WordPress.org
Get WordPress

Plugin Directory

Changeset 2851085


Ignore:
Timestamp:
01/19/2023 01:21:39 PM (3 years ago)
Author:
slick2
Message:

added AbuseIPDB feature to block malicious traffic

Location:
traffic-jammer/trunk
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed

  • traffic-jammer/trunk/README.md

    r2845288 r2851085  
    88Tested up to: 6.1
    99
    10 Stable tag: 1.0.6
     10Stable tag: 1.0.7
    1111
    1212Requires PHP: 7.4

  • traffic-jammer/trunk/readme.txt

    r2845288 r2851085  
    55Requires at least: 4.7
    66Tested up to: 6.1
    7 Stable tag: 1.0.6
     7Stable tag: 1.0.7
    88Requires PHP: 7.4
    99License: GPLv2 or later
     
    3939
    4040== Changelog ==
     41= 1.0.7 =
     42* added AbuseIPDB feature to block malicious traffic
     43
    4144= 1.0.6 =
    4245* added feature to automatically block IPs which have failed login

  • traffic-jammer/trunk/traffic-jammer.php

    r2845288 r2851085  
    99 * Plugin URI:          https://wordpress.org/plugins/traffic-jammer/
    1010 * Description:         WordPress plugin to block IP and bots that causes malicious traffic.
    11  * Version:             1.0.6
     11 * Version:             1.0.7
    1212 * Requires at least:   5.2
    1313 * Requires PHP:        7.4
     
    119119    $table_name = $wpdb->prefix . 'trafficjammer_traffic';
    120120    $setting_options = get_option( 'wp_traffic_jammer_options' );
     121
     122    if ( isset( $setting_options['abuseipdb_key'] ) ) {
     123        $blocklist = get_option( 'wp_traffic_jammer_blocklist' );
     124        $blocklist = array_map( 'trim', explode( ',', $blocklist ) );
     125
     126        $abuse = new Traffic_Jammer_AbuseIPDB();
     127
     128        // Check the top ip, add IP to blocklist with 100% confidence of abuse.
     129        $traffic_logs = $wpdb->get_results( 'SELECT count(*) as num_visits, IP FROM ' . $wpdb->prefix . 'trafficjammer_traffic where IP is not null GROUP BY IP ORDER BY num_visits DESC LIMIT 10' );
     130
     131        foreach ( $traffic_logs as $value ) {
     132            // skip if it is in the blocklist.
     133            if ( trafficjammer_check_ip( $value->IP, $blocklist ) ) {
     134                continue;
     135            } else {
     136                $abuse_result = $abuse->check( $value->IP );
     137                if ( $abuse_result['data']['abuseConfidenceScore'] == '100' ) {
     138                    trafficjammer_block_ip( $value->IP );
     139                }
     140            }
     141        }
     142    }
     143
     144    // Cleanup Logs.
    121145    $interval_day = isset( $settting_option['log_retention'] ) ? $settting_option['log_retention'] : 3;
    122146    $wpdb->query( 'DELETE FROM ' . $table_name . ' WHERE `date` < DATE_SUB( NOW(), INTERVAL ' . $interval_day . ' DAY );' );
    123147}
    124148add_action( 'trafficjammer_cron_hook', 'trafficjammer_cron_exec' );
     149
    125150
    126151
     
    165190    global $wpdb, $cef6d44b_server;
    166191    $setting_options = get_option( 'wp_traffic_jammer_options' );
    167 
     192    $blocklist = get_option( 'wp_traffic_jammer_blocklist' );
     193    $blocklist = array_map( 'trim', explode( ',', $blocklist ) );
     194
     195    // Check settings for the threshold.
    168196    if ( isset( $setting_options['login_attempts'] ) ) {
    169197        $num_tries = $setting_options['login_attempts'];
     
    192220    $result = $wpdb->get_row( $wpdb->prepare( $sql ) );
    193221    if ( ( ! empty( $result->ctr ) ) && $result->ctr > $num_tries ) {
    194         trafficjammer_block_ip( $ip );
     222        // We don't want duplicate values on the blocklist.
     223        if ( ! trafficjammer_check_ip( $ip, $blocklist ) ) {
     224            trafficjammer_block_ip( $ip );
     225        }
    195226    }
    196227}
     
    404435
    405436    add_settings_field(
     437        'trafficjammer_settings_abusipdb_key',
     438        __( 'AbuseIPDB' ),
     439        'trafficjammer_abuseipdb_key',
     440        'wp_traffic_jammer',
     441        'trafficjammer_settings_section'
     442    );
     443
     444    add_settings_field(
    406445        'trafficjammer_settings_qs_busting',
    407446        __( 'Block query pattern' ),
     
    503542    echo '> <code>/?{timestamp}</code>';
    504543    echo '<br>';
    505     echo '<br>';
    506544    echo 'Block execesive request, example: <code>/?1234567890</code> ';
    507545
     
    522560    echo '/>';
    523561    echo '<br>';
    524 }
     562    echo 'Automatically block IPs based on failed login attempts.';
     563}
     564
     565/**
     566 * AbuseIPDB API
     567 *
     568 * @return void
     569 */
     570function trafficjammer_abuseipdb_key() {
     571    $setting_options = get_option( 'wp_traffic_jammer_options' );
     572    echo '<input type="text" name="wp_traffic_jammer_options[abuseipdb_key]" size="50" ';
     573    if ( isset( $setting_options['abuseipdb_key'] ) ) {
     574        echo ' value="' . esc_attr( $setting_options['abuseipdb_key'] ) . '"';
     575    }
     576    echo '/>';
     577    echo '<br>';
     578    echo 'Block execessive hits from IPs with 100% abuse score.';
     579    echo '<br>';
     580}
     581
     582
    525583
    526584/**
     
    539597 * Block IP
    540598 *
    541  * @param string $ip value ot add.
     599 * @param string $ip value to add.
    542600 *
    543601 * @return void
     
    662720// include wp-cli file.
    663721require plugin_dir_path( __FILE__ ) . 'includes/class-wp-traffic-jammer-cli.php';
     722require plugin_dir_path( __FILE__ ) . 'includes/class-trafficjammer-abuseipdb.php';
Note: See TracChangeset for help on using the changeset viewer.