Changeset 3280722
- Timestamp:
- 04/24/2025 09:05:46 AM (11 months ago)
- Location:
- honeypot-toolkit
- Files:
-
- 24 added
- 14 edited
-
tags/5.0.1 (added)
-
tags/5.0.1/css (added)
-
tags/5.0.1/css/admin.css (added)
-
tags/5.0.1/honeypot-toolkit.php (added)
-
tags/5.0.1/img (added)
-
tags/5.0.1/img/honeypot-icon.png (added)
-
tags/5.0.1/lib (added)
-
tags/5.0.1/lib/HT_Ajax.class.php (added)
-
tags/5.0.1/lib/HT_Template.class.php (added)
-
tags/5.0.1/lib/HoneypotToolkit.class.php (added)
-
tags/5.0.1/readme.txt (added)
-
tags/5.0.1/tpl (added)
-
tags/5.0.1/tpl/activityList.php (added)
-
tags/5.0.1/tpl/activity_list_page_js.php (added)
-
tags/5.0.1/tpl/allowlist.php (added)
-
tags/5.0.1/tpl/allowlist_page_js.php (added)
-
tags/5.0.1/tpl/blocklist.php (added)
-
tags/5.0.1/tpl/blocklist_page_js.php (added)
-
tags/5.0.1/tpl/common_js.php (added)
-
tags/5.0.1/tpl/settings.php (added)
-
tags/5.0.1/tpl/settings_page_js.php (added)
-
tags/5.0.1/tpl/single_settings.php (added)
-
tags/5.0.1/tpl/single_settings_page_js.php (added)
-
tags/5.0.1/uninstall.php (added)
-
trunk/css/admin.css (modified) (1 diff)
-
trunk/honeypot-toolkit.php (modified) (1 diff)
-
trunk/lib/HT_Ajax.class.php (modified) (1 diff)
-
trunk/lib/HT_Template.class.php (modified) (1 diff)
-
trunk/lib/HoneypotToolkit.class.php (modified) (5 diffs)
-
trunk/readme.txt (modified) (3 diffs)
-
trunk/tpl/allowlist.php (modified) (2 diffs)
-
trunk/tpl/allowlist_page_js.php (modified) (1 diff)
-
trunk/tpl/blocklist.php (modified) (2 diffs)
-
trunk/tpl/blocklist_page_js.php (modified) (1 diff)
-
trunk/tpl/common_js.php (modified) (1 diff)
-
trunk/tpl/settings.php (modified) (2 diffs)
-
trunk/tpl/settings_page_js.php (modified) (1 diff)
-
trunk/uninstall.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
honeypot-toolkit/trunk/css/admin.css
r3271255 r3280722 469 469 470 470 .HT-tab-content label { 471 width: 1 70px;471 width: 190px; 472 472 display: inline-block; 473 473 vertical-align: middle; -
honeypot-toolkit/trunk/honeypot-toolkit.php
r3271255 r3280722 4 4 Plugin URI: https://www.sterup.com/wordpress-plugins/honeypot-toolkit/ 5 5 Description: Automates the placement of honeypot links for Project Honeypot. Also blocks IP Addresses who have a bad rating on Project Honeypot and Spamcop. Monitors bad logins and 404 errors. 6 Version: 5.0 6 Version: 5.0.1 7 7 Author: Jeff Sterup 8 8 Author URI: https://www.sterup.com -
honeypot-toolkit/trunk/lib/HT_Ajax.class.php
r3271255 r3280722 433 433 } else { 434 434 update_site_option('ht_use_project_honeypot', "0"); 435 } 436 437 if (isset($_POST['ht-automatic-bing-ranges']) && $_POST['ht-automatic-bing-ranges'] == 'true') { 438 update_site_option('ht_automatic_bing_ranges', "1"); 439 440 wp_clear_scheduled_hook('HT_update_searchbot_ranges'); 441 $timeSetting = new DateTime('+5 minutes', new DateTimeZone(wp_timezone_string())); 442 wp_schedule_single_event($timeSetting->getTimestamp(), 'HT_update_searchbot_ranges'); 443 } else { 444 update_site_option('ht_automatic_bing_ranges', "0"); 445 } 446 447 if (isset($_POST['ht-automatic-google-ranges']) && $_POST['ht-automatic-google-ranges'] == 'true') { 448 update_site_option('ht_automatic_google_ranges', "1"); 449 450 wp_clear_scheduled_hook('HT_update_searchbot_ranges'); 451 $timeSetting = new DateTime('+5 minutes', new DateTimeZone(wp_timezone_string())); 452 wp_schedule_single_event($timeSetting->getTimestamp(), 'HT_update_searchbot_ranges'); 453 } else { 454 update_site_option('ht_automatic_google_ranges', "0"); 435 455 } 436 456 -
honeypot-toolkit/trunk/lib/HT_Template.class.php
r3271255 r3280722 55 55 'use_istorm' => get_site_option('ht_use_istorm'), 56 56 'hide_usernames' => get_site_option('ht_hide_usernames'), 57 'site_level_lists' => get_site_option('ht_site_level_lists') 57 'site_level_lists' => get_site_option('ht_site_level_lists'), 58 'automatic_bing_ranges' => get_site_option('ht_automatic_bing_ranges'), 59 'automatic_google_ranges' => get_site_option('ht_automatic_google_ranges') 58 60 ); 59 61 require_once($this->HT->absPath . "/tpl/settings.php"); -
honeypot-toolkit/trunk/lib/HoneypotToolkit.class.php
r3271255 r3280722 65 65 add_action('plugins_loaded', array($this, 'check_version')); 66 66 67 add_action('HT_update_searchbot_ranges', array($this, 'update_searchbot_ranges')); 67 68 add_action('user_register', array($this, 'filter_user_nicename')); 68 69 add_filter('update_user_metadata', array($this, 'filter_user_meta'), 10, 4); … … 104 105 } 105 106 107 function update_searchbot_ranges() { 108 global $wpdb; 109 $automatedRanges = array(); 110 111 if (get_site_option('ht_automatic_bing_ranges', '0') === '1') { 112 $automatedRanges['bing'] = array('json_url'=>'https://www.bing.com/toolbox/bingbot.json', 'db_notes'=>'AUTOMATED: Bingbot'); 113 } 114 if (get_site_option('ht_automatic_google_ranges', '0') === '1') { 115 $automatedRanges['google'] = array('json_url'=>'https://developers.google.com/static/search/apis/ipranges/googlebot.json', 'db_notes'=>'AUTOMATED: Googlebot'); 116 } 117 118 if (count($automatedRanges) > 0) { 119 foreach($automatedRanges as $rangeType=>$rangeDetails) { 120 $rangeRequest = wp_remote_get($rangeDetails['json_url'], array('user-agent'=>'Wordpress/'.get_bloginfo( 'version' ).' Honeypot Toolkit/'.get_site_option('ht_plugin_version').'(contact: wpadmin@sterup.com); '.get_bloginfo( 'url' ))); 121 122 if (200 === wp_remote_retrieve_response_code($rangeRequest)) { 123 $responseJSON = json_decode($rangeRequest['body'], true); 124 125 if (is_array($responseJSON) && isset($responseJSON['prefixes'])) { 126 $currentTime = time(); 127 128 ###Add and update ranges 129 foreach($responseJSON['prefixes'] as $cidr) { 130 if (isset($cidr['ipv4Prefix']) && filter_var(preg_replace('/\/\d+$/', '', $cidr['ipv4Prefix']), FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { 131 $currentRange = $this->get_range_from_cidr($cidr['ipv4Prefix']); 132 $currentRange['ip_number_start'] = $this->calculate_ip_number($currentRange['ip_address_start']); 133 $currentRange['ip_number_end'] = $this->calculate_ip_number($currentRange['ip_address_end']); 134 135 if ($currentRange['ip_number_start'] > 0 && $currentRange['ip_number_end'] > 0) { 136 $allowlistedID = $wpdb->get_var($wpdb->prepare("SELECT ip_id FROM ".$wpdb->base_prefix."ht_ip_list WHERE ip_number_start = %d AND ip_number_end = %d AND notes=%s", $currentRange['ip_number_start'], $currentRange['ip_number_end'], $rangeDetails['db_notes'])); 137 138 if (is_numeric($allowlistedID)) { 139 $wpdb->update($wpdb->base_prefix."ht_ip_list", array("insert_time"=>$currentTime), array("ip_id"=>$allowlistedID)); 140 } else { 141 $wpdb->insert($wpdb->base_prefix."ht_ip_list", array("ip_address_start"=>$currentRange['ip_address_start'], "ip_address_end"=>$currentRange['ip_address_end'], "ip_number_start"=>$currentRange['ip_number_start'], "ip_number_end"=>$currentRange['ip_number_end'], "offense_level"=>0, "insert_time"=>$currentTime, "notes"=>$rangeDetails['db_notes'])); 142 } 143 } 144 } 145 146 } 147 148 ###Remove ranges that weren't in the file 149 $deleteBingQuery = "DELETE FROM ".$wpdb->base_prefix."ht_ip_list WHERE insert_time < %d AND notes = %s"; 150 $wpdb->query($wpdb->prepare($deleteBingQuery, $currentTime, $rangeDetails['db_notes'])); 151 } 152 } 153 } 154 } 155 156 if (wp_next_scheduled('HT_update_searchbot_ranges') === false) { 157 $timeSetting = new DateTime('+1 month', new DateTimeZone(wp_timezone_string())); 158 159 wp_schedule_single_event($timeSetting->getTimestamp(), 'HT_update_searchbot_ranges'); 160 } 161 } 162 106 163 function get_custom_meta_links($meta, $file) { 107 164 if ($this->pluginBase == $file) { … … 169 226 ##Create nonce 170 227 $this->nonce = wp_create_nonce(plugin_basename(__FILE__)); 228 229 if (wp_next_scheduled('HT_update_searchbot_ranges') === false) { 230 $timeSetting = new DateTime('+1 month', new DateTimeZone(wp_timezone_string())); 231 232 wp_schedule_single_event($timeSetting->getTimestamp(), 'HT_update_searchbot_ranges'); 233 } 171 234 } 172 235 … … 813 876 } 814 877 815 update_site_option('ht_plugin_version', "5.0 ");878 update_site_option('ht_plugin_version', "5.0.1"); 816 879 } 817 880 818 881 function check_version() { 819 if (get_site_option('ht_plugin_version') != "5.0 ") {882 if (get_site_option('ht_plugin_version') != "5.0.1") { 820 883 $this->activate(); 821 884 } … … 1058 1121 } 1059 1122 } 1123 1124 1125 function get_range_from_cidr($cidr) { 1126 $range = array(); 1127 $cidr = explode('/', $cidr); 1128 $range['ip_address_start'] = long2ip((ip2long($cidr[0])) & ((-1 << (32 - (int)$cidr[1])))); 1129 $range['ip_address_end'] = long2ip((ip2long($range['ip_address_start'])) + pow(2, (32 - (int)$cidr[1])) - 1); 1130 return $range; 1131 } 1060 1132 1061 1133 } -
honeypot-toolkit/trunk/readme.txt
r3271255 r3280722 5 5 Requires at least: 4.6.0 6 6 Tested up to: 6.8 7 Stable tag: 5.0 7 Stable tag: 5.0.1 8 8 License: GPLv2 9 9 … … 39 39 == Changelog == 40 40 41 = 5.0.1 = 42 Added option to automatically retrieve the IP ranges for Googlebot and Bingbot from their developer sites and add them to the allowlist. 43 Added text length restriction to IP note textareas. 44 41 45 = 5.0 = 42 46 Added ability to use SANS Internet Storm Center API to block malicious visitors 43 47 Changed default HTTP response code to 403 44 Renamed whitelist to allowlist and blacklist/blocked list to blocklist to create better naming consist ancy48 Renamed whitelist to allowlist and blacklist/blocked list to blocklist to create better naming consistency 45 49 Added versioning to admin.css to bust cache and force loading of new CSS rules 46 50 Fixed typos in settings page help dialog … … 194 198 == Upgrade Notice == 195 199 196 = 5.0 = 197 Added ability to use SANS Internet Storm Center API to block malicious visitors 198 Changed default HTTP response code to 403 199 Renamed whitelist to allowlist and blacklist/blocked list to blocklist to create better naming consistancy 200 Added versioning to admin.css to bust cache and force loading of new CSS rules 201 Fixed typos in settings page help dialog 200 = 5.0.1 = 201 Added option to automatically retrieve the IP ranges for Googlebot and Bingbot from their developer sites and add them to the allowlist. 202 Added text length restriction to IP note textareas. -
honeypot-toolkit/trunk/tpl/allowlist.php
r3271256 r3280722 83 83 <div class="allowlist-notes ip-list-column"> 84 84 <div class="inner-ip-list-column"> 85 <textarea name="new-ip-notes" class="new-ip-notes" title="Notes"></textarea>85 <textarea name="new-ip-notes" class="new-ip-notes" id="new-ip-notes" title="Notes"></textarea> 86 86 </div> 87 87 </div> … … 126 126 <label for="edit-ip-address-end">End IP</label> 127 127 <input type="text" name="edit-ip-address-end" class="edit-ip-address-end" value="" title="End IP"><br /> 128 <label for="edit-ip- address-notes">Notes</label>129 <textarea name="edit-ip-notes" class="edit-ip-notes" title="Notes"></textarea><br />128 <label for="edit-ip-notes">Notes</label> 129 <textarea name="edit-ip-notes" class="edit-ip-notes" id="edit-ip-notes" title="Notes"></textarea><br /> 130 130 <input type="hidden" name="allowlist-id" class="allowlist-id" value=""> 131 131 </div> -
honeypot-toolkit/trunk/tpl/allowlist_page_js.php
r3271256 r3280722 62 62 fill_ip_list(); 63 63 return false; 64 }); 65 66 jQuery('#edit-ip-notes, #new-ip-notes').on('keyup', function() { 67 HT_restrict_textarea(this, 4000); 64 68 }); 65 69 -
honeypot-toolkit/trunk/tpl/blocklist.php
r3271256 r3280722 115 115 <div class="blocked-notes ip-list-column"> 116 116 <div class="inner-ip-list-column"> 117 <textarea name="new-ip-notes" class="new-ip-notes" title="Notes"></textarea>117 <textarea name="new-ip-notes" class="new-ip-notes" id="new-ip-notes" title="Notes"></textarea> 118 118 </div> 119 119 </div> … … 175 175 <option value="15">Permanent</option> 176 176 </select><br /> 177 <label for="edit-ip- address-notes">Notes</label>178 <textarea name="edit-ip-notes" class="edit-ip-notes" title="Notes"></textarea><br />177 <label for="edit-ip-notes">Notes</label> 178 <textarea name="edit-ip-notes" class="edit-ip-notes" id="edit-ip-notes" title="Notes"></textarea><br /> 179 179 <input type="hidden" name="blocked-id" class="blocked-id" value=""> 180 180 </div> -
honeypot-toolkit/trunk/tpl/blocklist_page_js.php
r3271256 r3280722 73 73 fill_ip_list(); 74 74 return false; 75 }); 76 77 jQuery('#edit-ip-notes, #new-ip-notes').on('keyup', function() { 78 HT_restrict_textarea(this, 4000); 75 79 }); 76 80 -
honeypot-toolkit/trunk/tpl/common_js.php
r2129166 r3280722 273 273 }); 274 274 } 275 276 function HT_restrict_textarea(areaEl, textLength) { 277 var areaContent = jQuery(areaEl).val(); 278 if (areaContent.length > textLength) { 279 jQuery(areaEl).val(areaContent.substring(0, textLength)); 280 } 281 } 275 282 276 283 </script> -
honeypot-toolkit/trunk/tpl/settings.php
r3271255 r3280722 21 21 <div id="HT-tab-1-content" class="HT-tab-content" style="display: block;"> 22 22 <h3>General Settings</h3> 23 <label for="ht-use-project-honeypot">Use Project Honey Pot: </label><input type="checkbox" name="ht-use-project-honeypot" id="ht-use-project-honeypot" value="1" <?php print ($htSettings['use_project_honeypot'] == '1')? 'checked="checked"':''; ?>><span class="help-dialog fa fa-question-circle" title="__ts__Use Project Honey Pot__te____rs__Use Project Honey Pot to block users based on their threat score.__re____rs__You must enter your API Key on the Project Honey Pot tab before this will work. "></span><br />23 <label for="ht-use-project-honeypot">Use Project Honey Pot: </label><input type="checkbox" name="ht-use-project-honeypot" id="ht-use-project-honeypot" value="1" <?php print ($htSettings['use_project_honeypot'] == '1')? 'checked="checked"':''; ?>><span class="help-dialog fa fa-question-circle" title="__ts__Use Project Honey Pot__te____rs__Use Project Honey Pot to block users based on their threat score.__re____rs__You must enter your API Key on the Project Honey Pot tab before this will work.__re__"></span><br /> 24 24 <label for="ht-use-spamcop">Use Spamcop: </label><input type="checkbox" name="ht-use-spamcop" id="ht-use-spamcop" value="1" <?php print ($htSettings['use_spamcop'] == '1')? 'checked="checked"':''; ?>><span class="help-dialog fa fa-question-circle" title="__ts__Use Spamcop__te____rs__Use Spamcop to block users based on their IP being listed in the block list.__re__"></span><br /> 25 25 <label for="ht-use-istorm">Use Internet Storm Center: </label><input type="checkbox" name="ht-use-istorm" id="ht-use-istorm" value="1" <?php print ($htSettings['use_istorm'] == '1')? 'checked="checked"':''; ?>><span class="help-dialog fa fa-question-circle" title="__ts__Use Internet Storm Center__te____rs__Use the SANS Internet Storm Center API to block users based on their IP being listed in the IP API matching the criteria you set on the Internet Storm Center tab. More info: https://isc.sans.edu/api/#ip__re__"></span><br /> … … 30 30 <?php } ?> 31 31 <select> 32 <span class="help-dialog fa fa-question-circle" title="__ts__Check Interval__te____rs__This is the interval in days that all IP addresses blocked by Project Honey Pot and Spamcop will be checked to see if they are still on their block lists.__re____rs__This check will do a DNS query for every IP in your database that was blocked because of a response from Project Honey Pot or Spamcop. Be careful setting this to a low number if you have a large number of IP addresses on your block list. "></span><br /><br />32 <span class="help-dialog fa fa-question-circle" title="__ts__Check Interval__te____rs__This is the interval in days that all IP addresses blocked by Project Honey Pot and Spamcop will be checked to see if they are still on their block lists.__re____rs__This check will do a DNS query for every IP in your database that was blocked because of a response from Project Honey Pot or Spamcop. Be careful setting this to a low number if you have a large number of IP addresses on your block list.__re__"></span><br /> 33 33 34 <label for="ht-automatic-bing-ranges">Automatically allow Bingbot: </label><input type="checkbox" name="ht-automatic-bing-ranges" id="ht-automatic-bing-ranges" value="1" <?php print ($htSettings['automatic_bing_ranges'] == '1')? 'checked="checked"':''; ?>><span class="help-dialog fa fa-question-circle" title="__ts__Automatically allow Bingbot__te____rs__Automatically retrieve the published list of Bingbot addresses once a month from the Bing Webmaster site and add them to the allowlist.__re____rs__NOTE: After selecting this option and saving it a cron job will be set to fire in five minutes to retrieve the list of addresses. Then a cron job will fire every month to repeat the retrieval.__re__"></span><br /> 35 <label for="ht-automatic-google-ranges">Automatically allow Googlebot: </label><input type="checkbox" name="ht-automatic-google-ranges" id="ht-automatic-google-ranges" value="1" <?php print ($htSettings['automatic_google_ranges'] == '1')? 'checked="checked"':''; ?>><span class="help-dialog fa fa-question-circle" title="__ts__Automatically allow Googlebot__te____rs__Automatically retrieve the published list of Googlebot addresses once a month from the Google Developer site and add them to the allowlist.__re____rs__NOTE: After selecting this option and saving it a cron job will be set to fire in five minutes to retrieve the list of addresses. Then a cron job will fire every month to repeat the retrieval.__re__"></span><br /> 36 34 37 <?php 35 38 if (is_multisite()) { -
honeypot-toolkit/trunk/tpl/settings_page_js.php
r3271255 r3280722 37 37 'ht-hide-usernames': jQuery('#ht-hide-usernames').is(':checked'), 38 38 'ht-site-level-lists': jQuery('#ht-site-level-lists').is(':checked'), 39 'ht-automatic-bing-ranges': jQuery('#ht-automatic-bing-ranges').is(':checked'), 40 'ht-automatic-google-ranges': jQuery('#ht-automatic-google-ranges').is(':checked'), 39 41 HT_nonce: '<?php print $this->HT->nonce; ?>' 40 42 }; -
honeypot-toolkit/trunk/uninstall.php
r3271255 r3280722 39 39 delete_site_option('ht_hide_usernames'); 40 40 delete_site_option('ht_site_level_lists'); 41 delete_site_option('ht_automatic_bing_ranges'); 42 delete_site_option('ht_automatic_google_ranges'); 43 delete_site_option('ht_plugin_version'); 41 44 42 45 function HT_delete_site_data() {
Note: See TracChangeset
for help on using the changeset viewer.