public static function verifyCrawlerPTR($hostPattern, $IP)
{
global $wpdb;
$table = $wpdb->base_prefix . 'wfCrawlers';
$db = new wfDB();
$IPn = wfUtils::inet_aton($IP);
$status = $db->querySingle("select status from {$table} where IP=%s and patternSig=UNHEX(MD5('%s')) and lastUpdate > unix_timestamp() - %d", $IPn, $hostPattern, WORDFENCE_CRAWLER_VERIFY_CACHE_TIME);
if ($status) {
if ($status == 'verified') {
return true;
} else {
return false;
}
}
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
$host = wfUtils::reverseLookup($IP);
if (!$host) {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'noPTR', '', 'noPTR', '');
return false;
}
if (preg_match($hostPattern, $host)) {
$resultIPs = gethostbynamel($host);
$addrsMatch = false;
foreach ($resultIPs as $resultIP) {
if ($resultIP == $IP) {
$addrsMatch = true;
break;
}
}
if ($addrsMatch) {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'verified', $host, 'verified', $host);
return true;
} else {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'fwdFail', $host, 'fwdFail', $host);
return false;
}
} else {
$db->queryWrite("insert into {$table} (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'badPTR', $host, 'badPTR', $host);
return false;
}
}
function reverse_lookup()
{
$ips = explode(',', $_POST['ips']);
$res = array();
foreach ($ips as $ip) {
$res[$ip] = wfUtils::reverseLookup($ip);
}
return array('ok' => 1, 'ips' => $res);
}
public static function alert($subject, $alertMsg, $IP)
{
wfConfig::inc('totalAlertsSent');
$emails = wfConfig::getAlertEmails();
if (sizeof($emails) < 1) {
return;
}
$IPMsg = "";
if ($IP) {
$IPMsg = "User IP: {$IP}\n";
$reverse = wfUtils::reverseLookup($IP);
if ($reverse) {
$IPMsg .= "User hostname: " . $reverse . "\n";
}
$userLoc = wfUtils::getIPGeo($IP);
if ($userLoc) {
$IPMsg .= "User location: ";
if ($userLoc['city']) {
$IPMsg .= $userLoc['city'] . ', ';
}
$IPMsg .= $userLoc['countryName'] . "\n";
}
}
$content = wfUtils::tmpl('email_genericAlert.php', array('isPaid' => wfConfig::get('isPaid'), 'subject' => $subject, 'blogName' => get_bloginfo('name', 'raw'), 'adminURL' => get_admin_url(), 'alertMsg' => $alertMsg, 'IPMsg' => $IPMsg, 'date' => wfUtils::localHumanDate(), 'myHomeURL' => self::getMyHomeURL(), 'myOptionsURL' => self::getMyOptionsURL()));
$shortSiteURL = preg_replace('/^https?:\\/\\//i', '', site_url());
$subject = "[Wordfence Alert] {$shortSiteURL} " . $subject;
$sendMax = wfConfig::get('alert_maxHourly', 0);
if ($sendMax > 0) {
$sendArr = wfConfig::get_ser('alertFreqTrack', array());
if (!is_array($sendArr)) {
$sendArr = array();
}
$minuteTime = floor(time() / 60);
$totalSent = 0;
for ($i = $minuteTime; $i > $minuteTime - 60; $i--) {
$totalSent += isset($sendArr[$i]) ? $sendArr[$i] : 0;
}
if ($totalSent >= $sendMax) {
return;
}
$sendArr[$minuteTime] = isset($sendArr[$minuteTime]) ? $sendArr[$minuteTime] + 1 : 1;
wfConfig::set_ser('alertFreqTrack', $sendArr);
}
//Prevent duplicate emails within 1 hour:
$hash = md5(implode(',', $emails) . ':' . $subject . ':' . $alertMsg . ':' . $IP);
//Hex
$lastHash = wfConfig::get('lastEmailHash', false);
if ($lastHash) {
$lastHashDat = explode(':', $lastHash);
//[time, hash]
if (time() - $lastHashDat[0] < 3600) {
if ($lastHashDat[1] == $hash) {
return;
//Don't send because this email is identical to the previous email which was sent within the last hour.
}
}
}
wfConfig::set('lastEmailHash', time() . ':' . $hash);
wp_mail(implode(',', $emails), $subject, $content);
}
public function firewallBadIPs()
{
$IP = wfUtils::getIP();
if ($this->isWhitelisted($IP)) {
return;
}
$IPnum = wfUtils::inet_pton($IP);
$hostname = null;
//New range and UA pattern blocking:
$r1 = $this->getDB()->querySelect("select id, blockType, blockString from " . $this->ipRangesTable);
foreach ($r1 as $blockRec) {
if ($blockRec['blockType'] == 'IU') {
$ipRangeBlocked = false;
$uaPatternBlocked = false;
$refBlocked = false;
$bDat = explode('|', $blockRec['blockString']);
$ipRange = $bDat[0];
$uaPattern = $bDat[1];
$refPattern = isset($bDat[2]) ? $bDat[2] : '';
if ($ipRange) {
list($start_range, $end_range) = explode('-', $ipRange);
if (preg_match('/[\\.:]/', $start_range)) {
$start_range = wfUtils::inet_pton($start_range);
$end_range = wfUtils::inet_pton($end_range);
} else {
$start_range = wfUtils::inet_pton(long2ip($start_range));
$end_range = wfUtils::inet_pton(long2ip($end_range));
}
if (strcmp($IPnum, $start_range) >= 0 && strcmp($IPnum, $end_range) <= 0) {
$ipRangeBlocked = true;
}
}
if (!empty($bDat[3])) {
$ipRange = true;
/* We reuse the ipRangeBlocked variable */
if ($hostname === null) {
$hostname = wfUtils::reverseLookup($IP);
}
if (preg_match(wfUtils::patternToRegex($bDat[3]), $hostname)) {
$ipRangeBlocked = true;
}
}
if ($uaPattern) {
if (wfUtils::isUABlocked($uaPattern)) {
$uaPatternBlocked = true;
}
}
if ($refPattern) {
if (wfUtils::isRefererBlocked($refPattern)) {
$refBlocked = true;
}
}
$doBlock = false;
if ($uaPattern && $ipRange && $refPattern) {
if ($uaPatternBlocked && $ipRangeBlocked && $refBlocked) {
$doBlock = true;
}
}
if ($uaPattern && $ipRange) {
if ($uaPatternBlocked && $ipRangeBlocked) {
$doBlock = true;
}
}
if ($uaPattern && $refPattern) {
if ($uaPatternBlocked && $refBlocked) {
$doBlock = true;
}
}
if ($ipRange && $refPattern) {
if ($ipRangeBlocked && $refBlocked) {
$doBlock = true;
}
} else {
if ($uaPattern) {
if ($uaPatternBlocked) {
$doBlock = true;
}
} else {
if ($ipRange) {
if ($ipRangeBlocked) {
$doBlock = true;
}
} else {
if ($refPattern) {
if ($refBlocked) {
$doBlock = true;
}
}
}
}
}
if ($doBlock) {
$this->getDB()->queryWrite("update " . $this->ipRangesTable . " set totalBlocked = totalBlocked + 1, lastBlocked = unix_timestamp() where id=%d", $blockRec['id']);
wfActivityReport::logBlockedIP($IP);
$this->currentRequest->actionDescription = 'UA/Referrer/IP Range not allowed';
$this->do503(3600, "Advanced blocking in effect.");
}
}
}
//End range/UA blocking
// Country blocking
if (wfConfig::get('isPaid')) {
$blockedCountries = wfConfig::get('cbl_countries', false);
$bareRequestURI = wfUtils::extractBareURI($_SERVER['REQUEST_URI']);
$bareBypassRedirURI = wfUtils::extractBareURI(wfConfig::get('cbl_bypassRedirURL', ''));
$skipCountryBlocking = false;
if ($bareBypassRedirURI && $bareRequestURI == $bareBypassRedirURI) {
//Run this before country blocking because even if the user isn't blocked we need to set the bypass cookie so they can bypass future blocks.
$bypassRedirDest = wfConfig::get('cbl_bypassRedirDest', '');
if ($bypassRedirDest) {
self::setCBLCookieBypass();
$this->redirect($bypassRedirDest);
//exits
}
}
$bareBypassViewURI = wfUtils::extractBareURI(wfConfig::get('cbl_bypassViewURL', ''));
if ($bareBypassViewURI && $bareBypassViewURI == $bareRequestURI) {
self::setCBLCookieBypass();
$skipCountryBlocking = true;
}
if (!$skipCountryBlocking && $blockedCountries && !self::isCBLBypassCookieSet()) {
if (is_user_logged_in() && !wfConfig::get('cbl_loggedInBlocked', false)) {
//User is logged in and we're allowing logins
//Do nothing
} else {
if (strpos($_SERVER['REQUEST_URI'], '/wp-login.php') !== false && !wfConfig::get('cbl_loginFormBlocked', false)) {
//It's the login form and we're allowing that
//Do nothing
} else {
if (strpos($_SERVER['REQUEST_URI'], '/wp-login.php') === false && !wfConfig::get('cbl_restOfSiteBlocked', false)) {
//It's the rest of the site and we're allowing that
//Do nothing
} else {
if ($country = wfUtils::IP2Country($IP)) {
foreach (explode(',', $blockedCountries) as $blocked) {
if (strtoupper($blocked) == strtoupper($country)) {
//At this point we know the user has been blocked
if (wfConfig::get('cbl_action') == 'redir') {
$redirURL = wfConfig::get('cbl_redirURL');
$eRedirHost = wfUtils::extractHostname($redirURL);
$isExternalRedir = false;
if ($eRedirHost && $eRedirHost != wfUtils::extractHostname(home_url())) {
//It's an external redirect...
$isExternalRedir = true;
}
if (!$isExternalRedir && wfUtils::extractBareURI($redirURL) == $bareRequestURI) {
//Is this the URI we want to redirect to, then don't block it
//Do nothing
/* Uncomment the following if page components aren't loading for the page we redirect to.
Uncommenting is not recommended because it means that anyone from a blocked country
can crawl your site by sending the page blocked users are redirected to as the referer for every request.
But it's your call.
} else if(wfUtils::extractBareURI($_SERVER['HTTP_REFERER']) == $redirURL){ //If the referer the page we want to redirect to? Then this might be loading as a component so don't block.
//Do nothing
*/
} else {
$this->redirect(wfConfig::get('cbl_redirURL'));
}
} else {
$this->currentRequest->actionDescription = 'blocked access via country blocking';
$this->do503(3600, "Access from your area has been temporarily limited for security reasons");
wfConfig::inc('totalCountryBlocked');
}
}
}
}
}
}
}
}
}
if ($rec = $this->getDB()->querySingleRec("select blockedTime, reason from " . $this->blocksTable . " where IP=%s and (permanent=1 OR (blockedTime + %s > unix_timestamp()))", $IPnum, wfConfig::get('blockedTime'))) {
$this->getDB()->queryWrite("update " . $this->blocksTable . " set lastAttempt=unix_timestamp(), blockedHits = blockedHits + 1 where IP=%s", $IPnum);
$now = $this->getDB()->querySingle("select unix_timestamp()");
$secsToGo = $rec['blockedTime'] + wfConfig::get('blockedTime') - $now;
if (wfConfig::get('other_WFNet') && strpos($_SERVER['REQUEST_URI'], '/wp-login.php') !== false) {
//We're on the login page and this IP has been blocked
wordfence::wfsnReportBlockedAttempt($IP, 'login');
}
$this->do503($secsToGo, $rec['reason']);
}
}
public function firewallBadIPs()
{
$IP = wfUtils::getIP();
if ($this->isWhitelisted($IP)) {
return;
}
$IPnum = wfUtils::inet_pton($IP);
$hostname = null;
//New range and UA pattern blocking:
$r1 = $this->getDB()->querySelect("select id, blockType, blockString from " . $this->ipRangesTable);
foreach ($r1 as $blockRec) {
if ($blockRec['blockType'] == 'IU') {
$ipRangeBlocked = false;
$uaPatternBlocked = false;
$refBlocked = false;
$bDat = explode('|', $blockRec['blockString']);
$ipRange = $bDat[0];
$uaPattern = $bDat[1];
$refPattern = isset($bDat[2]) ? $bDat[2] : '';
if ($ipRange) {
list($start_range, $end_range) = explode('-', $ipRange);
if (preg_match('/[\\.:]/', $start_range)) {
$start_range = wfUtils::inet_pton($start_range);
$end_range = wfUtils::inet_pton($end_range);
} else {
$start_range = wfUtils::inet_pton(long2ip($start_range));
$end_range = wfUtils::inet_pton(long2ip($end_range));
}
if (strcmp($IPnum, $start_range) >= 0 && strcmp($IPnum, $end_range) <= 0) {
$ipRangeBlocked = true;
}
}
if (!empty($bDat[3])) {
$ipRange = true;
/* We reuse the ipRangeBlocked variable */
if ($hostname === null) {
$hostname = wfUtils::reverseLookup($IP);
}
if (preg_match(wfUtils::patternToRegex($bDat[3]), $hostname)) {
$ipRangeBlocked = true;
}
}
if ($uaPattern) {
if (wfUtils::isUABlocked($uaPattern)) {
$uaPatternBlocked = true;
}
}
if ($refPattern) {
if (wfUtils::isRefererBlocked($refPattern)) {
$refBlocked = true;
}
}
$doBlock = false;
if ($uaPattern && $ipRange && $refPattern) {
if ($uaPatternBlocked && $ipRangeBlocked && $refBlocked) {
$doBlock = true;
}
}
if ($uaPattern && $ipRange) {
if ($uaPatternBlocked && $ipRangeBlocked) {
$doBlock = true;
}
}
if ($uaPattern && $refPattern) {
if ($uaPatternBlocked && $refBlocked) {
$doBlock = true;
}
}
if ($ipRange && $refPattern) {
if ($ipRangeBlocked && $refBlocked) {
$doBlock = true;
}
} else {
if ($uaPattern) {
if ($uaPatternBlocked) {
$doBlock = true;
}
} else {
if ($ipRange) {
if ($ipRangeBlocked) {
$doBlock = true;
}
} else {
if ($refPattern) {
if ($refBlocked) {
$doBlock = true;
}
}
}
}
}
if ($doBlock) {
$this->getDB()->queryWrite("update " . $this->ipRangesTable . " set totalBlocked = totalBlocked + 1, lastBlocked = unix_timestamp() where id=%d", $blockRec['id']);
wfActivityReport::logBlockedIP($IP);
$this->currentRequest->actionDescription = 'UA/Referrer/IP Range not allowed';
$this->do503(3600, "Advanced blocking in effect.");
}
}
}
//End range/UA blocking
// Country blocking
if (wfConfig::get('isPaid')) {
$blockedCountries = wfConfig::get('cbl_countries', false);
$bareRequestURI = wfUtils::extractBareURI($_SERVER['REQUEST_URI']);
$bareBypassRedirURI = wfUtils::extractBareURI(wfConfig::get('cbl_bypassRedirURL', ''));
$skipCountryBlocking = false;
if ($bareBypassRedirURI && $bareRequestURI == $bareBypassRedirURI) {
//Run this before country blocking because even if the user isn't blocked we need to set the bypass cookie so they can bypass future blocks.
$bypassRedirDest = wfConfig::get('cbl_bypassRedirDest', '');
if ($bypassRedirDest) {
self::setCBLCookieBypass();
$this->redirect($bypassRedirDest);
//exits
}
}
$bareBypassViewURI = wfUtils::extractBareURI(wfConfig::get('cbl_bypassViewURL', ''));
if ($bareBypassViewURI && $bareBypassViewURI == $bareRequestURI) {
self::setCBLCookieBypass();
$skipCountryBlocking = true;
}
if (!$skipCountryBlocking && $blockedCountries && !self::isCBLBypassCookieSet()) {
// If everything is checked, make sure this always runs.
if (wfConfig::get('cbl_loggedInBlocked', false) && wfConfig::get('cbl_loginFormBlocked', false) && wfConfig::get('cbl_restOfSiteBlocked', false)) {
$this->checkForBlockedCountry();
}
// Block logged in users.
if (wfConfig::get('cbl_loggedInBlocked', false) && is_user_logged_in()) {
$this->checkForBlockedCountry();
}
// Block the login form itself and any attempt to authenticate.
if (wfConfig::get('cbl_loginFormBlocked', false)) {
if (self::isAuthRequest()) {
$this->checkForBlockedCountry();
}
add_filter('authenticate', array($this, 'checkForBlockedCountry'), 1, 0);
}
// Block requests that aren't to the login page, xmlrpc.php, or a user already logged in.
if (wfConfig::get('cbl_restOfSiteBlocked', false) && !self::isAuthRequest() && !defined('XMLRPC_REQUEST') && !is_user_logged_in()) {
$this->checkForBlockedCountry();
}
// XMLRPC is inaccesible when public portion of the site and auth is disabled.
if (wfConfig::get('cbl_loginFormBlocked', false) && wfConfig::get('cbl_restOfSiteBlocked', false) && defined('XMLRPC_REQUEST')) {
$this->checkForBlockedCountry();
}
}
}
if ($rec = $this->getDB()->querySingleRec("select blockedTime, reason from " . $this->blocksTable . " where IP=%s and (permanent=1 OR (blockedTime + %s > unix_timestamp()))", $IPnum, wfConfig::get('blockedTime'))) {
$this->getDB()->queryWrite("update " . $this->blocksTable . " set lastAttempt=unix_timestamp(), blockedHits = blockedHits + 1 where IP=%s", $IPnum);
$now = $this->getDB()->querySingle("select unix_timestamp()");
$secsToGo = $rec['blockedTime'] + wfConfig::get('blockedTime') - $now;
if (wfConfig::get('other_WFNet') && self::isAuthRequest()) {
//It's an auth request and this IP has been blocked
$this->getCurrentRequest()->action = 'blocked:wfsnrepeat';
wordfence::wfsnReportBlockedAttempt($IP, 'login');
}
$this->do503($secsToGo, $rec['reason']);
}
}
public static function alert($subject, $alertMsg, $IP)
{
$emails = wfConfig::getAlertEmails();
if (sizeof($emails) < 1) {
return;
}
$IPMsg = "";
if ($IP) {
$IPMsg = "User IP: {$IP}\n";
$reverse = wfUtils::reverseLookup($IP);
if ($reverse) {
$IPMsg .= "User hostname: " . $reverse . "\n";
}
$userLoc = wfUtils::getIPGeo($IP);
if ($userLoc) {
$IPMsg .= "User location: ";
if ($userLoc['city']) {
$IPMsg .= $userLoc['city'] . ', ';
}
$IPMsg .= $userLoc['countryName'] . "\n";
}
}
$content = wfUtils::tmpl('email_genericAlert.php', array('isPaid' => wfConfig::get('isPaid'), 'subject' => $subject, 'blogName' => get_bloginfo('name', 'raw'), 'adminURL' => get_admin_url(), 'alertMsg' => $alertMsg, 'IPMsg' => $IPMsg, 'date' => wfUtils::localHumanDate(), 'myHomeURL' => self::getMyHomeURL(), 'myOptionsURL' => self::getMyOptionsURL()));
$shortSiteURL = preg_replace('/^https?:\\/\\//i', '', site_url());
$subject = "[Wordfence Alert] {$shortSiteURL} " . $subject;
$sendMax = wfConfig::get('alert_maxHourly', 0);
if ($sendMax > 0) {
$sendArr = wfConfig::get_ser('alertFreqTrack', array());
if (!is_array($sendArr)) {
$sendArr = array();
}
$minuteTime = floor(time() / 60);
$totalSent = 0;
for ($i = $minuteTime; $i > $minuteTime - 60; $i--) {
$totalSent += isset($sendArr[$i]) ? $sendArr[$i] : 0;
}
if ($totalSent >= $sendMax) {
return;
}
$sendArr[$minuteTime] = isset($sendArr[$minuteTime]) ? $sendArr[$minuteTime] + 1 : 1;
wfConfig::set_ser('alertFreqTrack', $sendArr);
}
wp_mail(implode(',', $emails), $subject, $content);
}
public static function alert($subject, $alertMsg, $IP)
{
$IPMsg = "";
if ($IP) {
$IPMsg = "User IP: {$IP}\n";
$reverse = wfUtils::reverseLookup($IP);
if ($reverse) {
$IPMsg .= "User hostname: " . $reverse . "\n";
}
$userLoc = wfUtils::getIPGeo($IP);
if ($userLoc) {
$IPMsg .= "User location: ";
if ($userLoc['city']) {
$IPMsg .= $userLoc['city'] . ', ';
}
$IPMsg .= $userLoc['countryName'] . "\n";
}
}
$content = wfUtils::tmpl('email_genericAlert.php', array('subject' => $subject, 'blogName' => get_bloginfo('name', 'raw'), 'alertMsg' => $alertMsg, 'IPMsg' => $IPMsg, 'date' => wfUtils::localHumanDate(), 'myHomeURL' => self::getMyHomeURL(), 'myOptionsURL' => self::getMyOptionsURL()));
$emails = wfConfig::getAlertEmails();
if (sizeof($emails) < 1) {
return;
}
$shortSiteURL = preg_replace('/^https?:\\/\\//i', '', site_url());
$subject = "[Wordfence Alert] {$shortSiteURL} " . $subject;
wp_mail(implode(',', $emails), $subject, $content);
}
