Diff
9 years ago
dashboard
9 years ago
.htaccess
14 years ago
Diff.php
14 years ago
GeoIP.dat
9 years ago
GeoIPv6.dat
9 years ago
IPTraf.php
9 years ago
compat.php
10 years ago
conntest.php
11 years ago
cronview.php
10 years ago
dashboard.php
9 years ago
dbview.php
11 years ago
diffResult.php
11 years ago
email_genericAlert.php
9 years ago
email_newIssues.php
9 years ago
email_passwdChanged.php
10 years ago
email_pleaseChangePasswd.php
10 years ago
email_unlockRequest.php
11 years ago
live_activity.php
9 years ago
menu_activity.php
9 years ago
menu_blocking.php
9 years ago
menu_blocking_advancedBlocking.php
9 years ago
menu_blocking_blockedIPs.php
9 years ago
menu_blocking_countryBlocking.php
9 years ago
menu_dashboard.php
9 years ago
menu_firewall.php
9 years ago
menu_firewall_bruteForce.php
9 years ago
menu_firewall_rateLimiting.php
9 years ago
menu_firewall_waf.php
9 years ago
menu_options.php
9 years ago
menu_scan.php
9 years ago
menu_scan_options.php
9 years ago
menu_scan_scan.php
9 years ago
menu_scan_schedule.php
9 years ago
menu_tools.php
9 years ago
menu_tools_diagnostic.php
9 years ago
menu_tools_passwd.php
9 years ago
menu_tools_twoFactor.php
9 years ago
menu_tools_whois.php
9 years ago
pageTitle.php
9 years ago
schedWeekEntry.php
12 years ago
sysinfo.php
10 years ago
unknownFiles.php
11 years ago
viewFullActivityLog.php
9 years ago
wf503.php
9 years ago
wfAPI.php
9 years ago
wfAction.php
14 years ago
wfActivityReport.php
9 years ago
wfArray.php
13 years ago
wfBrowscap.php
12 years ago
wfBrowscapCache.php
9 years ago
wfBulkCountries.php
13 years ago
wfCache.php
9 years ago
wfConfig.php
9 years ago
wfCountryMap.php
13 years ago
wfCrawl.php
10 years ago
wfCrypt.php
11 years ago
wfDB.php
9 years ago
wfDashboard.php
9 years ago
wfDiagnostic.php
9 years ago
wfDict.php
14 years ago
wfDirectoryIterator.php
11 years ago
wfGeoIP.php
9 years ago
wfHelperBin.php
11 years ago
wfHelperString.php
11 years ago
wfIPWhitelist.php
9 years ago
wfIssues.php
9 years ago
wfLockedOut.php
9 years ago
wfLog.php
9 years ago
wfMD5BloomFilter.php
9 years ago
wfNotification.php
9 years ago
wfRESTAPI.php
9 years ago
wfRate.php
10 years ago
wfScan.php
9 years ago
wfScanEngine.php
9 years ago
wfSchema.php
9 years ago
wfStyle.php
9 years ago
wfUnlockMsg.php
10 years ago
wfUpdateCheck.php
9 years ago
wfUtils.php
9 years ago
wfView.php
10 years ago
wfViewResult.php
11 years ago
wordfenceClass.php
9 years ago
wordfenceConstants.php
9 years ago
wordfenceHash.php
9 years ago
wordfenceScanner.php
9 years ago
wordfenceURLHoover.php
9 years ago
wordfenceURLHoover.php
282 lines
| 1 | <?php |
| 2 | require_once('wfAPI.php'); |
| 3 | require_once('wfArray.php'); |
| 4 | class wordfenceURLHoover { |
| 5 | private $debug = false; |
| 6 | public $errorMsg = false; |
| 7 | private $hostsToAdd = false; |
| 8 | private $table = ''; |
| 9 | private $apiKey = false; |
| 10 | private $wordpressVersion = false; |
| 11 | private $useDB = true; |
| 12 | private $hostKeys = array(); |
| 13 | private $hostList = array(); |
| 14 | public $currentHooverID = false; |
| 15 | private $_foundSome = false; |
| 16 | private $dRegex = 'AAA|AARP|ABB|ABBOTT|ABBVIE|ABOGADO|ABUDHABI|AC|ACADEMY|ACCENTURE|ACCOUNTANT|ACCOUNTANTS|ACO|ACTIVE|ACTOR|AD|ADAC|ADS|ADULT|AE|AEG|AERO|AETNA|AF|AFL|AG|AGAKHAN|AGENCY|AI|AIG|AIRFORCE|AIRTEL|AKDN|AL|ALIBABA|ALIPAY|ALLFINANZ|ALLY|ALSACE|AM|AMICA|AMSTERDAM|ANALYTICS|ANDROID|ANQUAN|AO|APARTMENTS|APP|APPLE|AQ|AQUARELLE|AR|ARAMCO|ARCHI|ARMY|ARPA|ARTE|AS|ASIA|ASSOCIATES|AT|ATTORNEY|AU|AUCTION|AUDI|AUDIO|AUTHOR|AUTO|AUTOS|AVIANCA|AW|AWS|AX|AXA|AZ|AZURE|BA|BABY|BAIDU|BAND|BANK|BAR|BARCELONA|BARCLAYCARD|BARCLAYS|BAREFOOT|BARGAINS|BAUHAUS|BAYERN|BB|BBC|BBVA|BCG|BCN|BD|BE|BEATS|BEER|BENTLEY|BERLIN|BEST|BET|BF|BG|BH|BHARTI|BI|BIBLE|BID|BIKE|BING|BINGO|BIO|BIZ|BJ|BLACK|BLACKFRIDAY|BLOG|BLOOMBERG|BLUE|BM|BMS|BMW|BN|BNL|BNPPARIBAS|BO|BOATS|BOEHRINGER|BOM|BOND|BOO|BOOK|BOOTS|BOSCH|BOSTIK|BOT|BOUTIQUE|BR|BRADESCO|BRIDGESTONE|BROADWAY|BROKER|BROTHER|BRUSSELS|BS|BT|BUDAPEST|BUGATTI|BUILD|BUILDERS|BUSINESS|BUY|BUZZ|BV|BW|BY|BZ|BZH|CA|CAB|CAFE|CAL|CALL|CAMERA|CAMP|CANCERRESEARCH|CANON|CAPETOWN|CAPITAL|CAR|CARAVAN|CARDS|CARE|CAREER|CAREERS|CARS|CARTIER|CASA|CASH|CASINO|CAT|CATERING|CBA|CBN|CC|CD|CEB|CENTER|CEO|CERN|CF|CFA|CFD|CG|CH|CHANEL|CHANNEL|CHASE|CHAT|CHEAP|CHLOE|CHRISTMAS|CHROME|CHURCH|CI|CIPRIANI|CIRCLE|CISCO|CITIC|CITY|CITYEATS|CK|CL|CLAIMS|CLEANING|CLICK|CLINIC|CLINIQUE|CLOTHING|CLOUD|CLUB|CLUBMED|CM|CN|CO|COACH|CODES|COFFEE|COLLEGE|COLOGNE|COM|COMMBANK|COMMUNITY|COMPANY|COMPARE|COMPUTER|COMSEC|CONDOS|CONSTRUCTION|CONSULTING|CONTACT|CONTRACTORS|COOKING|COOL|COOP|CORSICA|COUNTRY|COUPON|COUPONS|COURSES|CR|CREDIT|CREDITCARD|CREDITUNION|CRICKET|CROWN|CRS|CRUISES|CSC|CU|CUISINELLA|CV|CW|CX|CY|CYMRU|CYOU|CZ|DABUR|DAD|DANCE|DATE|DATING|DATSUN|DAY|DCLK|DDS|DE|DEALER|DEALS|DEGREE|DELIVERY|DELL|DELOITTE|DELTA|DEMOCRAT|DENTAL|DENTIST|DESI|DESIGN|DEV|DHL|DIAMONDS|DIET|DIGITAL|DIRECT|DIRECTORY|DISCOUNT|DJ|DK|DM|DNP|DO|DOCS|DOG|DOHA|DOMAINS|DOT|DOWNLOAD|DRIVE|DTV|DUBAI|DURBAN|DVAG|DZ|EARTH|EAT|EC|EDEKA|EDU|EDUCATION|EE|EG|EMAIL|EMERCK|ENERGY|ENGINEER|ENGINEERING|ENTERPRISES|EPSON|EQUIPMENT|ER|ERNI|ES|ESQ|ESTATE|ET|EU|EUROVISION|EUS|EVENTS|EVERBANK|EXCHANGE|EXPERT|EXPOSED|EXPRESS|EXTRASPACE|FAGE|FAIL|FAIRWINDS|FAITH|FAMILY|FAN|FANS|FARM|FASHION|FAST|FEEDBACK|FERRERO|FI|FILM|FINAL|FINANCE|FINANCIAL|FIRESTONE|FIRMDALE|FISH|FISHING|FIT|FITNESS|FJ|FK|FLICKR|FLIGHTS|FLIR|FLORIST|FLOWERS|FLSMIDTH|FLY|FM|FO|FOO|FOOTBALL|FORD|FOREX|FORSALE|FORUM|FOUNDATION|FOX|FR|FRESENIUS|FRL|FROGANS|FRONTIER|FTR|FUND|FURNITURE|FUTBOL|FYI|GA|GAL|GALLERY|GALLO|GALLUP|GAME|GAMES|GARDEN|GB|GBIZ|GD|GDN|GE|GEA|GENT|GENTING|GF|GG|GGEE|GH|GI|GIFT|GIFTS|GIVES|GIVING|GL|GLASS|GLE|GLOBAL|GLOBO|GM|GMAIL|GMBH|GMO|GMX|GN|GOLD|GOLDPOINT|GOLF|GOO|GOOG|GOOGLE|GOP|GOT|GOV|GP|GQ|GR|GRAINGER|GRAPHICS|GRATIS|GREEN|GRIPE|GROUP|GS|GT|GU|GUARDIAN|GUCCI|GUGE|GUIDE|GUITARS|GURU|GW|GY|HAMBURG|HANGOUT|HAUS|HDFCBANK|HEALTH|HEALTHCARE|HELP|HELSINKI|HERE|HERMES|HIPHOP|HISAMITSU|HITACHI|HIV|HK|HKT|HM|HN|HOCKEY|HOLDINGS|HOLIDAY|HOMEDEPOT|HOMES|HONDA|HORSE|HOST|HOSTING|HOTELES|HOTMAIL|HOUSE|HOW|HR|HSBC|HT|HTC|HU|HYUNDAI|IBM|ICBC|ICE|ICU|ID|IE|IFM|IINET|IL|IM|IMAMAT|IMMO|IMMOBILIEN|IN|INDUSTRIES|INFINITI|INFO|ING|INK|INSTITUTE|INSURANCE|INSURE|INT|INTERNATIONAL|INVESTMENTS|IO|IPIRANGA|IQ|IR|IRISH|IS|ISELECT|ISMAILI|IST|ISTANBUL|IT|ITAU|IWC|JAGUAR|JAVA|JCB|JCP|JE|JETZT|JEWELRY|JLC|JLL|JM|JMP|JNJ|JO|JOBS|JOBURG|JOT|JOY|JP|JPMORGAN|JPRS|JUEGOS|KAUFEN|KDDI|KE|KERRYHOTELS|KERRYLOGISTICS|KERRYPROPERTIES|KFH|KG|KH|KI|KIA|KIM|KINDER|KITCHEN|KIWI|KM|KN|KOELN|KOMATSU|KP|KPMG|KPN|KR|KRD|KRED|KUOKGROUP|KW|KY|KYOTO|KZ|LA|LACAIXA|LAMBORGHINI|LAMER|LANCASTER|LAND|LANDROVER|LANXESS|LASALLE|LAT|LATROBE|LAW|LAWYER|LB|LC|LDS|LEASE|LECLERC|LEGAL|LEXUS|LGBT|LI|LIAISON|LIDL|LIFE|LIFEINSURANCE|LIFESTYLE|LIGHTING|LIKE|LIMITED|LIMO|LINCOLN|LINDE|LINK|LIPSY|LIVE|LIVING|LIXIL|LK|LOAN|LOANS|LOCKER|LOCUS|LOL|LONDON|LOTTE|LOTTO|LOVE|LR|LS|LT|LTD|LTDA|LU|LUPIN|LUXE|LUXURY|LV|LY|MA|MADRID|MAIF|MAISON|MAKEUP|MAN|MANAGEMENT|MANGO|MARKET|MARKETING|MARKETS|MARRIOTT|MATTEL|MBA|MC|MD|ME|MED|MEDIA|MEET|MELBOURNE|MEME|MEMORIAL|MEN|MENU|MEO|METLIFE|MG|MH|MIAMI|MICROSOFT|MIL|MINI|MK|ML|MLB|MLS|MM|MMA|MN|MO|MOBI|MOBILY|MODA|MOE|MOI|MOM|MONASH|MONEY|MONTBLANC|MORMON|MORTGAGE|MOSCOW|MOTORCYCLES|MOV|MOVIE|MOVISTAR|MP|MQ|MR|MS|MT|MTN|MTPC|MTR|MU|MUSEUM|MUTUAL|MUTUELLE|MV|MW|MX|MY|MZ|NA|NADEX|NAGOYA|NAME|NATURA|NAVY|NC|NE|NEC|NET|NETBANK|NETFLIX|NETWORK|NEUSTAR|NEW|NEWS|NEXT|NEXTDIRECT|NEXUS|NF|NG|NGO|NHK|NI|NICO|NIKON|NINJA|NISSAN|NISSAY|NL|NO|NOKIA|NORTHWESTERNMUTUAL|NORTON|NOWRUZ|NOWTV|NP|NR|NRA|NRW|NTT|NU|NYC|NZ|OBI|OFFICE|OKINAWA|OLAYAN|OLAYANGROUP|OLLO|OM|OMEGA|ONE|ONG|ONL|ONLINE|OOO|ORACLE|ORANGE|ORG|ORGANIC|ORIGINS|OSAKA|OTSUKA|OTT|OVH|PA|PAGE|PAMPEREDCHEF|PANERAI|PARIS|PARS|PARTNERS|PARTS|PARTY|PASSAGENS|PCCW|PE|PET|PF|PG|PH|PHARMACY|PHILIPS|PHOTO|PHOTOGRAPHY|PHOTOS|PHYSIO|PIAGET|PICS|PICTET|PICTURES|PID|PIN|PING|PINK|PIONEER|PIZZA|PK|PL|PLACE|PLAY|PLAYSTATION|PLUMBING|PLUS|PM|PN|POHL|POKER|PORN|POST|PR|PRAXI|PRESS|PRO|PROD|PRODUCTIONS|PROF|PROGRESSIVE|PROMO|PROPERTIES|PROPERTY|PROTECTION|PS|PT|PUB|PW|PWC|PY|QA|QPON|QUEBEC|QUEST|RACING|RE|READ|REALESTATE|REALTOR|REALTY|RECIPES|RED|REDSTONE|REDUMBRELLA|REHAB|REISE|REISEN|REIT|REN|RENT|RENTALS|REPAIR|REPORT|REPUBLICAN|REST|RESTAURANT|REVIEW|REVIEWS|REXROTH|RICH|RICHARDLI|RICOH|RIO|RIP|RO|ROCHER|ROCKS|RODEO|ROOM|RS|RSVP|RU|RUHR|RUN|RW|RWE|RYUKYU|SA|SAARLAND|SAFE|SAFETY|SAKURA|SALE|SALON|SAMSUNG|SANDVIK|SANDVIKCOROMANT|SANOFI|SAP|SAPO|SARL|SAS|SAXO|SB|SBI|SBS|SC|SCA|SCB|SCHAEFFLER|SCHMIDT|SCHOLARSHIPS|SCHOOL|SCHULE|SCHWARZ|SCIENCE|SCOR|SCOT|SD|SE|SEAT|SECURITY|SEEK|SELECT|SENER|SERVICES|SEVEN|SEW|SEX|SEXY|SFR|SG|SH|SHARP|SHAW|SHELL|SHIA|SHIKSHA|SHOES|SHOP|SHOUJI|SHOW|SHRIRAM|SI|SINA|SINGLES|SITE|SJ|SK|SKI|SKIN|SKY|SKYPE|SL|SM|SMILE|SN|SNCF|SO|SOCCER|SOCIAL|SOFTBANK|SOFTWARE|SOHU|SOLAR|SOLUTIONS|SONG|SONY|SOY|SPACE|SPIEGEL|SPOT|SPREADBETTING|SR|SRL|ST|STADA|STAR|STARHUB|STATEBANK|STATEFARM|STATOIL|STC|STCGROUP|STOCKHOLM|STORAGE|STORE|STREAM|STUDIO|STUDY|STYLE|SU|SUCKS|SUPPLIES|SUPPLY|SUPPORT|SURF|SURGERY|SUZUKI|SV|SWATCH|SWISS|SX|SY|SYDNEY|SYMANTEC|SYSTEMS|SZ|TAB|TAIPEI|TALK|TAOBAO|TATAMOTORS|TATAR|TATTOO|TAX|TAXI|TC|TCI|TD|TEAM|TECH|TECHNOLOGY|TEL|TELECITY|TELEFONICA|TEMASEK|TENNIS|TEST|TEVA|TF|TG|TH|THD|THEATER|THEATRE|TICKETS|TIENDA|TIFFANY|TIPS|TIRES|TIROL|TJ|TK|TL|TM|TMALL|TN|TO|TODAY|TOKYO|TOOLS|TOP|TORAY|TOSHIBA|TOTAL|TOURS|TOWN|TOYOTA|TOYS|TR|TRADE|TRADING|TRAINING|TRAVEL|TRAVELERS|TRAVELERSINSURANCE|TRUST|TRV|TT|TUBE|TUI|TUNES|TUSHU|TV|TVS|TW|TZ|UA|UBS|UG|UK|UNICOM|UNIVERSITY|UNO|UOL|UPS|US|UY|UZ|VA|VACATIONS|VANA|VC|VE|VEGAS|VENTURES|VERISIGN|VERSICHERUNG|VET|VG|VI|VIAJES|VIDEO|VIG|VIKING|VILLAS|VIN|VIP|VIRGIN|VISION|VISTA|VISTAPRINT|VIVA|VLAANDEREN|VN|VODKA|VOLKSWAGEN|VOTE|VOTING|VOTO|VOYAGE|VU|VUELOS|WALES|WALTER|WANG|WANGGOU|WARMAN|WATCH|WATCHES|WEATHER|WEATHERCHANNEL|WEBCAM|WEBER|WEBSITE|WED|WEDDING|WEIBO|WEIR|WF|WHOSWHO|WIEN|WIKI|WILLIAMHILL|WIN|WINDOWS|WINE|WME|WOLTERSKLUWER|WORK|WORKS|WORLD|WS|WTC|WTF|XBOX|XEROX|XIHUAN|XIN|XN--11B4C3D|XN--1CK2E1B|XN--1QQW23A|XN--30RR7Y|XN--3BST00M|XN--3DS443G|XN--3E0B707E|XN--3PXU8K|XN--42C2D9A|XN--45BRJ9C|XN--45Q11C|XN--4GBRIM|XN--55QW42G|XN--55QX5D|XN--5TZM5G|XN--6FRZ82G|XN--6QQ986B3XL|XN--80ADXHKS|XN--80AO21A|XN--80ASEHDB|XN--80ASWG|XN--8Y0A063A|XN--90A3AC|XN--90AIS|XN--9DBQ2A|XN--9ET52U|XN--9KRT00A|XN--B4W605FERD|XN--BCK1B9A5DRE4C|XN--C1AVG|XN--C2BR7G|XN--CCK2B3B|XN--CG4BKI|XN--CLCHC0EA0B2G2A9GCD|XN--CZR694B|XN--CZRS0T|XN--CZRU2D|XN--D1ACJ3B|XN--D1ALF|XN--E1A4C|XN--ECKVDTC9D|XN--EFVY88H|XN--ESTV75G|XN--FCT429K|XN--FHBEI|XN--FIQ228C5HS|XN--FIQ64B|XN--FIQS8S|XN--FIQZ9S|XN--FJQ720A|XN--FLW351E|XN--FPCRJ9C3D|XN--FZC2C9E2C|XN--FZYS8D69UVGM|XN--G2XX48C|XN--GCKR3F0F|XN--GECRJ9C|XN--H2BRJ9C|XN--HXT814E|XN--I1B6B1A6A2E|XN--IMR513N|XN--IO0A7I|XN--J1AEF|XN--J1AMH|XN--J6W193G|XN--JLQ61U9W7B|XN--JVR189M|XN--KCRX77D1X4A|XN--KPRW13D|XN--KPRY57D|XN--KPU716F|XN--KPUT3I|XN--L1ACC|XN--LGBBAT1AD8J|XN--MGB9AWBF|XN--MGBA3A3EJT|XN--MGBA3A4F16A|XN--MGBA7C0BBN0A|XN--MGBAAM7A8H|XN--MGBAB2BD|XN--MGBAYH7GPA|XN--MGBB9FBPOB|XN--MGBBH1A71E|XN--MGBC0A9AZCG|XN--MGBCA7DZDO|XN--MGBERP4A5D4AR|XN--MGBPL2FH|XN--MGBT3DHD|XN--MGBTX2B|XN--MGBX4CD0AB|XN--MIX891F|XN--MK1BU44C|XN--MXTQ1M|XN--NGBC5AZD|XN--NGBE9E0A|XN--NODE|XN--NQV7F|XN--NQV7FS00EMA|XN--NYQY26A|XN--O3CW4H|XN--OGBPF8FL|XN--P1ACF|XN--P1AI|XN--PBT977C|XN--PGBS0DH|XN--PSSY2U|XN--Q9JYB4C|XN--QCKA1PMC|XN--QXAM|XN--RHQV96G|XN--ROVU88B|XN--S9BRJ9C|XN--SES554G|XN--T60B56A|XN--TCKWE|XN--UNUP4Y|XN--VERMGENSBERATER-CTB|XN--VERMGENSBERATUNG-PWB|XN--VHQUV|XN--VUQ861B|XN--W4R85EL8FHU5DNRA|XN--W4RS40L|XN--WGBH1C|XN--WGBL6A|XN--XHQ521B|XN--XKC2AL3HYE2A|XN--XKC2DL3A5EE0H|XN--Y9A3AQ|XN--YFRO4I67O|XN--YGBI2AMMX|XN--ZFR164B|XPERIA|XXX|XYZ|YACHTS|YAHOO|YAMAXUN|YANDEX|YE|YODOBASHI|YOGA|YOKOHAMA|YOU|YOUTUBE|YT|YUN|ZA|ZAPPOS|ZARA|ZERO|ZIP|ZM|ZONE|ZUERICH|ZW'; |
| 17 | private $api = false; |
| 18 | private $db = false; |
| 19 | public function __sleep(){ |
| 20 | $this->writeHosts(); |
| 21 | return array('debug', 'errorMsg', 'table', 'apiKey', 'wordpressVersion', 'dRegex'); |
| 22 | } |
| 23 | public function __wakeup(){ |
| 24 | $this->hostsToAdd = new wfArray(array('owner', 'host', 'path', 'hostKey')); |
| 25 | $this->api = new wfAPI($this->apiKey, $this->wordpressVersion); |
| 26 | $this->db = new wfDB(); |
| 27 | } |
| 28 | public function __construct($apiKey, $wordpressVersion, $db = false){ |
| 29 | $this->hostsToAdd = new wfArray(array('owner', 'host', 'path', 'hostKey')); |
| 30 | $this->apiKey = $apiKey; |
| 31 | $this->wordpressVersion = $wordpressVersion; |
| 32 | $this->api = new wfAPI($apiKey, $wordpressVersion); |
| 33 | if($db){ |
| 34 | $this->db = $db; |
| 35 | } else { |
| 36 | $this->db = new wfDB(); |
| 37 | } |
| 38 | global $wpdb; |
| 39 | if(isset($wpdb)){ |
| 40 | $this->table = $wpdb->base_prefix . 'wfHoover'; |
| 41 | } else { |
| 42 | $this->table = 'wp_wfHoover'; |
| 43 | } |
| 44 | $this->db->truncate($this->table); |
| 45 | } |
| 46 | public function cleanup(){ |
| 47 | $this->db->truncate($this->table); |
| 48 | } |
| 49 | public function hoover($id, $data){ |
| 50 | if(strpos($data, '.') === false){ |
| 51 | return false; |
| 52 | } |
| 53 | $this->currentHooverID = $id; |
| 54 | $this->_foundSome = false; |
| 55 | try { |
| 56 | @preg_replace_callback("/(?<=^|[^a-zA-Z0-9\-])(?:[a-z][a-z0-9\-\+\.]*\:)?\/\/((?:[a-zA-Z0-9\-]+\.)+)(" . $this->dRegex . ")($|[\r\n\s\t]|[\/\?][^\r\n\s\t\"\'\$\{\}<>]*)/i", array($this, 'addHost'), $data); |
| 57 | //((?:$|[^a-zA-Z0-9\-\.\'\"])[^\r\n\s\t\"\'\$\{\}<>]*) |
| 58 | //"\$this->" . "addHost(\$id, '$1$2', '$3')", $data); |
| 59 | } catch(Exception $e){ |
| 60 | //error_log("Regex error 1: $e"); |
| 61 | } |
| 62 | @preg_replace_callback("/(?<=[^\d]|^)(\d{8,10}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})($|[\r\n\s\t]|\/[^\r\n\s\t\"\'\$\{\}<>]*)/", array($this, 'addIP'), $data); |
| 63 | //([^\d\'\"][^\r\n\s\t\"\'\$\{\}<>]*) |
| 64 | //"\$this->" . "addIP(\$id, \"$1\",\"$2\")", $data); |
| 65 | $this->writeHosts(); |
| 66 | return $this->_foundSome; |
| 67 | } |
| 68 | private function dbg($msg){ |
| 69 | if($this->debug){ |
| 70 | wordfence::status(4, 'info', $msg); |
| 71 | //error_log("DEBUG: $msg\n"); |
| 72 | } |
| 73 | } |
| 74 | public function addHost($matches){ |
| 75 | $id = $this->currentHooverID; |
| 76 | $host = $matches[1] . $matches[2]; |
| 77 | $path = $matches[3]; |
| 78 | if(strpos($path, '/') !== 0){ |
| 79 | $path = '/'; |
| 80 | } else { |
| 81 | $path = preg_replace_callback('/([^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\(\)\*\+\,;\=]+)/', 'wordfenceURLHoover::urlenc', $path); |
| 82 | } |
| 83 | $host = strtolower($host); |
| 84 | $hostParts = explode('.', $host); |
| 85 | if(sizeof($hostParts) == 2){ |
| 86 | $hostKey = substr(hash('sha256', $hostParts[0] . '.' . $hostParts[1] . '/', true), 0, 4); |
| 87 | $this->hostsToAdd->push(array('owner' => $id, 'host' => $host, 'path' => $path, 'hostKey' => $hostKey)); |
| 88 | } else if(sizeof($hostParts) > 2){ |
| 89 | $hostKeyThreeParts = substr(hash('sha256',$hostParts[sizeof($hostParts) - 3] . '.' . $hostParts[sizeof($hostParts) - 2] . '.' . $hostParts[sizeof($hostParts) - 1] . '/', true), 0, 4); |
| 90 | $hostKeyTwoParts = substr(hash('sha256', $hostParts[sizeof($hostParts) - 2] . '.' . $hostParts[sizeof($hostParts) - 1] . '/', true), 0, 4); |
| 91 | $this->hostsToAdd->push(array('owner' => $id, 'host' => $host, 'path' => $path, 'hostKey' => $hostKeyThreeParts)); |
| 92 | $this->hostsToAdd->push(array('owner' => $id, 'host' => $host, 'path' => $path, 'hostKey' => $hostKeyTwoParts)); |
| 93 | } |
| 94 | if($this->hostsToAdd->size() > 1000){ $this->writeHosts(); } |
| 95 | } |
| 96 | public function addIP($matches){ |
| 97 | $id = $this->currentHooverID; |
| 98 | $ipdata = $matches[1]; |
| 99 | $path = $matches[2]; |
| 100 | $this->dbg("Add IP called with $ipdata $path"); |
| 101 | if(strstr($ipdata, '.') === false){ |
| 102 | if($ipdata >= 16777216 && $ipdata <= 4026531840){ |
| 103 | $ipdata = long2ip($ipdata); |
| 104 | } else { |
| 105 | return; //Is int but invalid address. |
| 106 | } |
| 107 | } |
| 108 | $parts = explode('.', $ipdata); |
| 109 | foreach($parts as $part){ |
| 110 | if($part < 0 || $part > 255){ |
| 111 | return; |
| 112 | } |
| 113 | } |
| 114 | if(wfUtils::isPrivateAddress($ipdata) ){ |
| 115 | return; |
| 116 | } |
| 117 | if(strlen($path) == 1){ |
| 118 | $path = '/'; //Because it's either a whitespace char or a / anyway. |
| 119 | } else if(strlen($path) > 1){ |
| 120 | $path = preg_replace_callback('/([^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\(\)\*\+\,;\=]+)/', 'wordfenceURLHoover::urlenc', $path); |
| 121 | } |
| 122 | $hostKey = substr(hash('sha256', $ipdata . '/', true), 0, 4); |
| 123 | $this->hostsToAdd->push(array('owner' => $id, 'host' => $ipdata, 'path' => $path, 'hostKey' => $hostKey)); |
| 124 | if($this->hostsToAdd->size() > 1000){ $this->writeHosts(); } |
| 125 | } |
| 126 | public static function urlenc($m){ |
| 127 | return urlencode($m[1]); |
| 128 | } |
| 129 | private function writeHosts(){ |
| 130 | if($this->hostsToAdd->size() < 1){ return; } |
| 131 | if($this->useDB){ |
| 132 | $sql = "insert into " . $this->table . " (owner, host, path, hostKey) values "; |
| 133 | while($elem = $this->hostsToAdd->shift()){ |
| 134 | //This may be an issue for hyperDB or other abstraction layers, but leaving it for now. |
| 135 | $sql .= sprintf("('%s', '%s', '%s', '%s'),", |
| 136 | $this->db->realEscape($elem['owner']), |
| 137 | $this->db->realEscape($elem['host']), |
| 138 | $this->db->realEscape($elem['path']), |
| 139 | $this->db->realEscape($elem['hostKey']) |
| 140 | ); |
| 141 | } |
| 142 | $sql = rtrim($sql, ','); |
| 143 | $this->db->queryWrite($sql); |
| 144 | } else { |
| 145 | while($elem = $this->hostsToAdd->shift()){ |
| 146 | $this->hostKeys[] = $elem['hostKey']; |
| 147 | $this->hostList[] = array( |
| 148 | 'owner' => $elem['owner'], |
| 149 | 'host' => $elem['host'], |
| 150 | 'path' => $elem['path'], |
| 151 | 'hostKey' => $elem['hostKey'] |
| 152 | ); |
| 153 | } |
| 154 | } |
| 155 | |
| 156 | $this->_foundSome = true; |
| 157 | } |
| 158 | public function getBaddies(){ |
| 159 | $allHostKeys = array(); |
| 160 | if($this->useDB){ |
| 161 | $q1 = $this->db->querySelect("select distinct hostKey as hostKey from $this->table"); |
| 162 | foreach($q1 as $hRec){ |
| 163 | $allHostKeys[] = $hRec['hostKey']; |
| 164 | } |
| 165 | } else { |
| 166 | $allHostKeys = $this->hostKeys; |
| 167 | } |
| 168 | //Now call API and check if any hostkeys are bad. |
| 169 | //This is a shortcut, because if no hostkeys are bad it saves us having to check URLs |
| 170 | if(sizeof($allHostKeys) > 0){ //If we don't have any hostkeys, then we won't have any URL's to check either. |
| 171 | //Hostkeys are 4 byte sha256 prefixes |
| 172 | //Returned value is 2 byte shorts which are array indexes for bad keys that were passed in the original list |
| 173 | $this->dbg("Checking " . sizeof($allHostKeys) . " hostkeys"); |
| 174 | if($this->debug){ |
| 175 | foreach($allHostKeys as $key){ |
| 176 | $this->dbg("Checking hostkey: " . bin2hex($key)); |
| 177 | } |
| 178 | } |
| 179 | wordfence::status(2, 'info', "Checking " . sizeof($allHostKeys) . " host keys against Wordfence scanning servers."); |
| 180 | $resp = $this->api->binCall('check_host_keys', implode('', $allHostKeys)); |
| 181 | wordfence::status(2, 'info', "Done host key check."); |
| 182 | $this->dbg("Done host key check"); |
| 183 | |
| 184 | $badHostKeys = array(); |
| 185 | if($resp['code'] == 200){ |
| 186 | $this->dbg("Host key response: " . bin2hex($resp['data'])); |
| 187 | $dataLen = strlen($resp['data']); |
| 188 | if($dataLen > 0){ |
| 189 | if($dataLen % 2 != 0){ |
| 190 | $this->errorMsg = "Invalid data length received from Wordfence server: " . $dataLen; |
| 191 | $this->dbg($this->errorMsg); |
| 192 | return false; |
| 193 | } |
| 194 | $this->dbg("Checking response indexes"); |
| 195 | for($i = 0; $i < $dataLen; $i += 2){ |
| 196 | $idxArr = unpack('n', substr($resp['data'], $i, 2)); |
| 197 | $idx = $idxArr[1]; |
| 198 | $this->dbg("Checking index {$idx}"); |
| 199 | if(isset($allHostKeys[$idx]) ){ |
| 200 | $badHostKeys[] = $allHostKeys[$idx]; |
| 201 | $this->dbg("Got bad hostkey for record: " . bin2hex($allHostKeys[$idx])); |
| 202 | } else { |
| 203 | $this->dbg("Bad allHostKeys index: $idx"); |
| 204 | $this->errorMsg = "Bad allHostKeys index: $idx"; |
| 205 | return false; |
| 206 | } |
| 207 | } |
| 208 | } |
| 209 | else { |
| 210 | $this->dbg("Empty host key response"); |
| 211 | } |
| 212 | } else { |
| 213 | $this->errorMsg = "Wordfence server responded with an error. HTTP code " . $resp['code'] . " and data: " . $resp['data']; |
| 214 | return false; |
| 215 | } |
| 216 | if(sizeof($badHostKeys) > 0){ |
| 217 | $urlsToCheck = array(); |
| 218 | $totalURLs = 0; |
| 219 | //need to figure out which id's have bad hostkeys |
| 220 | //need to feed in all URL's from those id's where the hostkey matches a URL |
| 221 | foreach($badHostKeys as $badHostKey){ |
| 222 | if($this->useDB){ |
| 223 | //Putting a 10000 limit in here for sites that have a huge number of items with the same URL that repeats. |
| 224 | // This is an edge case. But if the URLs are malicious then presumably the admin will fix the malicious URLs |
| 225 | // and on subsequent scans the items (owners) that are above the 10000 limit will appear. |
| 226 | $q1 = $this->db->querySelect("select owner, host, path from $this->table where hostKey='%s' limit 10000", $badHostKey); |
| 227 | foreach($q1 as $rec){ |
| 228 | $url = 'http://' . $rec['host'] . $rec['path']; |
| 229 | if(! isset($urlsToCheck[$rec['owner']])){ |
| 230 | $urlsToCheck[$rec['owner']] = array(); |
| 231 | } |
| 232 | if(! in_array($url, $urlsToCheck[$rec['owner']])){ |
| 233 | $urlsToCheck[$rec['owner']][] = $url; |
| 234 | $totalURLs++; |
| 235 | } |
| 236 | } |
| 237 | } else { |
| 238 | foreach($this->hostList as $rec){ |
| 239 | if($rec['hostKey'] == $badHostKey){ |
| 240 | $url = 'http://' . $rec['host'] . $rec['path']; |
| 241 | if(! isset($urlsToCheck[$rec['owner']])){ |
| 242 | $urlsToCheck[$rec['owner']] = array(); |
| 243 | } |
| 244 | if(! in_array($url, $urlsToCheck[$rec['owner']])){ |
| 245 | $urlsToCheck[$rec['owner']][] = $url; |
| 246 | $totalURLs++; |
| 247 | } |
| 248 | } |
| 249 | } |
| 250 | } |
| 251 | } |
| 252 | |
| 253 | if(sizeof($urlsToCheck) > 0){ |
| 254 | wordfence::status(2, 'info', "Checking " . $totalURLs . " URLs from " . sizeof($urlsToCheck) . " sources."); |
| 255 | $badURLs = $this->api->call('check_bad_urls', array(), array( 'toCheck' => json_encode($urlsToCheck)) ); |
| 256 | wordfence::status(2, 'info', "Done URL check."); |
| 257 | $this->dbg("Done URL check"); |
| 258 | if(is_array($badURLs) && sizeof($badURLs) > 0){ |
| 259 | $finalResults = array(); |
| 260 | foreach($badURLs as $file => $badSiteList){ |
| 261 | if(! isset($finalResults[$file])){ |
| 262 | $finalResults[$file] = array(); |
| 263 | } |
| 264 | foreach($badSiteList as $badSite){ |
| 265 | $finalResults[$file][] = array( |
| 266 | 'URL' => $badSite[0], |
| 267 | 'badList' => $badSite[1] |
| 268 | ); |
| 269 | } |
| 270 | } |
| 271 | $this->dbg("Confirmed " . count($badURLs) . " bad URLs"); |
| 272 | return $finalResults; |
| 273 | } |
| 274 | } |
| 275 | } |
| 276 | } |
| 277 | |
| 278 | return array(); |
| 279 | } |
| 280 | } |
| 281 | ?> |
| 282 |