public static function ajax_whitelistWAFParamKey_callback()
{
if (class_exists('wfWAF') && ($waf = wfWAF::getInstance())) {
if (isset($_POST['path']) && isset($_POST['paramKey']) && isset($_POST['failedRules'])) {
$data = array('timestamp' => time(), 'description' => 'Whitelisted via Live Traffic', 'ip' => wfUtils::getIP());
if (function_exists('get_current_user_id')) {
$data['userID'] = get_current_user_id();
}
$waf->whitelistRuleForParam(base64_decode($_POST['path']), base64_decode($_POST['paramKey']), $_POST['failedRules'], $data);
return array('success' => true);
}
}
return false;
}
function block_ip()
{
$IP = trim($_POST['IP']);
$perm = $_POST['perm'] == '1' ? true : false;
if (!preg_match('/^\\d+\\.\\d+\\.\\d+\\.\\d+$/', $IP)) {
return array('err' => 1, 'errorMsg' => 'Please enter a valid IP address to block.');
}
if (wfUtils::getIP() === $IP) {
return array('err' => 1, 'errorMsg' => "You can't block your own IP address.");
}
if (self::getLog()->isWhitelisted($IP)) {
return array('err' => 1, 'errorMsg' => 'The IP address ' . htmlentities($IP) . " is whitelisted and can't be blocked or it is in a range of internal IP addresses that Wordfence does not block. You can remove this IP from the whitelist on the Wordfence options page.");
}
if (wfConfig::get('neverBlockBG') !== 'treatAsOtherCrawlers') {
//Either neverBlockVerified or neverBlockUA is selected which means the user doesn't want to block google
if (wfCrawl::verifyCrawlerPTR('/googlebot\\.com$/i', $IP)) {
return array('err' => 1, 'errorMsg' => "The IP address you're trying to block belongs to Google. Your options are currently set to not block these crawlers. Change this in Wordfence options if you want to manually block Google.");
}
}
self::getLog()->blockIP($IP, $_POST['reason'], false, $perm);
return array('ok' => 1);
}
function rs_wpss_get_ip_addr()
{
global $wpss_ip_addr, $_WPSS_ENV;
if (!empty($wpss_ip_addr)) {
return $wpss_ip_addr;
}
if (class_exists('wfUtils') && rs_wpss_is_plugin_active('wordfence/wordfence.php')) {
$wpss_ip_addr = wfUtils::getIP();
return $wpss_ip_addr;
}
$wpss_ip_addr = !empty($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : $_WPSS_ENV['REMOTE_ADDR'];
return !empty($wpss_ip_addr) ? $wpss_ip_addr : '';
}
private function googleSafetyCheckOK()
{
//returns true if OK to block. Returns false if we must not block.
$cacheKey = md5((isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '') . ' ' . wfUtils::getIP());
//Cache so we can call this multiple times in one request
if (!isset(self::$gbSafeCache[$cacheKey])) {
$nb = wfConfig::get('neverBlockBG');
if ($nb == 'treatAsOtherCrawlers') {
self::$gbSafeCache[$cacheKey] = true;
//OK to block because we're treating google like everyone else
} else {
if ($nb == 'neverBlockUA' || $nb == 'neverBlockVerified') {
if (wfCrawl::isGoogleCrawler()) {
//Check the UA using regex
if ($nb == 'neverBlockVerified') {
if (wfCrawl::verifyCrawlerPTR($this->googlePattern, wfUtils::getIP())) {
//UA check passed, now verify using PTR if configured to
self::$gbSafeCache[$cacheKey] = false;
//This is a verified Google crawler, so no we can't block it
} else {
self::$gbSafeCache[$cacheKey] = true;
//This is a crawler claiming to be Google but it did not verify
}
} else {
//neverBlockUA
self::$gbSafeCache[$cacheKey] = false;
//User configured us to only do a UA check and this claims to be google so don't block
}
} else {
self::$gbSafeCache[$cacheKey] = true;
//This isn't a Google UA, so it's OK to block
}
} else {
//error_log("Wordfence error: neverBlockBG option is not set.");
self::$gbSafeCache[$cacheKey] = false;
//Oops the config option is not set. This should never happen because it's set on install. So we return false to indicate it's not OK to block just for safety.
}
}
}
if (!isset(self::$gbSafeCache[$cacheKey])) {
//error_log("Wordfence assertion fail in googleSafetyCheckOK: cached value is not set.");
return false;
//for safety
}
return self::$gbSafeCache[$cacheKey];
//return cached value
}
public static function preCommentApprovedFilter($approved, $cData)
{
if ($approved == 1 && !is_user_logged_in() && wfConfig::get('other_noAnonMemberComments')) {
$user = get_user_by('email', trim($cData['comment_author_email']));
if ($user) {
wfConfig::inc('totalSpamStopped');
return 0;
//hold for moderation if the user is not signed in but used a members email
}
}
if (($approved == 1 || $approved == 0) && wfConfig::get('other_scanComments')) {
$wf = new wfScanEngine();
try {
if ($wf->isBadComment($cData['comment_author'], $cData['comment_author_email'], $cData['comment_author_url'], $cData['comment_author_IP'], $cData['comment_content'])) {
wfConfig::inc('totalSpamStopped');
return 'spam';
}
} catch (Exception $e) {
//This will most likely be an API exception because we can't contact the API, so we ignore it and let the normal comment mechanisms run.
}
}
if (wfConfig::get('isPaid') && ($approved == 1 || $approved == 0) && wfConfig::get('advancedCommentScanning')) {
self::$commentSpamItems = array();
preg_replace_callback('/(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})/', 'wordfence::pushCommentSpamIP', $cData['comment_content']);
$IPs = self::$commentSpamItems;
self::$commentSpamItems = array();
preg_replace_callback('/https?:\\/\\/([a-zA-Z0-9\\-]+\\.[a-zA-Z0-9\\-\\.]+[a-zA-Z0-9])/i', 'wordfence::pushCommentSpamHost', $cData['comment_content']);
$hosts = self::$commentSpamItems;
self::$commentSpamItems = array();
try {
$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
$res = $api->call('advanced_comment_scan', array(), array('author' => $cData['comment_author'], 'email' => $cData['comment_author_email'], 'URL' => $cData['comment_author_url'], 'commentIP' => $cData['comment_author_IP'], 'wfIP' => wfUtils::getIP(), 'hosts' => sizeof($hosts) > 0 ? implode(',', $hosts) : '', 'IPs' => sizeof($IPs) > 0 ? implode(',', $IPs) : ''));
if (is_array($res) && isset($res['spam']) && $res['spam'] == 1) {
wfConfig::inc('totalSpamStopped');
return 'spam';
}
} catch (Exception $e) {
//API server is probably down
}
}
wfConfig::inc('totalCommentsFiltered');
return $approved;
}
}
}
?>
</tr>
</table>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tr>
<td><input type="button" name="but4" class="button-primary" value="Save blocking options and country list" onclick="WFAD.saveCountryBlocking();" /></td>
<td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg"> Your changes have been saved!</span></td></tr>
</table>
<span style="font-size: 10px;">Note that we use an IP to country database that is 99.5% accurate to identify which country a visitor is from.</span>
</div>
</div>
<script type="text/javascript">
jQuery(function(){ WFAD.setOwnCountry('<?php
echo wfUtils::IP2Country(wfUtils::getIP());
?>
'); });
<?php
if (wfConfig::get('cbl_countries')) {
?>
jQuery(function(){ WFAD.loadBlockedCountries('<?php
echo wfConfig::get('cbl_countries');
?>
'); });
<?php
}
?>
</script>
<script type="text/x-jquery-template" id="wfWelcomeContentCntBlk">
<div>
/**
* @param string|null $ip
* @return bool
*/
public static function verifyGooglebotViaNOC1($ip = null)
{
global $wpdb;
$table = $wpdb->base_prefix . 'wfCrawlers';
if ($ip === null) {
$ip = wfUtils::getIP();
}
$db = new wfDB();
$IPn = wfUtils::inet_pton($ip);
$patternSig = 'googlenoc1';
$status = $db->querySingle("select status from {$table}\n\t\t\t\twhere IP=%s\n\t\t\t\tand patternSig=UNHEX(MD5('%s'))\n\t\t\t\tand lastUpdate > unix_timestamp() - %d", $IPn, $patternSig, WORDFENCE_CRAWLER_VERIFY_CACHE_TIME);
if ($status === 'verified') {
return true;
} else {
if ($status === 'fakeBot') {
return false;
}
}
$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
try {
$data = $api->call('verify_googlebot', array('ip' => $ip));
if (is_array($data) && !empty($data['verified'])) {
// Cache results
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate)\nvalues (%s, UNHEX(MD5('%s')), '%s', unix_timestamp())\nON DUPLICATE KEY UPDATE status='%3\$s', lastUpdate=unix_timestamp()", $IPn, $patternSig, 'verified');
return true;
} else {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate)\nvalues (%s, UNHEX(MD5('%s')), '%s', unix_timestamp())\nON DUPLICATE KEY UPDATE status='%3\$s', lastUpdate=unix_timestamp()", $IPn, $patternSig, 'fakeBot');
}
} catch (Exception $e) {
// Do nothing, bail
}
return false;
}
echo "</tr><tr>\n";
}
}
?>
</tr>
</table>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tr>
<td><input type="button" name="but4" class="button-primary" value="Save blocking options and country list" onclick="WFAD.saveCountryBlocking();" /></td>
<td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg"> Your changes have been saved!</span></td></tr>
</table>
<span style="font-size: 10px;">Note that we use an IP to country database that is 99.5% accurate to identify which country a visitor is from.</span>
</div>
</div>
<script type="text/javascript">
jQuery(function(){ WFAD.setOwnCountry('<?php echo wfUtils::IP2Country(wfUtils::getIP()); ?>'); });
<?php
if(wfConfig::get('cbl_countries')){
?>
jQuery(function(){ WFAD.loadBlockedCountries('<?php echo wfConfig::get('cbl_countries'); ?>'); });
<?php
}
?>
</script>
<script type="text/x-jquery-template" id="wfWelcomeContentCntBlk">
<div>
<h3>Premium Feature: Block or redirect countries</h3>
<strong><p>Being targeted by hackers in a specific country?</p></strong>
<p>
The premium version of Wordfence offers country blocking.
This uses a commercial geolocation database to block hackers, spammers
/**
* Has correct user agent and PTR record points to .googlebot.com domain.
*
* @return bool
*/
public static function isVerifiedGoogleCrawler()
{
return self::isGoogleCrawler() && self::verifyCrawlerPTR(wordfence::getLog()->getGooglePattern(), wfUtils::getIP());
}
