public function getHits($hitType, $type, $afterTime, $limit = 50, $IP = false)
{
$serverTime = $this->getDB()->querySingle("select unix_timestamp()");
$IPSQL = "";
if ($IP) {
$IPSQL = " and IP=INET_ATON(%s) ";
$sqlArgs = array($afterTime, $IP, $limit);
} else {
$sqlArgs = array($afterTime, $limit);
}
if ($hitType == 'hits') {
if ($type == 'hit') {
$typeSQL = " ";
} else {
if ($type == 'crawler') {
$now = time();
$typeSQL = " and jsRun = 0 and {$now} - ctime > 30 ";
} else {
if ($type == 'gCrawler') {
$typeSQL = " and isGoogle = 1 ";
} else {
if ($type == '404') {
$typeSQL = " and is404 = 1 ";
} else {
if ($type == 'human') {
$typeSQL = " and jsRun = 1 ";
} else {
if ($type == 'ruser') {
$typeSQL = " and userID > 0 ";
} else {
wordfence::status(1, 'error', "Invalid log type to wfLog: {$type}");
return false;
}
}
}
}
}
}
array_unshift($sqlArgs, "select * from " . $this->hitsTable . " where ctime > %f {$IPSQL} {$typeSQL} order by ctime desc limit %d");
$results = call_user_func_array(array($this->getDB(), 'querySelect'), $sqlArgs);
} else {
if ($hitType == 'logins') {
array_unshift($sqlArgs, "select * from " . $this->loginsTable . " where ctime > %f {$IPSQL} order by ctime desc limit %d");
$results = call_user_func_array(array($this->getDB(), 'querySelect'), $sqlArgs);
} else {
wordfence::status(1, 'error', "getHits got invalid hitType: {$hitType}");
return false;
}
}
$this->resolveIPs($results);
$ourURL = parse_url(site_url());
$ourHost = strtolower($ourURL['host']);
$ourHost = preg_replace('/^www\\./i', '', $ourHost);
$browscap = new wfBrowscap();
foreach ($results as &$res) {
$res['type'] = $type;
$res['timeAgo'] = wfUtils::makeTimeAgo($serverTime - $res['ctime']);
$res['blocked'] = $this->getDB()->querySingle("select blockedTime from " . $this->blocksTable . " where IP=%s and (permanent = 1 OR (blockedTime + %s > unix_timestamp()))", $res['IP'], wfConfig::get('blockedTime'));
$res['IP'] = wfUtils::inet_ntoa($res['IP']);
$res['extReferer'] = false;
if (isset($res['referer']) && $res['referer']) {
$refURL = parse_url($res['referer']);
if (is_array($refURL) && $refURL['host']) {
$refHost = strtolower(preg_replace('/^www\\./i', '', $refURL['host']));
if ($refHost != $ourHost) {
$res['extReferer'] = true;
//now extract search terms
$q = false;
if (preg_match('/(?:google|bing|alltheweb|aol|ask)\\./i', $refURL['host'])) {
$q = 'q';
} else {
if (stristr($refURL['host'], 'yahoo.')) {
$q = 'p';
} else {
if (stristr($refURL['host'], 'baidu.')) {
$q = 'wd';
}
}
}
if ($q) {
$queryVars = array();
if (isset($refURL['query'])) {
parse_str($refURL['query'], $queryVars);
if (isset($queryVars[$q])) {
$res['searchTerms'] = $queryVars[$q];
}
}
}
}
}
if ($res['extReferer']) {
if (isset($referringPage) && stristr($referringPage['host'], 'google.')) {
parse_str($referringPage['query'], $queryVars);
echo $queryVars['q'];
// This is the search term used
}
}
}
$res['browser'] = false;
if ($res['UA']) {
$b = $browscap->getBrowser($res['UA']);
if ($b) {
$res['browser'] = array('browser' => $b['Browser'], 'version' => $b['Version'], 'platform' => $b['Platform'], 'isMobile' => $b['isMobileDevice'], 'isCrawler' => $b['Crawler']);
}
}
if ($res['userID']) {
$ud = get_userdata($res['userID']);
if ($ud) {
$res['user'] = array('editLink' => wfUtils::editUserLink($res['userID']), 'display_name' => $ud->display_name, 'ID' => $res['userID']);
$res['user']['avatar'] = get_avatar($res['userID'], 16);
}
} else {
$res['user'] = false;
}
}
return $results;
}
public static function updateBlockedIPs($action)
{
//'add' or 'remove'
if (wfConfig::get('cacheType') != 'falcon') {
return;
}
$htaccessPath = ABSPATH . '/.htaccess';
if ($action == 'remove') {
$fh = fopen($htaccessPath, 'r+');
if (!$fh) {
$err = error_get_last();
return $err['message'];
}
flock($fh, LOCK_EX);
fseek($fh, 0, SEEK_SET);
//start of file
$contents = fread($fh, filesize($htaccessPath));
if (!$contents) {
fclose($fh);
return "Could not read from {$htaccessPath}";
}
$contents = preg_replace('/#WFIPBLOCKS.*WFIPBLOCKS[r\\s\\n\\t]*/s', '', $contents);
ftruncate($fh, 0);
fseek($fh, 0, SEEK_SET);
fwrite($fh, $contents);
flock($fh, LOCK_UN);
fclose($fh);
return false;
} else {
if ($action == 'add') {
$lines = array();
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
$IPs = $wfLog->getBlockedIPsAddrOnly();
if (sizeof($IPs) > 0) {
foreach ($IPs as $IP) {
$lines[] = "Deny from {$IP}\n";
}
}
$ranges = $wfLog->getRangesBasic();
$browserAdded = false;
$browserLines = array();
if ($ranges) {
foreach ($ranges as $r) {
$arr = explode('|', $r);
$range = isset($arr[0]) ? $arr[0] : false;
$browser = isset($arr[1]) ? $arr[1] : false;
if ($range && $browser) {
continue;
//Don't process browser and range combos
} else {
if ($range) {
$ips = explode('-', $range);
$cidrs = wfUtils::rangeToCIDRs($ips[0], $ips[1]);
$hIPs = wfUtils::inet_ntoa($ips[0]) . ' - ' . wfUtils::inet_ntoa($ips[1]);
if (sizeof($cidrs) > 0) {
$lines[] = '#Start of blocking code for IP range: ' . $hIPs . "\n";
foreach ($cidrs as $c) {
$lines[] = "Deny from {$c}\n";
}
$lines[] = '#End of blocking code for IP range: ' . $hIPs . "\n";
}
} else {
if ($browser) {
$browserLines[] = "\t#Blocking code for browser pattern: {$browser}\n";
$browser = preg_replace('/([\\-\\_\\.\\+\\!\\@\\#\\$\\%\\^\\&\\(\\)\\[\\]\\{\\}\\/])/', "\\\\\$1", $browser);
$browser = preg_replace('/\\*/', '.*', $browser);
$browserLines[] = "\tSetEnvIf User-Agent " . $browser . " WordfenceBadBrowser=1\n";
$browserAdded = true;
}
}
}
}
}
if ($browserAdded) {
$lines[] = "<IfModule mod_setenvif.c>\n";
foreach ($browserLines as $l) {
$lines[] = $l;
}
$lines[] = "\tDeny from env=WordfenceBadBrowser\n";
$lines[] = "</IfModule>\n";
}
}
}
$blockCode = "#WFIPBLOCKS - Do not remove this line. Disable Web Caching in Wordfence to remove this data.\nOrder Deny,Allow\n";
$blockCode .= implode('', $lines);
$blockCode .= "#Do not remove this line. Disable Web Caching in Wordfence to remove this data - WFIPBLOCKS\n";
$fh = fopen($htaccessPath, 'r+');
if (!$fh) {
$err = error_get_last();
return $err['message'];
}
//Minimize time between lock/unlock
flock($fh, LOCK_EX);
fseek($fh, 0, SEEK_SET);
//start of file
$contents = fread($fh, filesize($htaccessPath));
if (!$contents) {
fclose($fh);
return "Could not read from {$htaccessPath}";
}
$contents = preg_replace('/#WFIPBLOCKS.*WFIPBLOCKS[r\\s\\n\\t]*/s', '', $contents);
$contents = $blockCode . $contents;
ftruncate($fh, 0);
fseek($fh, 0, SEEK_SET);
fwrite($fh, $contents);
flock($fh, LOCK_UN);
fclose($fh);
return false;
}
public static function updateBlockedIPs($action){ //'add' or 'remove'
if(wfConfig::get('cacheType') != 'falcon'){ return; }
$htaccessPath = self::getHtaccessPath();
if(! $htaccessPath){
return "Wordfence could not find your .htaccess file.";
}
if($action == 'remove'){
$fh = @fopen($htaccessPath, 'r+');
if(! $fh){
$err = error_get_last();
return $err['message'];
}
flock($fh, LOCK_EX);
fseek($fh, 0, SEEK_SET); //start of file
clearstatcache();
$contents = @fread($fh, filesize($htaccessPath));
if(! $contents){
fclose($fh);
return "Could not read from $htaccessPath";
}
$contents = preg_replace('/#WFIPBLOCKS.*WFIPBLOCKS[r\s\n\t]*/s', '', $contents);
ftruncate($fh, 0);
fseek($fh, 0, SEEK_SET);
@fwrite($fh, $contents);
flock($fh, LOCK_UN);
fclose($fh);
return false;
} else if($action == 'add'){
$fh = @fopen($htaccessPath, 'r+');
if(! $fh){
$err = error_get_last();
return $err['message'];
}
$lines = array();
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
$IPs = $wfLog->getBlockedIPsAddrOnly();
if(sizeof($IPs) > 0){
foreach($IPs as $IP){
$lines[] = "Deny from $IP\n";
}
}
$ranges = $wfLog->getRangesBasic();
$browserAdded = false;
$browserLines = array();
if($ranges){
foreach($ranges as $r){
$arr = explode('|', $r);
$range = isset($arr[0]) ? $arr[0] : false;
$browser = isset($arr[1]) ? $arr[1] : false;
$referer = isset($arr[2]) ? $arr[2] : false;
if($range){
if($browser || $referer){ continue; } //We don't allow combos in falcon
$ips = explode('-', $range);
$cidrs = wfUtils::rangeToCIDRs($ips[0], $ips[1]);
$hIPs = wfUtils::inet_ntoa($ips[0]) . ' - ' . wfUtils::inet_ntoa($ips[1]);
if(sizeof($cidrs) > 0){
$lines[] = '#Start of blocking code for IP range: ' . $hIPs . "\n";
foreach($cidrs as $c){
$lines[] = "Deny from $c\n";
}
$lines[] = '#End of blocking code for IP range: ' . $hIPs . "\n";
}
} else if($browser){
if($range || $referer){ continue; }
$browserLines[] = "\t#Blocking code for browser pattern: $browser\n";
$browser = preg_replace('/([\-\_\.\+\!\@\#\$\%\^\&\(\)\[\]\{\}\/])/', "\\\\$1", $browser);
$browser = preg_replace('/\*/', '.*', $browser);
$browserLines[] = "\tSetEnvIf User-Agent " . $browser . " WordfenceBadBrowser=1\n";
$browserAdded = true;
} else if($referer){
if($browser || $range){ continue; }
$browserLines[] = "\t#Blocking code for referer pattern: $referer\n";
$referer = preg_replace('/([\-\_\.\+\!\@\#\$\%\^\&\(\)\[\]\{\}\/])/', "\\\\$1", $referer);
$referer = preg_replace('/\*/', '.*', $referer);
$browserLines[] = "\tSetEnvIf Referer " . $referer . " WordfenceBadBrowser=1\n";
$browserAdded = true;
}
}
}
if($browserAdded){
$lines[] = "<IfModule mod_setenvif.c>\n";
foreach($browserLines as $l){
$lines[] = $l;
}
$lines[] = "\tDeny from env=WordfenceBadBrowser\n";
$lines[] = "</IfModule>\n";
}
}
$blockCode = "#WFIPBLOCKS - Do not remove this line. Disable Web Caching in Wordfence to remove this data.\nOrder Deny,Allow\n";
$blockCode .= implode('', $lines);
$blockCode .= "#Do not remove this line. Disable Web Caching in Wordfence to remove this data - WFIPBLOCKS\n";
//Minimize time between lock/unlock
flock($fh, LOCK_EX);
fseek($fh, 0, SEEK_SET); //start of file
clearstatcache(); //Or we get the wrong size from a cached entry and corrupt the file
$contents = @fread($fh, filesize($htaccessPath));
if(! $contents){
fclose($fh);
return "Could not read from $htaccessPath";
}
$contents = preg_replace('/#WFIPBLOCKS.*WFIPBLOCKS[r\s\n\t]*/s', '', $contents);
$contents = $blockCode . $contents;
ftruncate($fh, 0);
fseek($fh, 0, SEEK_SET);
@fwrite($fh, $contents);
flock($fh, LOCK_UN);
fclose($fh);
return false;
}
