Changeset 408446
- Timestamp:
- 07/11/2011 06:58:30 PM (15 years ago)
- Location:
- ttc-wordpress-security-plugin
- Files:
-
- 3 edited
-
tags/2.0/ttc_security.php (modified) (9 diffs)
-
trunk/readme.txt (modified) (1 diff)
-
trunk/ttc_security.php (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
ttc-wordpress-security-plugin/tags/2.0/ttc_security.php
r95413 r408446 1 1 <?php 2 3 /* 4 Plugin Name: TimesToCome Security Plugin 5 Version: 2.0 6 Plugin URI: http://herselfswebtools.com/2008/06/wordpress-security-plugin-block-scrapers-hackers-and-more.html 7 Description: Security plugin for Wordpress 8 Author: Linda MacPhee-Cobb 9 Author URI: http://timestocome.com 10 */ 11 12 2 3 /* 4 Plugin Name: TimesToCome Security Plugin 5 Version: 2.7 6 Plugin URI: http://herselfswebtools.com/2008/06/wordpress-security-plugin-block-scrapers-hackers-and-more.html 7 Description: Security plugin for Wordpress 8 Author: Linda MacPhee-Cobb 9 Author URI: http://timestocome.com 10 */ 11 12 13 14 // ************************************************************************************************************ 15 // NOTES TO USERS: 16 // Instead of an error page, bots are now re-routed to main page 17 // if you'd rather send bots to error pages see notes below 18 // 19 // to prevent yourself from being blocked change 127.0.0.1 to your ip ~ line 120 or so 20 // 21 // ************************************************************************************************************ 22 // NOTES TO CODERS: 23 // Several people have asked to use this as a base to make their own security plugins 24 // Please feel free - you don't need my permission. I wrote this because I needed it and 25 // if you create a better one I think that is wonderful. 26 // 27 // Consider this code to be under the MIT license http://en.wikipedia.org/wiki/MIT_License 28 // 29 // If you do write a new improved version let me know I'll be happy post a link on the website. 30 // ************************************************************************************************************ 31 13 32 14 33 // ************************************************************************************************************ 15 // NOTES TO USERS: 16 // to customize your two error pages see below 17 // to prevent yourself from being blocked change 127.0.0.1 to your ip and uncomment ~120 //don't ban ourselves 34 //version 2.5 fixes menu options for wp 3.0 18 35 // ************************************************************************************************************ 19 20 21 22 // check out who is visiting us 23 function ttc_security() 24 { 25 global $wpdb; 26 36 //Feb. 2011 version 2.6 clean up, speed up, 37 // ************************************************************************************************************ 38 //Jul 2011 fix requests and accepts not being stored 39 //************************************************************************************************************ 40 41 42 // globals 43 $wpdb; 44 $ttc_wpdb_prefix = $wpdb->prefix; 45 46 // server variables 27 47 $http_accept = $_SERVER['HTTP_ACCEPT']; 28 48 $http_remote_addr = $_SERVER['REMOTE_ADDR']; … … 32 52 $request_uri = $_SERVER['REQUEST_URI']; 33 53 $request_method = $_SERVER['REQUEST_METHOD']; 34 35 36 $blacklisted = 0; 37 $log_table_name = $wpdb->prefix . "ttc_security_log"; 38 $ip_table_name = $wpdb->prefix . "ttc_ip_blacklist"; 39 $agent_table_name = $wpdb->prefix . "ttc_agent_blacklist"; 40 $request_table_name = $wpdp->prefix . "ttc_request_blacklist"; 41 42 43 // create tables if they don't already exist 44 if($wpdb->get_var("SHOW TABLES LIKE '$blacklist_table_name'") != $blacklist_table_name ) { 45 ttc_security_install(); 54 55 56 57 // ttc variables 58 $log_table_name = $ttc_wpdb_prefix . "ttc_security_log"; 59 $ip_table_name = $ttc_wpdb_prefix . "ttc_ip_blacklist"; 60 $agent_table_name = $ttc_wpdb_prefix . "ttc_agent_blacklist"; 61 $request_table_name = $ttc_wpdp_prefix . "ttc_request_blacklist"; 62 63 64 65 // check out who is visiting us 66 function ttc_security() 67 { 68 // database info 69 global $wpdb; 70 global $ttc_wpdb_prefix; 71 global $log_table_name; 72 global $ip_table_name; 73 global $agent_table_name; 74 global $request_table_name; 75 76 77 // server variables 78 global $http_accept; 79 global $http_remote_addr; 80 global $http_local_addr; 81 global $http_user_agent; 82 global $request_time; 83 global $request_uri; 84 global $request_method; 85 86 // local variables 87 $blacklisted = 0; 88 89 90 91 ///********************************************* 92 // does this need to be done each time? 93 ///********************************************* 94 // create tables if they don't already exist 95 if (($wpdb->get_var("SHOW TABLES LIKE '$blacklist_table_name'") != $blacklist_table_name ) || 96 ($wpdb->get_var("SHOW TABLES LIKE '$ip_table_name'") != $ip_table_name ) || 97 ($wpdb->get_var("SHOW TABLES LIKE '$agent_table_name'") != $agent_table_name ) || 98 ($wpdb->get_var("SHOW TABLES LIKE '$request_table_name'") != $request_table_name )){ 99 100 ttc_security_install(); 101 } 102 103 104 105 106 ////******************************************** 107 // Note: faster and safer to pull all from db and loop through data using php for matches 108 // than it is to prep input, (sanitize and clean up) and use MySql matching 109 110 // Note: tried === instead of tacking x on front of string but only matches in first position 111 // and we want matches any where in the string 112 113 114 115 // check for banned ip number 116 if ( $blacklisted == 0 ){ 117 $sql = "SELECT ip FROM $ip_table_name"; 118 $ip_black_list = $wpdb->get_results( $sql ); 119 120 foreach ( $ip_black_list as $blacklisted_ip ){ 121 $bad_ip = $blacklisted_ip->ip; 122 123 // check for exact match only OR use code below to block sections 124 //if ( strcasecmp( $http_remote_addr, $bad_ip ) == 0 ){ $blacklisted = 1; } 125 126 //check for partial matches so we can block blocks of troublesome ip numbers 127 // hack so null doesn't equal a match 128 $hacked_http_remote_addr = "x" . $http_remote_addr; 129 if ((strpos ( $hacked_http_remote_addr, $bad_ip, 1 )) == 1 ){ 130 $blacklisted = 1; 131 } 132 } 133 } 134 135 136 137 // check for banned user agents and also for blank user agents 138 if ( $blacklisted == 0 ){ 139 $sql = "SELECT agent FROM $agent_table_name"; 140 $agent_black_list = $wpdb->get_results ( $sql ); 141 142 //php reads 0 if not found, or if first position matches, this is a hack around that. PHP should return -1 not NULL !!! 143 $hacked_http_user_agent = "x" . $http_user_agent; 144 foreach ( $agent_black_list as $blacklisted_agent ){ 145 $bad_agent = $blacklisted_agent->agent; 146 147 if ( strpos ( $hacked_http_user_agent, $bad_agent ) > 0 ){ 148 $blacklisted = 2; 149 }else if ( strlen ($hacked_http_user_agent) < 2 ){ 150 $blacklisted = 3; 151 } 152 } 153 } 154 155 156 // check for funny business in url 157 if ( $blacklisted == 0 ){ 158 159 $sql = "SELECT request from $request_table_name"; 160 $request_black_list = $wpdb->get_results ( $sql ); 161 162 $hacked_request_uri = "x" . $request_uri; // php reads 0 if no match and 0 if first position, this is a hack around that. 163 foreach ( $request_black_list as $blacklisted_request ){ 164 $bad_request = $blacklisted_request->request; 165 if ( strpos ( $hacked_request_uri, $bad_request ) > 0 ){ 166 $blacklisted = 14; 167 } 168 } 169 } 170 171 172 173 174 175 176 //************************************************************************************************************** 177 // don't ban ourselves Change 127.0.0.1 to your ip number if you find yourself getting banned. 178 //************************************************************************************************************** 179 // don't ban ourselves.... 180 if ( $http_local_addr == $http_remote_addr ){ $blacklisted = 0; 181 }else if ( $http_remote_addr == "127.0.0.1" ){ $blacklisted = 0; } ////// change 127.0.0.1 to your ip to prevent self banishment 182 183 184 185 186 187 //update our log files 188 // if code is one update log files 189 // else update log file and ip file 190 191 if ( $blacklisted == 0 ){ 192 193 // do nothing all is right and wonderful in the world 194 $blacklisted = 0; 195 196 197 }else if ( $blacklisted == 1 ){ // already blacklisted ip here so just add to log 198 199 // too many to log, log entries growing too fast 200 //ttc_add_to_security_log( $blacklisted ); // add to log 201 202 $code = "Sorry but you are listed on our ip blacklist"; 203 global $wpdb; 204 205 //************************************************************************************************************* 206 // this sends bots to main page you can create a custom page for bots and send them there if you'd rather 207 //************************************************************************************************************* 208 // send rejections back to main site page 209 $host = $_SERVER['HTTP_HOST']; 210 $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); 211 header("Location: http://$host$uri"); 212 213 exit(); 214 215 }else if ( $blacklisted > 1 ) { 216 217 ttc_add_to_security_log( $blacklisted ); // add to log 218 ttc_add_to_security_blacklist( $http_remote_addr ); // add to our ip blacklist 219 220 221 if (( $blacklisted == 2 )||( $blacklisted == 3 )){ 222 $code = "Your user agent is blacklisted. <br />\nIf you are using a web browser check your computer for spyware and viruses."; 223 }else if ( $blacklisted == 11 ){ 224 $code = "Spamhaus listed spammer"; 225 }else if ( $blacklisted == 12 ){ 226 $code = "Spamhaus listed exploiter"; 227 }else if ( $blacklisted == 14 ){ 228 $code = "Attempted script or similar"; 229 } 230 231 232 //************************************************************************************************************* 233 // this sends bots to main page you can create a custom page for bots and send them there if you'd rather 234 //************************************************************************************************************* 235 $host = $_SERVER['HTTP_HOST']; 236 $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); 237 header("Location: http://$host$uri"); 238 239 240 exit(); 241 242 } 46 243 } 47 if($wpdb->get_var("SHOW TABLES LIKE '$ip_table_name'") != $ip_table_name ) { 48 ttc_security_install(); 244 245 246 247 248 // add any funny stuff to security log 249 function ttc_add_to_security_log( $error ) 250 { 251 // wordpress db info 252 global $wpdb; 253 global $ttc_wpdb_prefix; 254 255 // server variables 256 global $log_table_name; 257 global $request_time; 258 global $http_accept; 259 global $http_user_agent; 260 global $http_remote_addr; 261 global $request_uri; 262 263 264 // wtf? accept statements coming in at over 255 chars? Prevent sql errors and any funny business 265 // by shortening anything from user to 200 chars if over 255 266 if ( strlen($request_uri ) > 200 ){ $email = substr ($request_uri, 0, 200 ); } 267 if ( strlen($http_accept ) > 200 ) { $http_accept = substr ( $http_accept, 0, 200 ); } 268 if ( strlen($http_user_agent ) > 200 ) { $http_user_agent = substr ( $http_user_agent, 0, 200 ); } 269 270 271 // clean input for database 272 $http_accept = htmlentities($http_accept); 273 $http_user_agent = htmlentities($http_user_agent); 274 $http_remote_addr = htmlentities($http_remote_addr); 275 $request_uri = htmlentities($request_uri); 276 277 // ok now stuff the info into the log files in the db 278 $sql = "INSERT INTO " . $log_table_name . " ( ip, problem, accept, agent, request, day ) 279 VALUES ( '$http_remote_addr', '$error', '$http_accept', '$http_user_agent', '$request_uri', NOW() )"; 280 $result = $wpdb->query( $sql ); 281 49 282 } 50 if($wpdb->get_var("SHOW TABLES LIKE '$agent_table_name'") != $agent_table_name ) { 51 ttc_security_install(); 52 } 53 if($wpdb->get_var("SHOW TABLES LIKE '$request_table_name'") != $request_table_name ) { 54 ttc_security_install(); 283 284 285 // automatically black list bozos ip numbers 286 function ttc_add_to_security_blacklist( $ip ) 287 { 288 // wordpress db info 289 global $wpdb; 290 global $ttc_wpdb_prefix; 291 global $ip_table_name; 292 293 294 // insert ip number into blacklisted ip table 295 $sql = "INSERT INTO " . $ip_table_name . " ( ip ) VALUES ( '$ip' ) "; 296 $result = $wpdb->query( $sql ); 297 55 298 } 56 57 58 // check for banned ip number 59 if ( $blacklisted == 0 ){ 60 $ip_table = $wpdb->prefix . "ttc_ip_blacklist"; 61 $sql = "SELECT ip FROM $ip_table"; 62 $ip_black_list = $wpdb->get_results( $sql ); 63 64 foreach ( $ip_black_list as $blacklisted_ip ){ 65 $bad_ip = $blacklisted_ip->ip; 66 67 // check for exact match only OR use code below to block sections 68 //if ( strcasecmp( $http_remote_addr, $bad_ip ) == 0 ){ $blacklisted = 1; } 69 70 //check for partial matches so we can block blocks of troublesome ip numbers 71 $hacked_http_remote_addr = "x" . $http_remote_addr; // php reads 0 if no match and 0 if first position, this is a hack around that. 72 if ((strpos ( $http_remote_addr, $bad_ip, 1 )) == 1 ){ 73 $blacklisted = 1; 74 } 299 300 301 302 303 304 305 // make sure all our tables are here, create them if not 306 function ttc_security_install() 307 { 308 // wordpress db info 309 global $wpdb; 310 global $ttc_wpdb_prefix; 311 312 313 // create our tables 314 global $log_table_name; 315 global $ip_table_name; 316 global $agent_table_name; 317 global $request_table_name; 318 319 $new_table = 0; 320 321 // create log table 322 if($wpdb->get_var("SHOW TABLES LIKE '$log_table_name'") != $log_table_name) { 323 324 $sql = "CREATE TABLE " . $log_table_name . " ( 325 ip varchar(16), 326 problem int(3), 327 accept varchar(255), 328 agent varchar(255), 329 request varchar(255), 330 day datetime 331 );"; 332 333 $new_table = 1; 334 } 335 336 // create ip table 337 if( $wpdb->get_var("SHOW TABLES LIKE '$ip_table_name'") != $ip_table_name ){ 338 339 $sql = "CREATE TABLE ". $ip_table_name ." ( 340 ip varchar(255) UNIQUE 341 );"; 342 343 $new_table = 2; 344 } 345 346 // create agent table 347 if( $wpdb->get_var("SHOW TABLES LIKE '$agent_table_name'") != $agent_table_name ){ 348 349 $sql = "CREATE TABLE ". $agent_table_name ." ( 350 agent varchar(255) UNIQUE 351 );"; 352 353 $new_table = 3; 354 } 355 356 // create request table 357 if( $wpdb->get_var("SHOW TABLES LIKE '$request_table_name'") != $request_table_name ){ 358 359 $sql = "CREATE TABLE ". $request_table_name ." ( 360 request varchar(255) UNIQUE 361 );"; 362 363 $new_table = 4; 364 } 365 366 // if we created any new tables update database 367 if ( $new_table ){ 368 require_once(ABSPATH . 'wp-admin/upgrade-functions.php'); 369 dbDelta($sql); 370 } 371 372 //insert some default values to get user started 373 if( $new_table == 3 ){ 374 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'AnotherBot' )"; 375 $result = mysql_query( $sql ); 376 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'WebRipper' )"; 377 $result = mysql_query( $sql ); 378 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'Winnie Poh' )"; 379 $result = mysql_query( $sql ); 380 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'EmailSearch' )"; 381 $result = mysql_query( $sql ); 382 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'curl' )"; 383 $result = mysql_query( $sql ); 384 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'DataCha0s' )"; 385 $result = mysql_query( $sql ); 386 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'HTTrack' )"; 387 $result = mysql_query( $sql ); 388 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'libcurl' )"; 389 $result = mysql_query( $sql ); 390 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'libwww-perl' )"; 391 $result = mysql_query( $sql ); 392 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'PEAR' )"; 393 $result = mysql_query( $sql ); 394 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'PECL' )"; 395 $result = mysql_query( $sql ); 396 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'Security Kol' )"; 397 $result = mysql_query( $sql ); 398 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'Site Sniper' )"; 399 $result = mysql_query( $sql ); 400 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'Wget' )"; 401 $result = mysql_query( $sql ); 402 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'botpaidtoclick' )"; 403 $result = mysql_query( $sql ); 404 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'Click Bot' )"; 405 $result = mysql_query( $sql ); 406 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'EmailSiphon' )"; 407 $result = mysql_query( $sql ); 408 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'GrubNG' )"; 409 $result = mysql_query( $sql ); 410 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'lwp-request' )"; 411 $result = mysql_query( $sql ); 412 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'lwp-trivial' )"; 413 $result = mysql_query( $sql ); 414 415 } 416 417 if ( $new_table == 4 ){ 418 $sql = "INSERT INTO " . $request_table_name . " ( request ) VALUES ( '.txt?' )"; 419 $result = mysql_query ( $sql ); 420 $sql = "INSERT INTO " . $request_table_name . " ( request ) VALUES ( '.gif?' )"; 421 $result = mysql_query ( $sql ); 422 $sql = "INSERT INTO " . $request_table_name . " ( request ) VALUES ( '.jpg?' )"; 423 $result = mysql_query ( $sql ); 424 $sql = "INSERT INTO " . $request_table_name . " ( request ) VALUES ( '.xml?' )"; 425 $result = mysql_query ( $sql ); 426 $sql = "INSERT INTO " . $request_table_name . " ( request ) VALUES ( 'UPDATE' )"; 427 $result = mysql_query ( $sql ); 75 428 } 76 429 } 77 430 78 79 80 // check for banned user agents and also for blank user agents 81 if ( $blacklisted == 0 ){ 82 $agent_table = $wpdb->prefix . "ttc_agent_blacklist"; 83 $sql = "SELECT agent FROM $agent_table"; 84 $agent_black_list = $wpdb->get_results ( $sql ); 85 $hacked_http_user_agent = "x" . $http_user_agent; //php reads 0 if not found, or if first position matches, this is a hack around that. PHP should return -1 not NULL !!! 86 foreach ( $agent_black_list as $blacklisted_agent ){ 87 $bad_agent = $blacklisted_agent->agent; 88 89 90 if ( strpos ( $hacked_http_user_agent, $bad_agent ) > 0 ){ 91 $blacklisted = 2; 92 }else if ( strlen ($hacked_http_user_agent) < 2 ){ 93 $blacklisted = 3; 94 } 95 } 431 432 433 434 // ----- user page ------------ 435 function ttc_security_add_menu_page() 436 { 437 add_options_page( 'Security logs', 'Security logs', 'manage_options', 'SecurityLogs', 'ttc_add_user_security_menu'); 96 438 } 97 98 99 // check for funny business in url 100 if ( $blacklisted == 0 ){ 101 $request_table = $wpdb->prefix . "ttc_request_blacklist"; 102 $sql = "SELECT request from $request_table"; 103 $request_black_list = $wpdb->get_results ( $sql ); 104 $hacked_request_uri = "x" . $request_uri; 105 foreach ( $request_black_list as $blacklisted_request ){ 106 $bad_request = $blacklisted_request->request; 107 if ( strpos ( $hacked_request_uri, $bad_request ) > 0 ){ 108 $blacklisted = 14; 109 } 110 } 111 } 112 113 114 /////////////// uncomment ( remove // at beginning of line 118 ) and change 127.0.0.1 to your ip number to keep///////////////////////////////// 115 ////////////// yourself from getting banned /////////////////////////////////////////////////////////////////////////////////////////////////// 116 // don't ban ourselves.... 117 if ( $http_local_addr == $http_remote_addr ){ 118 $blacklisted = 0; 119 } 120 //else if ( $http_remote_addr == "127.0.0.1" ){ $blacklisted = 0; } ////// change 127.0.0.1 to your ip and remove leading // to prevent self banishment 121 122 123 124 125 //update our log files 126 // if code is one update log files 127 // else update log file and ip file 128 129 if ( $blacklisted == 0 ){ 130 131 // do nothing 132 133 }else if ( $blacklisted == 1 ){ // already blacklisted ip here so just add to log 134 135 ttc_add_to_security_log( $blacklisted ); // add to log 136 137 $code = "Sorry but you are listed on our ip blacklist"; 439 440 441 function ttc_add_user_security_menu() 442 { 443 444 445 if (!current_user_can('manage_options')) { 446 wp_die( __('You do not have sufficient permissions to access this page.') ); 447 } 448 449 // wordpress db info 138 450 global $wpdb; 139 140 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 141 // print error page ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 142 // You should personalize this for your website ///////////////////////////////////////////////////////////////////////////////////////////// 143 print "<html>\n"; 144 print "<head><title>I'm sorry but you look like a bot</title></head>\n"; 145 print "<body>\n"; 146 print "<h2>Banned: $blacklisted: $code</h2>\n"; 147 print "</body>\n"; 148 print "</html>\n"; 149 /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 150 151 exit(); 152 153 }else if ( $blacklisted > 1 ) { 154 155 ttc_add_to_security_log( $blacklisted ); // add to log 156 ttc_add_to_security_blacklist( $http_remote_addr ); // add to our ip blacklist 157 158 159 if (( $blacklisted == 2 )||( $blacklisted == 3 )){ 160 $code = "Your user agent is blacklisted. <br />\nIf you are using a web browser check your computer for spyware and viruses."; 161 }else if ( $blacklisted == 11 ){ 162 $code = "Spamhaus listed spammer"; 163 }else if ( $blacklisted == 12 ){ 164 $code = "Spamhaus listed exploiter"; 165 }else if ( $blacklisted == 14 ){ 166 $code = "Attempted script or similar"; 167 } 168 169 // print error page //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 170 // You should personalize this for your website /////////////////////////////////////////////////////////////////////////////////////////////// 171 print "<html>\n"; 172 print "<head><title>I'm sorry but you look like a bot</title></head>\n"; 173 print "<body>\n"; 174 print "<h2>Banned: $blacklisted: $code</h2>\n"; 175 print "</body>\n"; 176 print "</html>\n"; 177 /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 178 179 exit(); 180 181 } 182 } 183 184 185 186 187 // add any funny stuff to security log 188 function ttc_add_to_security_log( $error ) 189 { 190 191 global $wpdb; 192 $log_table_name = $wpdb->prefix . "ttc_security_log"; 193 $request_time = $_SERVER['REQUEST_TIME']; 194 $http_accept = $_SERVER['HTTP_ACCEPT']; 195 $http_user_agent = $_SERVER['HTTP_USER_AGENT']; 196 $http_remote_addr = $_SERVER['REMOTE_ADDR']; 197 $http_request_uri = $_SERVER['REQUEST_URI']; 198 199 if($wpdb->get_var("show tables like '$log_table_name'") != $log_table_name) { 200 ttc_wp_user_registration_install(); 201 } 202 203 // wtf? accept statements coming in at over 255 chars? Prevent sql errors and any funny business 204 // by shortening anything from user to 200 chars if over 255 205 if ( strlen($http_request_uri ) > 200 ){ $email = substr ($http_requst_uri, 0, 200 ); } 206 if ( strlen($http_accept ) > 200 ) { $http_accept = substr ( $http_accept, 0, 200 ); } 207 if ( strlen($http_user_agent ) > 200 ) { $http_user_agent = substr ( $http_user_agent, 0, 200 ); } 208 209 $sql = "INSERT INTO " . $log_table_name . " ( ip, problem, accept, agent, request, day ) 210 VALUES ( '$http_remote_addr', '$error', '$http_accept', '$http_user_agent', '$http_request_uri', NOW() )"; 211 $result = $wpdb->query( $sql ); 212 213 } 214 215 216 // automatically black list bozos ip numbers 217 function ttc_add_to_security_blacklist( $ip ) 218 { 219 global $wpdb; 220 $ip_table_name = $wpdb->prefix . "ttc_ip_blacklist"; 221 222 if($wpdb->get_var("show tables like '$ip_table_name'") != $ip_table_name) { 223 ttc_wp_user_registration_install(); 224 } 225 226 $sql = "INSERT INTO " . $ip_table_name . " ( ip ) VALUES ( '$ip' ) "; 227 $result = $wpdb->query( $sql ); 228 229 } 230 231 232 233 234 235 236 // make sure all our tables are here, create them if not 237 function ttc_security_install() 238 { 239 global $wpdb; 240 $log_table_name = $wpdb->prefix . "ttc_security_log"; 241 $ip_table_name = $wpdb->prefix . "ttc_ip_blacklist"; 242 $agent_table_name = $wpdb->prefix . "ttc_agent_blacklist"; 243 $request_table_name = $wpdb->prefix . "ttc_request_blacklist"; 244 245 $new_table = 0; 246 247 248 if($wpdb->get_var("SHOW TABLES LIKE '$log_table_name'") != $log_table_name) { 249 250 $sql = "CREATE TABLE " . $log_table_name . " ( 251 ip varchar(16), 252 problem int(3), 253 accept varchar(255), 254 agent varchar(255), 255 request varchar(255), 256 day datetime 257 );"; 258 259 $new_table = 1; 260 } 261 262 263 if( $wpdb->get_var("SHOW TABLES LIKE '$ip_table_name'") != $ip_table_name ){ 264 265 $sql = "CREATE TABLE ". $ip_table_name ." ( 266 ip varchar(255) UNIQUE 267 );"; 268 269 $new_table = 2; 270 } 271 272 273 if( $wpdb->get_var("SHOW TABLES LIKE '$agent_table_name'") != $agent_table_name ){ 274 275 $sql = "CREATE TABLE ". $agent_table_name ." ( 276 agent varchar(255) UNIQUE 277 );"; 278 279 $new_table = 3; 280 } 281 282 if( $wpdb->get_var("SHOW TABLES LIKE '$request_table_name'") != $request_table_name ){ 283 284 $sql = "CREATE TABLE ". $request_table_name ." ( 285 request varchar(255) UNIQUE 286 );"; 287 288 $new_table = 4; 289 } 290 291 if ( $new_table ){ 292 require_once(ABSPATH . 'wp-admin/upgrade-functions.php'); 293 dbDelta($sql); 294 } 295 296 //insert some default values to get user started 297 if( $new_table == 3 ){ 298 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'AnotherBot' )"; 299 $result = mysql_query( $sql ); 300 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'WebRipper' )"; 301 $result = mysql_query( $sql ); 302 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'Winnie Poh' )"; 303 $result = mysql_query( $sql ); 304 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'EmailSearch' )"; 305 $result = mysql_query( $sql ); 306 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'curl' )"; 307 $result = mysql_query( $sql ); 308 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'DataCha0s' )"; 309 $result = mysql_query( $sql ); 310 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'HTTrack' )"; 311 $result = mysql_query( $sql ); 312 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'libcurl' )"; 313 $result = mysql_query( $sql ); 314 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'libwww-perl' )"; 315 $result = mysql_query( $sql ); 316 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'PEAR' )"; 317 $result = mysql_query( $sql ); 318 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'PECL' )"; 319 $result = mysql_query( $sql ); 320 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'Security Kol' )"; 321 $result = mysql_query( $sql ); 322 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'Site Sniper' )"; 323 $result = mysql_query( $sql ); 324 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'Wget' )"; 325 $result = mysql_query( $sql ); 326 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'botpaidtoclick' )"; 327 $result = mysql_query( $sql ); 328 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'Click Bot' )"; 329 $result = mysql_query( $sql ); 330 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'EmailSiphon' )"; 331 $result = mysql_query( $sql ); 332 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'GrubNG' )"; 333 $result = mysql_query( $sql ); 334 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'lwp-request' )"; 335 $result = mysql_query( $sql ); 336 $sql = "INSERT INTO " . $agent_table_name . " ( agent ) VALUES ( 'lwp-trivial' )"; 337 $result = mysql_query( $sql ); 338 339 } 340 341 if ( $new_table == 4 ){ 342 $sql = "INSERT INTO " . $request_table_name . " ( request ) VALUES ( '.txt?' )"; 343 $result = mysql_query ( $sql ); 344 $sql = "INSERT INTO " . $request_table_name . " ( request ) VALUES ( '.gif?' )"; 345 $result = mysql_query ( $sql ); 346 $sql = "INSERT INTO " . $request_table_name . " ( request ) VALUES ( '.jpg?' )"; 347 $result = mysql_query ( $sql ); 348 $sql = "INSERT INTO " . $request_table_name . " ( request ) VALUES ( '.xml?' )"; 349 $result = mysql_query ( $sql ); 350 $sql = "INSERT INTO " . $request_table_name . " ( request ) VALUES ( 'UPDATE' )"; 351 $result = mysql_query ( $sql ); 352 } 353 } 354 355 356 357 358 // ----- user page ------------ 359 function ttc_security_add_menu_page() 360 { 361 if ( function_exists('add_management_page')){ 362 add_management_page( 'Security logs', 'Security logs', 8, 'Security Logs', 'ttc_add_user_security_menu'); 363 } 364 } 365 366 367 function ttc_add_user_security_menu() 368 { 369 370 global $wpdb; 371 $log_table_name = $wpdb->prefix . "ttc_security_log"; 372 $ip_table_name = $wpdb->prefix . "ttc_ip_blacklist"; 373 $agent_table_name = $wpdb->prefix . "ttc_agent_blacklist"; 374 $request_table_name = $wpdb->prefix . "ttc_request_blacklist"; 375 451 global $ttc_wpdb_prefix; 452 453 454 if (!current_user_can('manage_options')) { 455 wp_die( __('You do not have sufficient permissions to access this page.') ); 456 } 457 458 // our table info 459 global $log_table_name; 460 global $ip_table_name; 461 global $agent_table_name; 462 global $request_table_name; 463 376 464 //print logs 377 465 // how many log entries do we want? … … 384 472 print "</form>"; 385 473 print "</td></tr></table>"; 386 474 475 // fetch most recent lines 387 476 $log_count = 25; 388 477 … … 390 479 $log_count = $_POST['log_lines']; 391 480 } 392 393 481 482 394 483 // create tables if they don't already exist 395 484 if($wpdb->get_var("SHOW TABLES LIKE '$blacklist_table_name'") != $blacklist_table_name ) { 396 485 ttc_security_install(); 397 486 } 398 487 if($wpdb->get_var("SHOW TABLES LIKE '$ip_table_name'") != $ip_table_name ) { 399 488 ttc_security_install(); 400 489 } 401 490 if($wpdb->get_var("SHOW TABLES LIKE '$agent_table_name'") != $agent_table_name ) { 402 491 ttc_security_install(); 403 492 } 404 493 if($wpdb->get_var("SHOW TABLES LIKE '$request_table_name'") != $request_table_name ) { 405 406 } 407 494 ttc_security_install(); 495 } 496 408 497 // clean out logs and remove entries older than 8 days 409 498 $sql = "DELETE FROM $log_table_name WHERE day < (CURRENT_DATE - INTERVAL 8 DAY )"; 410 499 $deleted = $wpdb->get_results ( $sql ); 411 500 412 501 //fetch log information 413 502 $sql = "SELECT ip, problem, accept, agent, request, date_format( day, '%M %d %Y %H:%i:%s') AS time_stamp FROM $log_table_name ORDER BY day DESC LIMIT $log_count"; 414 503 $log = (array)$wpdb->get_results ( $sql ); 415 416 504 505 417 506 // print log files to the admin 418 507 print "<br>Most recent log entries<br>"; … … 420 509 421 510 foreach ( $log as $log_entry ){ 422 423 $code = ""; 424 425 if( $log_entry->problem == 1){ 426 $code = "On our ip blacklist"; 427 }else if ( $log_entry->problem == 2 ){ 428 $code = "<font color=\"blue\">On our user agent blacklist</font>"; 429 }else if ( $log_entry->problem == 3 ){ 430 $code = "<font color=\"blue\">User agent field is blank</font>"; 431 }else if ( $log_entry->problem == 11 ){ 432 $code = "<font color=\"red\">Spamhaus listed spammer</font>"; 433 }else if ( $log_entry->problem == 12 ){ 434 $code = "<font color=\"red\">Spamhaus listed exploiter</font>"; 435 }else if ( $log_entry->problem == 13 ){ 436 $code = "<font color=\"red\">Attempted POST</font>"; 437 }else if ( $log_entry->problem == 14 ){ 438 $code = "<font color=\"red\">Attempted hack</font>"; 439 } 440 441 442 print "<br>IP: <font color=\"olive\">$log_entry->ip</font>"; 443 print " <font color=\"green\">$log_entry->time_stamp</font>"; 444 print "<br>Request: <font color\"blue\">$log_entry->request</font>"; 445 print "<br>Code: <font color=\"teal\">$code</font>"; 446 print "<br>Accept: <font color=\"green\">$log_entry->accept</font>"; 447 print "<br>Agent: <font color=\"navy\">$log_entry->agent</font>"; 448 449 print "<br><hr>"; 450 451 } 452 //print "\n</table>\n"; 453 454 455 511 512 $code = ""; 513 514 if( $log_entry->problem == 1){ 515 $code = "On our ip blacklist"; 516 }else if ( $log_entry->problem == 2 ){ 517 $code = "<font color=\"blue\">On our user agent blacklist</font>"; 518 }else if ( $log_entry->problem == 3 ){ 519 $code = "<font color=\"blue\">User agent field is blank</font>"; 520 }else if ( $log_entry->problem == 11 ){ 521 $code = "<font color=\"red\">Spamhaus listed spammer</font>"; 522 }else if ( $log_entry->problem == 12 ){ 523 $code = "<font color=\"red\">Spamhaus listed exploiter</font>"; 524 }else if ( $log_entry->problem == 13 ){ 525 $code = "<font color=\"red\">Attempted POST</font>"; 526 }else if ( $log_entry->problem == 14 ){ 527 $code = "<font color=\"red\">Attempted hack</font>"; 528 } 529 530 531 print "<br>IP: <font color=\"olive\">$log_entry->ip</font>"; 532 print " <font color=\"green\">$log_entry->time_stamp</font>"; 533 print "<br>Request: <font color\"blue\">$log_entry->request</font>"; 534 print "<br>Code: <font color=\"teal\">$code</font>"; 535 print "<br>Accept: <font color=\"green\">$log_entry->accept</font>"; 536 print "<br>Agent: <font color=\"navy\">$log_entry->agent</font>"; 537 538 print "<br><hr>"; 539 540 } 541 542 543 456 544 print "\n<table border=\"6\" width=\"800\"><tr><td>"; 457 545 458 546 // print the ip black list for editing and review to admin 459 547 if( $ipblacklist = $_POST['ipblacklist'] ){ 460 548 $wpdb->query ( "DELETE FROM $ip_table_name WHERE 1=1" ); 461 549 $ipblacklist = explode( "\n", $ipblacklist ); 462 550 463 551 foreach ( $ipblacklist as $ip ){ 464 552 $ip = trim ( $ip ); … … 469 557 } 470 558 } 471 559 472 560 print "<form method=\"post\">"; 473 561 print "\n<table border=\"1\"><tr><td>This is your ip banished list: <br />Add or remove ips as you wish <br /> One per line</td></tr>"; 474 562 print "<tr><td><textarea name='ipblacklist' cols='20' rows='20' >"; 475 563 476 564 $sql = "SELECT ip FROM $ip_table_name ORDER BY ip"; 477 565 $blacklisted_ips = (array)$wpdb->get_results( $sql ); 478 566 479 567 foreach( $blacklisted_ips as $ips ){ 480 568 echo $ips->ip . "\n"; 481 569 } 482 570 483 571 print "\n</textarea></td></tr></table>"; 484 572 485 573 print "<input type=\"submit\" name=\"ttc_ip_blacklist_update\" value=\"Update IP blacklist\">"; 486 574 print "</form>"; 487 575 488 576 print "</td><td>"; 489 577 … … 492 580 $wpdb->query ( "DELETE FROM $agent_table_name WHERE 1=1" ); 493 581 $agentblacklist = explode( "\n", $agentblacklist ); 494 582 495 583 foreach ( $agentblacklist as $agent ){ 496 584 $agent = trim ( $agent ); … … 501 589 } 502 590 } 503 504 505 591 592 593 506 594 print "<form method=\"post\">"; 507 595 print "\n<table border=\"1\"><tr><td>This is your agent banished list: <br />Add or remove agents as you wish <br /> One per line</td></tr>"; 508 596 print "<tr><td><textarea name='agentblacklist' cols='30' rows='20' >"; 509 597 510 598 $sql = "SELECT agent FROM $agent_table_name ORDER BY agent"; 511 599 $blacklisted_agents = (array)$wpdb->get_results( $sql ); 512 600 513 601 foreach( $blacklisted_agents as $agents ){ 514 602 echo $agents->agent . "\n"; 515 603 } 516 604 517 605 print "\n</textarea></td></tr></table>"; 518 606 519 607 print "<input type=\"submit\" name=\"ttc_agent_blacklist_update\" value=\"Update agent blacklist\">"; 520 608 print "</form>"; 521 609 print "</td><td>"; 522 523 524 610 611 612 525 613 // print the request black list for editing and review to admin 526 614 if( $requestblacklist = $_POST['requestblacklist'] ){ 527 615 $wpdb->query ( "DELETE FROM $request_table_name WHERE 1=1" ); 528 616 $requestblacklist = explode( "\n", $requestblacklist ); 529 617 530 618 foreach ( $requestblacklist as $request ){ 531 619 $request = trim ( $request ); … … 536 624 } 537 625 } 538 539 626 627 540 628 print "<form method=\"post\">"; 541 629 print "\n<table border=\"1\"><tr><td>This is your request blacklist: <br />Add or remove requests as you wish <br /> One per line</td></tr>"; 542 630 print "<tr><td><textarea name='requestblacklist' cols='30' rows='20' >"; 543 631 544 632 $sql = "SELECT request FROM $request_table_name ORDER BY request"; 545 633 $blacklisted_requests = (array)$wpdb->get_results( $sql ); 546 634 547 635 foreach( $blacklisted_requests as $requests ){ 548 636 echo $requests->request . "\n"; 549 637 } 550 638 551 639 print "</textarea></td></tr></table>"; 552 640 553 641 print "<input type=\"submit\" name=\"ttc_request_blacklist_update\" value=\"Update request blacklist\">"; 554 642 print "</form>"; 555 643 print "\n</td></tr></table>"; 556 557 644 print "\n</td></tr></table>"; 558 645 print "\n<br> Be sure to occasionally check <a href=\"http://herselfswebtools.com/2008/06/bots-im-blocking.html\">Bots I'm blocking to update your list</a>"; 559 646 print "\n<br> And check <a href=\"http://herselfswebtools.com/2008/06/requests-im-blocking.html\">Requests I'm blocking to keep your list up to date</a>"; 560 561 562 } 563 564 565 566 add_action( 'admin_menu', 'ttc_security_add_menu_page' ); //add admin menu for user interaction 567 add_action( "init", 'ttc_security' ); // run when wordpress is run 568 569 ?> 647 } 648 649 650 651 add_action( 'admin_menu', 'ttc_security_add_menu_page' ); //add admin menu for user interaction 652 add_action( "init", 'ttc_security' ); // run when wordpress is run 653 654 ?> -
ttc-wordpress-security-plugin/trunk/readme.txt
r347910 r408446 4 4 Requires at least: 2.5 5 5 Tested up to: 3.0.5 6 Stable tag: 2. 66 Stable tag: 2.7 7 7 8 8 This plugin blocks scrapers, cross-site scripting attempts, and other ill behaved bots. This is the second of three security plugins. -
ttc-wordpress-security-plugin/trunk/ttc_security.php
r347910 r408446 3 3 /* 4 4 Plugin Name: TimesToCome Security Plugin 5 Version: 2. 65 Version: 2.7 6 6 Plugin URI: http://herselfswebtools.com/2008/06/wordpress-security-plugin-block-scrapers-hackers-and-more.html 7 7 Description: Security plugin for Wordpress … … 36 36 //Feb. 2011 version 2.6 clean up, speed up, 37 37 // ************************************************************************************************************ 38 //Jul 2011 fix requests and accepts not being stored 39 //************************************************************************************************************ 38 40 39 41 … … 50 52 $request_uri = $_SERVER['REQUEST_URI']; 51 53 $request_method = $_SERVER['REQUEST_METHOD']; 54 55 52 56 53 57 // ttc variables … … 178 182 179 183 180 181 182 184 185 186 183 187 //update our log files 184 188 // if code is one update log files … … 188 192 189 193 // do nothing all is right and wonderful in the world 190 194 $blacklisted = 0; 195 196 191 197 }else if ( $blacklisted == 1 ){ // already blacklisted ip here so just add to log 192 198 … … 253 259 global $http_user_agent; 254 260 global $http_remote_addr; 255 global $http_request_uri; 256 261 global $request_uri; 257 262 258 263 259 264 // wtf? accept statements coming in at over 255 chars? Prevent sql errors and any funny business 260 265 // by shortening anything from user to 200 chars if over 255 261 if ( strlen($ http_request_uri ) > 200 ){ $email = substr ($http_requst_uri, 0, 200 ); }266 if ( strlen($request_uri ) > 200 ){ $email = substr ($request_uri, 0, 200 ); } 262 267 if ( strlen($http_accept ) > 200 ) { $http_accept = substr ( $http_accept, 0, 200 ); } 263 268 if ( strlen($http_user_agent ) > 200 ) { $http_user_agent = substr ( $http_user_agent, 0, 200 ); } … … 268 273 $http_user_agent = htmlentities($http_user_agent); 269 274 $http_remote_addr = htmlentities($http_remote_addr); 270 $ http_request_uri = htmlentities($http_request_uri);275 $request_uri = htmlentities($request_uri); 271 276 272 277 // ok now stuff the info into the log files in the db 273 278 $sql = "INSERT INTO " . $log_table_name . " ( ip, problem, accept, agent, request, day ) 274 VALUES ( '$http_remote_addr', '$error', '$http_accept', '$http_user_agent', '$ http_request_uri', NOW() )";279 VALUES ( '$http_remote_addr', '$error', '$http_accept', '$http_user_agent', '$request_uri', NOW() )"; 275 280 $result = $wpdb->query( $sql ); 276 281
Note: See TracChangeset
for help on using the changeset viewer.