pattern'] = $custom_pattern; } } if (null !== $vector) { if (!isset($this->attack_vectors[$vector])) { return null; } return $this->attack_vectors[$vector]; } return $this->attack_vectors; } } QWall_DIC::set('firewall_rules', new QWall_Firewall_Rules()); }