Changeset 432898
- Timestamp:
- 09/03/2011 02:16:33 PM (15 years ago)
- Location:
- ttc-wordpress-security-plugin/trunk
- Files:
-
- 1 added
- 2 edited
-
readme.txt (modified) (2 diffs)
-
security.jpg (added)
-
ttc_security.php (modified) (15 diffs)
Legend:
- Unmodified
- Added
- Removed
-
ttc-wordpress-security-plugin/trunk/readme.txt
r422619 r432898 4 4 Requires at least: 2.5 5 5 Tested up to: 3.2.1 6 Stable tag: 3. 06 Stable tag: 3.2 7 7 8 8 This plugin blocks scrapers, cross-site scripting attempts, and other ill behaved bots. This is the second of three security plugins. … … 10 10 11 11 12 == Screenshots ==13 1. Admin screen security.jpg14 12 15 13 == Description == -
ttc-wordpress-security-plugin/trunk/ttc_security.php
r422619 r432898 2 2 /** 3 3 * @package TimesToCome_Security_Plugin 4 * @version 3. 04 * @version 3.2 5 5 **/ 6 6 /* 7 7 Plugin Name: TimesToCome Security Plugin 8 Version: 3. 08 Version: 3.2 9 9 Plugin URI: http://herselfswebtools.com/2008/06/wordpress-security-plugin-block-scrapers-hackers-and-more.html 10 10 Description: Security plugin for Wordpress … … 45 45 //Aug 2011 version 3.0 improves ui and cleans up code adds install/uninstall functions 46 46 // ************************************************************************************************************ 47 //Aug 2011 version 3.1 fix overwriting of log file names 48 // ************************************************************************************************************ 49 // Sept 2011 version 3.2 fix redirect loops 50 // ************************************************************************************************************ 47 51 48 52 … … 61 65 $request_method = $_SERVER['REQUEST_METHOD']; 62 66 63 64 65 67 66 68 … … 73 75 $ttc_wpdb_prefix = $wpdb->prefix; 74 76 75 $log_table_name = $ttc_wpdb_prefix . "ttc_security_log"; 77 78 79 // table info 80 $log_table_name = $ttc_wpdb_prefix . "ttc_security_log"; 76 81 $ip_table_name = $ttc_wpdb_prefix . "ttc_ip_blacklist"; 77 82 $agent_table_name = $ttc_wpdb_prefix . "ttc_agent_blacklist"; 78 83 $request_table_name = $ttc_wpdb_prefix . "ttc_request_blacklist"; 79 84 85 80 86 81 87 // server variables … … 90 96 // local variables 91 97 $blacklisted = 0; 92 93 94 95 98 99 100 96 101 97 102 ////******************************************** … … 118 123 // hack so null doesn't equal a match 119 124 $hacked_http_remote_addr = "x" . $http_remote_addr; 125 120 126 if ((strpos ( $hacked_http_remote_addr, $bad_ip, 1 )) == 1 ){ 121 127 $blacklisted = 1; … … 123 129 } 124 130 } 125 126 131 127 132 … … 160 165 } 161 166 162 163 164 167 165 168 166 169 … … 173 176 174 177 175 176 177 178 178 //update our log files 179 179 // if code is one update log files 180 180 // else update log file and ip file 181 182 // $blacklisted = 3; // use for testing 181 183 182 184 if ( $blacklisted == 0 ){ 183 185 184 186 // do nothing all is right and wonderful in the world 185 187 188 186 189 }else if ( $blacklisted == 1 ){ // already blacklisted ip here so just add to log 187 190 188 191 // too many to log, log entries growing too fast 189 //ttc_add_to_security_log( $blacklisted ); // add to log192 // ttc_add_to_security_log( $blacklisted ); // add to log 190 193 191 194 $code = "Sorry but you are listed on our ip blacklist"; … … 198 201 $host = $_SERVER['HTTP_HOST']; 199 202 $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); 200 header("Location: http://$host$uri"); 203 // header("Location: http://$host$uri"); 204 205 header('HTTP/1.0 404 Not Found'); 201 206 202 207 exit(); … … 224 229 $host = $_SERVER['HTTP_HOST']; 225 230 $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); 226 header("Location: http://$host$uri"); 227 228 231 // header("Location: http://$host$uri"); 232 233 header('HTTP/1.0 404 Not Found'); 234 235 229 236 exit(); 230 237 231 238 } 239 240 232 241 } 233 242 … … 238 247 function ttc_add_to_security_log( $error ) 239 248 { 240 // wordpress db info 241 global $wpdb; 242 $ttc_wpdb_prefix = $wpdb->prefix; 243 244 // server variables 249 250 // server variables 245 251 global $log_table_name; 246 252 global $request_time; … … 249 255 global $http_remote_addr; 250 256 global $request_uri; 251 252 257 258 259 // wordpress db info 260 global $wpdb; 261 $ttc_wpdb_prefix = $wpdb->prefix; 262 263 264 $log_table_name = $ttc_wpdb_prefix . "ttc_security_log"; 265 $ip_table_name = $ttc_wpdb_prefix . "ttc_ip_blacklist"; 266 $agent_table_name = $ttc_wpdb_prefix . "ttc_agent_blacklist"; 267 $request_table_name = $ttc_wpdb_prefix . "ttc_request_blacklist"; 268 269 253 270 // wtf? accept statements coming in at over 255 chars? Prevent sql errors and any funny business 254 271 // by shortening anything from user to 200 chars if over 255 … … 266 283 // ok now stuff the info into the log files in the db 267 284 $sql = "INSERT INTO " . $log_table_name . " ( ip, problem, accept, agent, request, day ) 268 285 VALUES ( '$http_remote_addr', '$error', '$http_accept', '$http_user_agent', '$request_uri', NOW() )"; 269 286 $result = $wpdb->query( $sql ); 270 271 } 287 288 289 } 290 291 272 292 273 293 … … 280 300 global $ip_table_name; 281 301 282 302 $ttc_wpdb_prefix = $wpdb->prefix; 303 $ip_table_name = $ttc_wpdb_prefix . "ttc_ip_blacklist"; 304 305 283 306 // insert ip number into blacklisted ip table 284 307 $sql = "INSERT INTO " . $ip_table_name . " ( ip ) VALUES ( '$ip' ) "; 285 308 $result = $wpdb->query( $sql ); 286 309 287 310 } 288 311
Note: See TracChangeset
for help on using the changeset viewer.