/** * Sends a "check_key" API call once a day. This call allows us to track IP-related * headers for this server via the Protect API, in order to better identify the source * IP for login attempts */ public function maybe_update_headers($force = false) { $updated_recently = $this->get_transient('jpp_headers_updated_recently'); if (!$force) { if (isset($_GET['protect_update_headers'])) { $force = true; } } // check that current user is admin so we prevent a lower level user from adding // a trusted header, allowing them to brute force an admin account if ($updated_recently && !$force || !current_user_can('update_plugins')) { return; } $response = Jetpack_Protect_Module::protect_call('check_key'); $this->set_transient('jpp_headers_updated_recently', 1, DAY_IN_SECONDS); if (isset($response['msg']) && $response['msg']) { update_site_option('trusted_ip_header', json_decode($response['msg'])); } }
/** * Sends a "check_key" API call once a day. This call allows us to track IP-related * headers for this server via the Protect API, in order to better identify the source * IP for login attempts */ public function maybe_update_headers() { $updated_recently = $this->get_transient('jpp_headers_updated_recently'); // check that current user is admin so we prevent a lower level user from adding // a trusted header, allowing them to brute force an admin account if (!$updated_recently && current_user_can('update_plugins')) { Jetpack_Protect_Module::protect_call('check_key'); $this->set_transient('jpp_headers_updated_recently', 1, DAY_IN_SECONDS); $headers = $this->get_headers(); $trusted_header = 'REMOTE_ADDR'; if (count($headers) == 1) { $trusted_header = key($headers); } elseif (count($headers) > 1) { foreach ($headers as $header => $ip) { $ips = explode(', ', $ip); $ip_list_has_nonprivate_ip = false; foreach ($ips as $ip) { $ip = jetpack_clean_ip($ip); // If the IP is in a private or reserved range, return REMOTE_ADDR to help prevent spoofing if ($ip == '127.0.0.1' || $ip == '::1' || jetpack_protect_ip_is_private($ip)) { continue; } else { $ip_list_has_nonprivate_ip = true; break; } } if (!$ip_list_has_nonprivate_ip) { continue; } // IP is not local, we'll trust this header $trusted_header = $header; break; } } update_site_option('trusted_ip_header', $trusted_header); } }
/** * On module activation, try to get an api key */ public function on_activation() { update_site_option('jetpack_protect_activating', 'activating'); // Get BruteProtect's counter number Jetpack_Protect_Module::protect_call('check_key'); }