* Enqueue actions to build the admin menu. * * Calls all the needed actions to build the admin menu. * * @since 1.0.1 * @return void */ public function cb_admin_menu() { // add_menu_page( $page_title, $menu_title, $capability, $menu_slug, $function, $icon_url, $position ); add_menu_page(__('Firewall Request Monitor', 'querywall'), __('QueryWall', 'querywall'), 'manage_options', 'querywall', '', 'dashicons-shield'); } /** * Add rating link to plugin page. * * @since 1.0.7 * @return array */ public function cb_plugin_meta($links, $file) { if (strpos($file, 'querywall.php') !== false) { // style="padding:0 2px;color:#fff;vertical-align:middle;border-radius:2px;background:#00b9eb;" $links[] = '<a target="_blank" href="https://wordpress.org/support/view/plugin-reviews/querywall?rate=5#postform" title="Rate and review QueryWall on WordPress.org">Rate on WordPress.org</a>'; $links[] = '<a target="_blank" href="https://github.com/4ley/querywall" title="Contribute to QueryWall on GitHub">Contribute on GitHub</a>'; $links[] = '<a target="_blank" href="https://www.facebook.com/querywall" title="Visit QueryWall on Facebook">Visit on Facebook</a>'; } return $links; } } QWall_DIC::set('admin', new QWall_Admin()); }
_e('Blocked requests are shown in the list below.', 'querywall'); ?> </p> </div> <?php $fw_monitor->display(); ?> </div> <?php } /** * Purge blocked request logs. * * @since 1.0.5 * @return int|boolen */ public function purge_logs($older_than_hours = 0) { global $wpdb; if ($older_than_hours == 0) { return $wpdb->query("DELETE FROM `" . $wpdb->base_prefix . "qwall_monitor`;"); } else { if (in_array($older_than_hours, array(24, 72, 120, 168, 336, 672))) { return $wpdb->query("DELETE FROM `" . $wpdb->base_prefix . "qwall_monitor` WHERE `date_time_gmt` < '" . current_time('mysql', 1) . "' - INTERVAL " . esc_sql((int) $older_than_hours) . " HOUR;"); } } return false; } } QWall_DIC::set('monitor', new QWall_Monitor()); }
$namespace = 'qwall_' . $namespace; if (!isset($this->settings[$namespace])) { $this->settings[$namespace] = get_option($namespace, $this->default_settings[$namespace]); } if (null === $name) { return $this->settings[$namespace]; } else { if (isset($this->settings[$namespace][$name])) { return $this->settings[$namespace][$name]; } else { if (isset($this->default_settings[$namespace][$name])) { return $this->default_settings[$namespace][$name]; } else { return $default; } } } } /** * Delete option settings. * * @since 1.0.7 * @return array */ public function delete($namespace) { delete_option('qwall_' . $namespace); } } QWall_DIC::set('settings', new QWall_Settings()); }
} exit; } /** * Log request * * @param string $filter_group Filter group * @param string $filter_match Filter match * @param string $filter_input Filter input * * @since 1.0.1 * @return void */ private static function log($filter_group, $filter_match, $filter_input) { global $wpdb; if (isset($_SERVER['HTTP_USER_AGENT'])) { $user_agent = $_SERVER['HTTP_USER_AGENT']; } else { $user_agent = ''; } if (QWall_DIC::get('settings')->get('settings', 'anonymize_ip')) { $ipv4 = long2ip(ip2long($_SERVER['REMOTE_ADDR']) & 4294967040.0); } else { $ipv4 = $_SERVER['REMOTE_ADDR']; } $wpdb->insert($wpdb->base_prefix . 'qwall_monitor', array('date_time' => current_time('mysql'), 'date_time_gmt' => current_time('mysql', 1), 'ipv4' => sprintf('%u', ip2long($ipv4)), 'agent' => $user_agent, 'filter_group' => $filter_group, 'filter_match' => $filter_match, 'filter_input' => $filter_input)); } } QWall_DIC::set('firewall', new QWall_Firewall()); }
* * @since 1.1.0 * @return string|array */ public function get_attack_vectors($vector = null) { if (!isset($this->attack_vectors)) { $this->attack_vectors = array('request_uri' => array('name' => 'REQUEST_URI', 'default_pattern' => array('eval\\(', 'UNION(.*)SELECT', 'GROUP_CONCAT', 'CONCAT\\s*\\(', '\\(null\\)', 'base64_', '\\/localhost', '\\%2Flocalhost', '\\/pingserver', '\\/config\\.', '\\/wwwroot', '\\/makefile', 'crossdomain\\.', 'proc\\/self\\/environ', 'etc\\/passwd', '\\/https\\:', '\\/http\\:', '\\/ftp\\:', '\\/cgi\\/', '\\.cgi', '\\.exe', '\\.sql', '\\.ini', '\\.dll', '\\.asp', '\\.jsp', '\\/\\.bash', '\\/\\.git', '\\/\\.svn', '\\/\\.tar', ' ', '\\<', '\\>', '\\/\\=', '\\.\\.\\.', '\\+\\+\\+', '\\/&&', '\\/Nt\\.', '\\;Nt\\.', '\\=Nt\\.', '\\,Nt\\.', '\\.exec\\(', '\\)\\.html\\(', '\\{x\\.html\\(', '\\(function\\(', '\\.php\\([0-9]+\\)', '(benchmark|sleep)(\\s|%20)*\\(')), 'query_string' => array('name' => 'QUERY_STRING', 'default_pattern' => array('\\.\\.\\/', '127\\.0\\.0\\.1', 'localhost', 'loopback', '\\%0A', '\\%0D', '\\%00', '\\%2e\\%2e', 'input_file', 'execute', 'mosconfig', 'path\\=\\.', 'mod\\=\\.', 'wp-config\\.php')), 'files' => array('name' => 'FILES', 'default_pattern' => array('\\.dll$', '\\.rb$', '\\.py$', '\\.exe$', '\\.php[3-6]?$', '\\.pl$', '\\.perl$', '\\.ph[34]$', '\\.phl$', '\\.phtml$', '\\.phtm$')), 'http_user_agent' => array('name' => 'HTTP_USER_AGENT', 'default_pattern' => array('acapbot', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu')), 'http_referer' => array('name' => 'HTTP_REFERER', 'default_pattern' => array()), 'http_cookie' => array('name' => 'HTTP_COOKIE', 'default_pattern' => array()), 'remote_addr' => array('name' => 'REMOTE_ADDR', 'default_pattern' => array())); foreach ($this->attack_vectors as $idx => $v) { $option = get_option('qwall_avc_' . $idx); $custom_pattern = array(); if ($option && !empty($option)) { $option = base64_decode($option); if ($option && !empty($option)) { $custom_pattern = explode('##', $option); } } $this->attack_vectors[$idx]['custom_pattern'] = $custom_pattern; } } if (null !== $vector) { if (!isset($this->attack_vectors[$vector])) { return null; } return $this->attack_vectors[$vector]; } return $this->attack_vectors; } } QWall_DIC::set('firewall_rules', new QWall_Firewall_Rules()); }