public static function verifyCrawlerPTR($hostPattern, $IP) { global $wpdb; $table = $wpdb->base_prefix . 'wfCrawlers'; $db = new wfDB(); $IPn = wfUtils::inet_aton($IP); $status = $db->querySingle("select status from {$table} where IP=%s and patternSig=UNHEX(MD5('%s')) and lastUpdate > unix_timestamp() - %d", $IPn, $hostPattern, WORDFENCE_CRAWLER_VERIFY_CACHE_TIME); if ($status) { if ($status == 'verified') { return true; } else { return false; } } $wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion()); $host = wfUtils::reverseLookup($IP); if (!$host) { $db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'noPTR', '', 'noPTR', ''); return false; } if (preg_match($hostPattern, $host)) { $resultIPs = gethostbynamel($host); $addrsMatch = false; foreach ($resultIPs as $resultIP) { if ($resultIP == $IP) { $addrsMatch = true; break; } } if ($addrsMatch) { $db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'verified', $host, 'verified', $host); return true; } else { $db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'fwdFail', $host, 'fwdFail', $host); return false; } } else { $db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'badPTR', $host, 'badPTR', $host); return false; } }
public static function wfsnIsBlocked($IP, $type) { try { $result = wp_remote_get(WORDFENCE_HACKATTEMPT_URL . 'hackAttempt/?k=' . rawurlencode(wfConfig::get('apiKey')) . '&IP=' . rawurlencode(filter_var($IP, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? wfUtils::inet_aton($IP) : wfUtils::inet_pton($IP)) . '&t=' . rawurlencode($type), array('timeout' => 3, 'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]'))); if (is_wp_error($result)) { return false; } if (preg_match('/BLOCKED:(\\d+)/', $result['body'], $matches) && !self::getLog()->isWhitelisted($IP)) { return $matches[1]; } return false; } catch (Exception $err) { return false; } }
public static function reverseLookup($IP) { $db = new wfDB(); global $wpdb; $reverseTable = $wpdb->base_prefix . 'wfReverseCache'; $IPn = wfUtils::inet_aton($IP); $host = $db->querySingle("select host from " . $reverseTable . " where IP=%s and unix_timestamp() - lastUpdate < %d", $IPn, WORDFENCE_REVERSE_LOOKUP_CACHE_TIME); if (!$host) { $ptr = implode(".", array_reverse(explode(".", $IP))) . ".in-addr.arpa"; $host = @dns_get_record($ptr, DNS_PTR); if ($host == null) { $host = 'NONE'; } else { $host = $host[0]['target']; } $db->queryWrite("insert into " . $reverseTable . " (IP, host, lastUpdate) values (%s, '%s', unix_timestamp()) ON DUPLICATE KEY UPDATE host='%s', lastUpdate=unix_timestamp()", $IPn, $host, $host); } if ($host == 'NONE') { return ''; } else { return $host; } }
public static function wfsnIsBlocked($IP, $type) { $wfdb = new wfDB(); global $wpdb; $p = $wpdb->base_prefix; $cachedRecord = $wfdb->querySingleRec("SELECT id, body FROM {$p}wfSNIPCache WHERE IP = '%s' AND expiration > NOW()", $IP); if (isset($cachedRecord)) { $wfdb->queryWriteIgnoreError("UPDATE {$p}wfSNIPCache SET count = count + 1 WHERE id = %d", $cachedRecord['id']); if (preg_match('/BLOCKED:(\\d+)/', $cachedRecord['body'], $matches) && !self::getLog()->isWhitelisted($IP)) { return $matches[1]; } return false; } try { $result = wp_remote_get(WORDFENCE_HACKATTEMPT_URL . 'hackAttempt/?k=' . rawurlencode(wfConfig::get('apiKey')) . '&IP=' . rawurlencode(filter_var($IP, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? wfUtils::inet_aton($IP) : wfUtils::inet_pton($IP)) . '&t=' . rawurlencode($type), array('timeout' => 3, 'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]'))); if (is_wp_error($result)) { return false; } $wfdb->queryWriteIgnoreError("INSERT INTO {$p}wfSNIPCache (IP, expiration, body) VALUES ('%s', DATE_ADD(NOW(), INTERVAL %d SECOND), '%s')", $IP, 30, $result['body']); self::wfsnScheduleBatchReportFailedAttempts(); if (preg_match('/BLOCKED:(\\d+)/', $result['body'], $matches) && !self::getLog()->isWhitelisted($IP)) { return $matches[1]; } return false; } catch (Exception $err) { return false; } }
public static function ajax_blockIPUARange_callback() { $ipRange = trim($_POST['ipRange']); $uaRange = trim($_POST['uaRange']); $reason = trim($_POST['reason']); if (preg_match('/\\|+/', $ipRange . $uaRange)) { return array('err' => 1, 'errorMsg' => "You are not allowed to include a pipe character \"|\" in your IP range or browser pattern"); } if (!$ipRange && wfUtils::isUABlocked($uaRange)) { return array('err' => 1, 'errorMsg' => "The browser pattern you specified will block you from your own website. We have not accepted this pattern to protect you from being blocked."); } if ($ipRange && !preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\-\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $ipRange)) { return array('err' => 1, 'errorMsg' => "The IP range you specified is not valid. Please specify an IP range like the following example: \"1.2.3.4 - 1.2.3.8\" without quotes."); } if ($ipRange) { $ips = explode('-', $ipRange); $ip1 = wfUtils::inet_aton($ips[0]); $ip2 = wfUtils::inet_aton($ips[1]); if ($ip1 >= $ip2) { return array('err' => 1, 'errorMsg' => "The first IP address in your range must be less than the second IP address in your range."); } $clientIP = wfUtils::inet_aton(wfUtils::getIP()); if ($ip1 <= $clientIP && $ip2 >= $clientIP) { return array('err' => 1, 'errorMsg' => "You are trying to block yourself. Your IP address is " . htmlentities(wfUtils::getIP()) . " which falls into the range " . htmlentities($ipRange) . ". This blocking action has been cancelled so that you don't block yourself from your website."); } $ipRange = $ip1 . '-' . $ip2; } $range = $ipRange . '|' . $uaRange; self::getLog()->blockRange('IU', $range, $reason); return array('ok' => 1); }
private function takeBlockingAction($configVar, $reason) { if ($this->googleSafetyCheckOK()) { $action = wfConfig::get($configVar . '_action'); if (!$action) { //error_log("Wordfence action missing for configVar: $configVar"); return; } $secsToGo = 0; if ($action == 'block') { $IP = wfUtils::getIP(); $this->blockIP($IP, $reason); $secsToGo = wfConfig::get('blockedTime'); //Moved the following code AFTER the block to prevent multiple emails. if (wfConfig::get('alertOn_block')) { wordfence::alert("Blocking IP {$IP}", "Wordfence has blocked IP address {$IP}.\nThe reason is: \"{$reason}\".", $IP); } wordfence::status(2, 'info', "Blocking IP {$IP}. {$reason}"); } else { if ($action == 'throttle') { $IP = wfUtils::getIP(); $this->getDB()->queryWrite("insert into " . $this->throttleTable . " (IP, startTime, endTime, timesThrottled, lastReason) values (%s, unix_timestamp(), unix_timestamp(), 1, '%s') ON DUPLICATE KEY UPDATE endTime=unix_timestamp(), timesThrottled = timesThrottled + 1, lastReason='%s'", wfUtils::inet_aton($IP), $reason, $reason); wordfence::status(2, 'info', "Throttling IP {$IP}. {$reason}"); $secsToGo = 60; } } $this->do503($secsToGo, $reason); } else { return; } }