gotmls
Last commit date
images
11 years ago
languages
11 years ago
safe-load
11 years ago
index.php
11 years ago
readme.txt
11 years ago
safe-load.php
12 years ago
safe-load.php
40 lines
| 1 | <?php |
| 2 | // START Security Patch by GOTMLS.NET |
| 3 | //if(!session_save_path()) session_save_path(dirname(__FILE__).'/images/'); |
| 4 | if (!session_id()) |
| 5 | @session_start(); |
| 6 | if (!(isset($_SESSION["GOTMLS_login_attempts"]) && strlen($_SESSION["GOTMLS_login_attempts"]."") > 0 && is_numeric($_SESSION["GOTMLS_login_attempts"]))) |
| 7 | $_SESSION["GOTMLS_login_attempts"] = 0; |
| 8 | if (!(isset($_SESSION["GOTMLS_login_ok"]) && $_SESSION["GOTMLS_login_ok"] === true)) |
| 9 | $_SESSION["GOTMLS_login_ok"] = false; |
| 10 | if ($_SESSION["GOTMLS_login_ok"] && $_SESSION["GOTMLS_login_attempts"] == 0) |
| 11 | $_SESSION["GOTMLS_login_attempts"] = 1; |
| 12 | @date_default_timezone_set(@date_default_timezone_get()); |
| 13 | $GOTMLS_time = @date("mdHm"); |
| 14 | if (file_exists(dirname(__FILE__).'/../../../.GOTMLS.failed.login.attempt.from.'.$_SERVER["REMOTE_ADDR"].'.php')) |
| 15 | include(dirname(__FILE__).'/../../../.GOTMLS.failed.login.attempt.from.'.$_SERVER["REMOTE_ADDR"].'.php'); |
| 16 | elseif (isset($_GET["GOTMLS_SESSION_check"]) && is_numeric($_GET["GOTMLS_SESSION_check"])) { |
| 17 | if ($_SESSION["GOTMLS_login_attempts"] == 0) { |
| 18 | $_SESSION["GOTMLS_login_attempts"] = 1; |
| 19 | if ('IP'.str_replace('.','',$_SERVER["REMOTE_ADDR"]) == 'IP'.$_GET["GOTMLS_SESSION_check"]) |
| 20 | die("<script>window.location.replace('wp-login.php?GOTMLS_SESSION_check=$GOTMLS_time');</script>"); |
| 21 | elseif ($_GET["GOTMLS_SESSION_check"] == $GOTMLS_time || ($_GET["GOTMLS_SESSION_check"] + 1) == $GOTMLS_time) { |
| 22 | if (@file_put_contents(dirname(__FILE__).'/../../../.GOTMLS.failed.login.attempt.from.'.$_SERVER["REMOTE_ADDR"].'.php', '<?php $_SESSION["GOTMLS_login_attempts"] = 1; //set this value to 0 to block all login attempts from this IP '.$_SERVER["REMOTE_ADDR"])) |
| 23 | die('SESSION FAILURE: Your IP address has been logged.'); |
| 24 | else |
| 25 | die('SESSION FAILURE: No way to login.'); |
| 26 | } |
| 27 | } else |
| 28 | die('SESSION TEST PASSED! You should be able to login now.'); |
| 29 | } |
| 30 | if ($_SERVER["REQUEST_METHOD"] == "POST" || isset($_POST["user_login"])) { |
| 31 | $_SESSION["GOTMLS_login_attempts"]++; |
| 32 | if ($_SESSION["GOTMLS_login_attempts"] < 2 || $_SESSION["GOTMLS_login_attempts"] > 6) |
| 33 | die("<html><head><title>Login Error</title></head><body style='margin-top: 0;'><!-- ".$_SESSION["GOTMLS_login_attempts"]." -->\n".'<div id="help-meta" style="background-color: #CCCCCC; display: none; margin: 0 15px; padding: 10px; border-bottom-left-radius: 5px; border-bottom-right-radius: 5px;">This message is shown whenever a possible brute-force attack is detected. Click the link below to have another shot at logging in.<br><iframe src="wp-login.php?GOTMLS_SESSION_check='.str_replace('.','',$_SERVER["REMOTE_ADDR"]).'" style="width: 100%; height: 35px; margin: 10px 0;"></iframe></div><div style="background-color: #CCCCCC; margin: 0 25px; float: right; padding: 10px; border-bottom-left-radius: 5px; border-bottom-right-radius: 5px;"><a onclick="hbox=document.getElementById(\'help-meta\');if (hbox.style.display==\'block\') hbox.style.display=\'none\'; else hbox.style.display=\'block\';" href="#help-meta">Help</a></div><br>'."\n<p>Just what do you think you are doing?</p><p><a href='wp-login.php'>Open the login page to try again</a></p></body></html>"); |
| 34 | } else { |
| 35 | $_SESSION["GOTMLS_login_ok"] = true; |
| 36 | $_SESSION["GOTMLS_login_attempts"] = 1; |
| 37 | } |
| 38 | $save_GOTMLS_login_attempts = $_SESSION['GOTMLS_login_attempts']; |
| 39 | $save_GOTMLS_login_ok = $_SESSION['GOTMLS_login_ok']; |
| 40 | // END Security Patch by GOTMLS.NET |