Changeset 2635941

Timestamp:

11/26/2021 05:45:44 PM (3 years ago)

Author:

threatpointuk

Message:

version 2.6

Location:

threatpoint-api/trunk

Files:

• Threatpoint-api.php (modified) (15 diffs)
• readme.txt (modified) (3 diffs)

threatpoint-api/trunk/Threatpoint-api.php

@@ -5 +5 @@
     Description: Protect your WordPress Site from unwanted access attempts, by leveraging IP reputation data provided by the ThreatPoint IP reputation service. Malicious IP, High Risk IP, TOR, VPN, Geo IP. Use to stop brute force attacks - XMLRPC, WP-login and protect contact pages. 
     Author: ThreatPoint
-    Version: 2.5
+    Version: 2.6
     Author URI: https://threatpoint.co.uk
     License: GPL-2.0+
@@ -125 +125 @@
         'tp_api_tpPlugin_section'
     );
+    
+    add_settings_field(
+        'tp_api_select_field_12',
+        __( 'Allow specific bots', 'wordpress' ),
+        'tp_api_select_field_12_render',
+        'tpPlugin',
+        'tp_api_tpPlugin_section'
+    );
+    
+    add_settings_field(
+        'tp_api_select_field_13',
+        __( 'Bots to allow (Comma separated list)', 'wordpress' ),
+        'tp_api_select_field_13_render',
+        'tpPlugin',
+        'tp_api_tpPlugin_section'
+    );
 
 }
@@ -244 +260 @@
 }
 
+function tp_api_select_field_12_render(  ) {
+    $options = get_option( 'tp_api_settings' );
+    ?>
+    <select name='tp_api_settings[tp_api_select_field_12]'>
+        <option value='1' <?php selected( $options['tp_api_select_field_12'], 1 ); ?>>No</option>
+        <option value='2' <?php selected( $options['tp_api_select_field_12'], 2 ); ?>>Yes</option>
+    </select>
+    <?php echo '<b>&#8505 Allow specific bots that might be otherwise blocked if using country controls. Enter bot names (csv) in the option below</b>'; ?>
+    <?php
+}
+
+function tp_api_select_field_13_render(  ) {
+    $options = get_option( 'tp_api_settings' );
+    ?>
+    <input type='text' size=50 name='tp_api_settings[tp_api_text_field_13]' value='<?php echo $options['tp_api_text_field_13']; ?>'>
+    <?php echo '<b>&#8505 Accepts name for bots and is not case sensitive. i.e. googlebot, search.msn.com (bing)</b>'; ?>
+    <?php
+}
 
 function tp_api_settings_section_callback(  ) {
@@ -490 +524 @@
             
             
-            if ($ipriskn == 'High' and (strpos($risk, $ipriskn) !==false and (strpos($risk, $isTor) !==false or strpos($risk, $isVpn) !==false))) {
+            if ($ipriskn == 'High' and (strpos($risk, $ipriskn) !==false and (strpos($risk, $isTor) ===false and strpos($risk, $isVpn) ===false))) {
               if ($tor == '1' or $vpn == '1'){
                 if ($mailon =='1'){
@@ -504 +538 @@
               }
             }
-            if ($ipriskn == 'Consider' and (strpos($risk, 'High') !==false or strpos($risk, 'Consider') !==false and (strpos($risk, $isTor) !==false or strpos($risk, $isVpn) !==false))) {
+            if ($ipriskn == 'Consider' and (strpos($risk, 'High') !==false or strpos($risk, 'Consider') !==false and (strpos($risk, $isTor) ===false and strpos($risk, $isVpn) ===false))) {
               if ($tor == '1' or $vpn == '1'){
                 if ($mailon =='1'){
@@ -518 +552 @@
               }
             }
-            if ($ipriskn == 'Low' and (strpos($risk, 'High') !==false or strpos($risk, 'Consider') !==false or strpos($risk, 'Low') !==false and (strpos($risk, $isTor) !==false or strpos($risk, $isVpn) !==false))) {
+            if ($ipriskn == 'Low' and (strpos($risk, 'High') !==false or strpos($risk, 'Consider') !==false or strpos($risk, 'Low') !==false and (strpos($risk, $isTor) ===false and strpos($risk, $isVpn) ===false))) {
               if ($tor == '1' or $vpn == '1'){
                 if ($mailon =='1'){
@@ -597 +631 @@
     $mailon = esc_attr( get_option('tp_api_settings')['tp_api_select_field_9']);
     $emailaddress = esc_attr( get_option('tp_api_settings')['tp_api_text_field_10']);
+    $botYes = esc_attr( get_option('tp_api_settings')['tp_api_select_field_12']);
+    $botList = esc_attr( get_option('tp_api_settings')['tp_api_text_field_13']);
     $isVpn = 'Vpn';
     $isTor = 'Tor';
@@ -610 +646 @@
     }
       
-  
+    if ($botYes == '2'){
     
+        $botURL = 'https://verify.threatpoint.co.uk:443/api/v1/resources/iptoname?ipaddress=';
+        $botArgs = array ('sslverify' => false, 
+                'headers' => array('X-Api-Key' => $key));
+        $newip = $_SERVER['REMOTE_ADDR'];
+
+        if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+            $newip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+        }
+        
+        $botNewUrl = $botURL . $newip; 
+        $botResponse = wp_remote_get( $botNewUrl, $botArgs);
+        
+        if (is_wp_error( $botResponse ) ) {
+      
+        echo 'Errors detected!';
+        
+        } else {
+            $botBody = wp_remote_retrieve_body ($botResponse);
+            $botData = json_decode($botBody);
+            
+                
+            $botMatch = $botData->isMatch;
+            $botFdns = $botData->forwarddns;
+            $botRdns = $botData->reversedns;
+            $botip = $botData->original_ip;
+                    
+            }
+        
+    }
+    if ($botYes == '1'){
+        
+        $botMatch = false;
+        $botFdns =  null;
+        $botRdns = null;
+        $botip = null;
+    }
+    $botArray =explode(',', $botList);
+    $botNameMatch = false;
+    foreach ($botArray as $value){
+        $pos = strpos($botFdns, $value);
+        if ($pos === false)
+        {
+            //echo "Holy moly there is no match";
+        }else{
+            
+            $botNameMatch = true;
+            
+        }
+        if ($botMatch == "False"){
+            $botNameMatch = false;
+        }
+    }
+        //echo "<p>bot name match value =".$botNameMatch."</p>";
+    //exit; 
+    
     $url = 'https://verify.threatpoint.co.uk:443/api/v1/resources/ip?ipaddress=';
     $arguments = array ('sslverify' => false, 
@@ -643 +734 @@
             
             
-            if ($ipriskn == 'High' and (strpos($risk, $ipriskn) !==false and (strpos($risk, $isTor) !==false or strpos($risk, $isVpn) !==false))) {
+            if ($ipriskn == 'High' and (strpos($risk, $ipriskn) !==false and (strpos($risk, $isTor) ===false and strpos($risk, $isVpn) ===false))) {
               if ($tor == '1' or $vpn == '1'){
                 if ($mailon =='1'){
@@ -652 +743 @@
                 $sent = @wp_mail($to,$subject,$body,$headers);
                 }
+                
                 wp_redirect( $redirect);
                 exit;
               }
             }
-            if ($ipriskn == 'Consider' and (strpos($risk, 'High') !==false or strpos($risk, 'Consider') !==false and (strpos($risk, $isTor) !==false or strpos($risk, $isVpn) !==false))) {
+            if ($ipriskn == 'Consider' and (strpos($risk, 'High') !==false or strpos($risk, 'Consider') !==false and (strpos($risk, $isTor) ===false and strpos($risk, $isVpn) ===false))) {
               if ($tor == '1' or $vpn == '1'){
                 if ($mailon =='1'){
@@ -665 +757 @@
                 $sent = @wp_mail($to,$subject,$body,$headers);
                 }
-                
+              
                 wp_redirect( $redirect);
                 exit;
               }
             }
-            if ($ipriskn == 'Low' and (strpos($risk, 'High') !==false or strpos($risk, 'Consider') !==false or strpos($risk, 'Low') !==false and (strpos($risk, $isTor) !==false or strpos($risk, $isVpn) !==false))) {
+            if ($ipriskn == 'Low' and (strpos($risk, 'High') !==false or strpos($risk, 'Consider') !==false or strpos($risk, 'Low') !==false and (strpos($risk, $isTor) ===false and strpos($risk, $isVpn) ===false))) {
               if ($tor == '1' or $vpn == '1'){
                 if ($mailon =='1'){
@@ -679 +771 @@
                 $sent = @wp_mail($to,$subject,$body,$headers);
                 }
-                
+                    
                 wp_redirect( $redirect);
                 exit;
@@ -708 +800 @@
                 exit;
             }
-            if ($countryconfig !='' and strpos($countryconfig, $country) !==false) {
+            if ($countryconfig !='' and strpos($countryconfig, $country) !==false and $botNameMatch ==false ) {
                 if ($mailon =='1'){
                 $to = $emailaddress;
@@ -716 +808 @@
                 $sent = @wp_mail($to,$subject,$body,$headers);
                 }
-                
+             
                 wp_redirect( $redirect);
                 exit;
             }
-            if ($countrywhite !='' and strpos($countrywhite, $country) ===false) {
+            if ($countrywhite !='' and strpos($countrywhite, $country) ===false and $botNameMatch !=true) {
                 if ($mailon =='1'){
                 $to = $emailaddress;
@@ -729 +821 @@
                 }
                 
-                    
+                
                 wp_redirect( $redirect);
                 exit;

threatpoint-api/trunk/readme.txt

@@ -4 +4 @@
 Tags: wp-admin,xmlrpc,ip,reputation,tor,vpn,proxy,malicious,requests,protection,risk,score,fraud,identity 
 Requires at least: 3.5.2
-Tested up to: 5.8
+Tested up to: 5.8.2
 Requires PHP: 5.4
-Stable tag: 2.5
+Stable tag: 2.6
 
 == Description == 
@@ -88 +88 @@
  
 == Changelog ==
+= 2.6 =
+Added support to allow bots past country blacklist rules
 = 2.5 = 
 * tested on 5.8
@@ -131 +133 @@
  
 == Upgrade Notice ==
+= 2.6 =
+Allow bots that could have been blocked by country blacklists
 = 2.4 =
 IP History Table