public static function verifyCrawlerPTR($hostPattern, $IP)
{
global $wpdb;
$table = $wpdb->base_prefix . 'wfCrawlers';
$db = new wfDB();
$IPn = wfUtils::inet_aton($IP);
$status = $db->querySingle("select status from {$table} where IP=%s and patternSig=UNHEX(MD5('%s')) and lastUpdate > unix_timestamp() - %d", $IPn, $hostPattern, WORDFENCE_CRAWLER_VERIFY_CACHE_TIME);
if ($status) {
if ($status == 'verified') {
return true;
} else {
return false;
}
}
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
$host = wfUtils::reverseLookup($IP);
if (!$host) {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'noPTR', '', 'noPTR', '');
return false;
}
if (preg_match($hostPattern, $host)) {
$resultIPs = gethostbynamel($host);
$addrsMatch = false;
foreach ($resultIPs as $resultIP) {
if ($resultIP == $IP) {
$addrsMatch = true;
break;
}
}
if ($addrsMatch) {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'verified', $host, 'verified', $host);
return true;
} else {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'fwdFail', $host, 'fwdFail', $host);
return false;
}
} else {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'badPTR', $host, 'badPTR', $host);
return false;
}
}
public static function wfsnIsBlocked($IP, $type)
{
try {
$result = wp_remote_get(WORDFENCE_HACKATTEMPT_URL . 'hackAttempt/?k=' . rawurlencode(wfConfig::get('apiKey')) . '&IP=' . rawurlencode(filter_var($IP, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? wfUtils::inet_aton($IP) : wfUtils::inet_pton($IP)) . '&t=' . rawurlencode($type), array('timeout' => 3, 'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]')));
if (is_wp_error($result)) {
return false;
}
if (preg_match('/BLOCKED:(\\d+)/', $result['body'], $matches) && !self::getLog()->isWhitelisted($IP)) {
return $matches[1];
}
return false;
} catch (Exception $err) {
return false;
}
}
public static function reverseLookup($IP)
{
$db = new wfDB();
global $wpdb;
$reverseTable = $wpdb->base_prefix . 'wfReverseCache';
$IPn = wfUtils::inet_aton($IP);
$host = $db->querySingle("select host from " . $reverseTable . " where IP=%s and unix_timestamp() - lastUpdate < %d", $IPn, WORDFENCE_REVERSE_LOOKUP_CACHE_TIME);
if (!$host) {
$ptr = implode(".", array_reverse(explode(".", $IP))) . ".in-addr.arpa";
$host = @dns_get_record($ptr, DNS_PTR);
if ($host == null) {
$host = 'NONE';
} else {
$host = $host[0]['target'];
}
$db->queryWrite("insert into " . $reverseTable . " (IP, host, lastUpdate) values (%s, '%s', unix_timestamp()) ON DUPLICATE KEY UPDATE host='%s', lastUpdate=unix_timestamp()", $IPn, $host, $host);
}
if ($host == 'NONE') {
return '';
} else {
return $host;
}
}
public static function wfsnIsBlocked($IP, $type)
{
$wfdb = new wfDB();
global $wpdb;
$p = $wpdb->base_prefix;
$cachedRecord = $wfdb->querySingleRec("SELECT id, body FROM {$p}wfSNIPCache WHERE IP = '%s' AND expiration > NOW()", $IP);
if (isset($cachedRecord)) {
$wfdb->queryWriteIgnoreError("UPDATE {$p}wfSNIPCache SET count = count + 1 WHERE id = %d", $cachedRecord['id']);
if (preg_match('/BLOCKED:(\\d+)/', $cachedRecord['body'], $matches) && !self::getLog()->isWhitelisted($IP)) {
return $matches[1];
}
return false;
}
try {
$result = wp_remote_get(WORDFENCE_HACKATTEMPT_URL . 'hackAttempt/?k=' . rawurlencode(wfConfig::get('apiKey')) . '&IP=' . rawurlencode(filter_var($IP, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? wfUtils::inet_aton($IP) : wfUtils::inet_pton($IP)) . '&t=' . rawurlencode($type), array('timeout' => 3, 'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]')));
if (is_wp_error($result)) {
return false;
}
$wfdb->queryWriteIgnoreError("INSERT INTO {$p}wfSNIPCache (IP, expiration, body) VALUES ('%s', DATE_ADD(NOW(), INTERVAL %d SECOND), '%s')", $IP, 30, $result['body']);
self::wfsnScheduleBatchReportFailedAttempts();
if (preg_match('/BLOCKED:(\\d+)/', $result['body'], $matches) && !self::getLog()->isWhitelisted($IP)) {
return $matches[1];
}
return false;
} catch (Exception $err) {
return false;
}
}
public static function ajax_blockIPUARange_callback()
{
$ipRange = trim($_POST['ipRange']);
$uaRange = trim($_POST['uaRange']);
$reason = trim($_POST['reason']);
if (preg_match('/\\|+/', $ipRange . $uaRange)) {
return array('err' => 1, 'errorMsg' => "You are not allowed to include a pipe character \"|\" in your IP range or browser pattern");
}
if (!$ipRange && wfUtils::isUABlocked($uaRange)) {
return array('err' => 1, 'errorMsg' => "The browser pattern you specified will block you from your own website. We have not accepted this pattern to protect you from being blocked.");
}
if ($ipRange && !preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\-\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $ipRange)) {
return array('err' => 1, 'errorMsg' => "The IP range you specified is not valid. Please specify an IP range like the following example: \"1.2.3.4 - 1.2.3.8\" without quotes.");
}
if ($ipRange) {
$ips = explode('-', $ipRange);
$ip1 = wfUtils::inet_aton($ips[0]);
$ip2 = wfUtils::inet_aton($ips[1]);
if ($ip1 >= $ip2) {
return array('err' => 1, 'errorMsg' => "The first IP address in your range must be less than the second IP address in your range.");
}
$clientIP = wfUtils::inet_aton(wfUtils::getIP());
if ($ip1 <= $clientIP && $ip2 >= $clientIP) {
return array('err' => 1, 'errorMsg' => "You are trying to block yourself. Your IP address is " . htmlentities(wfUtils::getIP()) . " which falls into the range " . htmlentities($ipRange) . ". This blocking action has been cancelled so that you don't block yourself from your website.");
}
$ipRange = $ip1 . '-' . $ip2;
}
$range = $ipRange . '|' . $uaRange;
self::getLog()->blockRange('IU', $range, $reason);
return array('ok' => 1);
}
private function takeBlockingAction($configVar, $reason)
{
if ($this->googleSafetyCheckOK()) {
$action = wfConfig::get($configVar . '_action');
if (!$action) {
//error_log("Wordfence action missing for configVar: $configVar");
return;
}
$secsToGo = 0;
if ($action == 'block') {
$IP = wfUtils::getIP();
$this->blockIP($IP, $reason);
$secsToGo = wfConfig::get('blockedTime');
//Moved the following code AFTER the block to prevent multiple emails.
if (wfConfig::get('alertOn_block')) {
wordfence::alert("Blocking IP {$IP}", "Wordfence has blocked IP address {$IP}.\nThe reason is: \"{$reason}\".", $IP);
}
wordfence::status(2, 'info', "Blocking IP {$IP}. {$reason}");
} else {
if ($action == 'throttle') {
$IP = wfUtils::getIP();
$this->getDB()->queryWrite("insert into " . $this->throttleTable . " (IP, startTime, endTime, timesThrottled, lastReason) values (%s, unix_timestamp(), unix_timestamp(), 1, '%s') ON DUPLICATE KEY UPDATE endTime=unix_timestamp(), timesThrottled = timesThrottled + 1, lastReason='%s'", wfUtils::inet_aton($IP), $reason, $reason);
wordfence::status(2, 'info', "Throttling IP {$IP}. {$reason}");
$secsToGo = 60;
}
}
$this->do503($secsToGo, $reason);
} else {
return;
}
}
