BBQ: Block Bad Queries - Version 20171019

Version Description

To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.

Download this release

Release Info

Developer specialk
Plugin Icon 128x128 BBQ: Block Bad Queries
Version 20171019
Comparing to
See all releases

Code changes from version 20170730 to 20171019

Files changed (2) hide show
  1. block-bad-queries.php +8 -7
  2. readme.txt +18 -3
block-bad-queries.php CHANGED
@@ -10,9 +10,10 @@
10
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
  Donate link: https://m0n.co/donate
12
  Requires at least: 4.1
13
- Tested up to: 4.8
14
- Stable tag: 20170730
15
- Version: 20170730
 
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
18
  License: GPLv2 or later
@@ -37,16 +38,16 @@
37
 
38
  if (!defined('ABSPATH')) die();
39
 
40
- if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20170730');
41
  if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
42
  if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
43
  if (!defined('BBQ_URL')) define('BBQ_URL', plugin_dir_url(__FILE__));
44
 
45
  function bbq_core() {
46
 
47
- $request_uri_array = apply_filters('request_uri_items', array('eval\(', 'UNION(.*)SELECT', '\(null\)', 'base64_', '\/localhost', '\%2Flocalhost', '\/pingserver', '\/config\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'proc\/self\/environ', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/cgi\/', '\.cgi', '\.exe', '\.sql', '\.ini', '\.dll', '\.asp', '\.jsp', '\/\.bash', '\/\.git', '\/\.svn', '\/\.tar', ' ', '\<', '\>', '\/\=', '\.\.\.', '\+\+\+', '\/&&', '\/Nt\.', '\;Nt\.', '\=Nt\.', '\,Nt\.', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\(function\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\('));
48
- $query_string_array = apply_filters('query_string_items', array('\.\.\/', '127\.0\.0\.1', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'input_file', 'execute', 'mosconfig', 'path\=\.', 'mod\=\.', 'wp-config\.php'));
49
- $user_agent_array = apply_filters('user_agent_items', array('acapbot', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
50
 
51
  $request_uri_string = false;
52
  $query_string_string = false;
10
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
  Donate link: https://m0n.co/donate
12
  Requires at least: 4.1
13
+ Tested up to: 4.9
14
+ Stable tag: 20171019
15
+ Version: 20171019
16
+ Requires PHP: 5.2
17
  Text Domain: block-bad-queries
18
  Domain Path: /languages
19
  License: GPLv2 or later
38
 
39
  if (!defined('ABSPATH')) die();
40
 
41
+ if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20171019');
42
  if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
43
  if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
44
  if (!defined('BBQ_URL')) define('BBQ_URL', plugin_dir_url(__FILE__));
45
 
46
  function bbq_core() {
47
 
48
+ $request_uri_array = apply_filters('request_uri_items', array('@eval', 'eval\(', 'UNION(.*)SELECT', '\(null\)', 'base64_', '\/localhost', '\%2Flocalhost', '\/pingserver', 'wp-config\.php', '\/config\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'proc\/self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/file\:', '\/php\:', '\/cgi\/', '\.cgi', '\.cmd', '\.bat', '\.exe', '\.sql', '\.ini', '\.dll', '\.htacc', '\.htpas', '\.pass', '\.asp', '\.jsp', '\.tar', '\.bash', '\/\.git', '\/\.svn', ' ', '\<', '\>', '\/\=', '\.\.\.', '\+\+\+', '@@', '\/&&', '\/Nt\.', '\;Nt\.', '\=Nt\.', '\,Nt\.', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\(function\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\('));
49
+ $query_string_array = apply_filters('query_string_items', array('@@', '\(0x', '0x3c62723e', '\;\!--\=', '\(\)\}', '\:\;\}\;', '\.\.\/', '127\.0\.0\.1', 'UNION(.*)SELECT', '@eval', 'eval\(', 'base64_', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'input_file', 'execute', 'file_get_contents', 'mosconfig', 'open_basedir', '(benchmark|sleep)(\s|%20)*\(', 'phpinfo\(', 'shell_exec\(', '\/wwwroot', '\/makefile', 'path\=\.', 'mod\=\.', 'wp-config\.php', '\/config\.', '\$_session', '\$_request', '\$_env', '\$_server', '\$_post', '\$_get'));
50
+ $user_agent_array = apply_filters('user_agent_items', array('acapbot', '\/bin\/bash', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'md5sum', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'shellshock', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
51
 
52
  $request_uri_string = false;
53
  $query_string_string = false;
readme.txt CHANGED
@@ -10,9 +10,10 @@ Author URI: https://plugin-planet.com/
10
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
  Donate link: https://m0n.co/donate
12
  Requires at least: 4.1
13
- Tested up to: 4.8
14
- Stable tag: 20170730
15
- Version: 20170730
 
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
18
  License: GPLv2 or later
@@ -137,6 +138,11 @@ Nope! BBQ is available in the following flavors:
137
  So you can check out the Standalone PHP Script for sites that are not running WordPress.
138
 
139
 
 
 
 
 
 
140
  **Got a question?**
141
 
142
  Send any questions or feedback via my [contact form](https://perishablepress.com/contact/).
@@ -165,6 +171,15 @@ Links, tweets and likes also appreciated. Thank you! :)
165
 
166
  == Changelog ==
167
 
 
 
 
 
 
 
 
 
 
168
  **2017/07/30**
169
 
170
  * Changed menu item name to "BBQ Firewall"
10
  Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
  Donate link: https://m0n.co/donate
12
  Requires at least: 4.1
13
+ Tested up to: 4.9
14
+ Stable tag: 20171019
15
+ Version: 20171019
16
+ Requires PHP: 5.2
17
  Text Domain: block-bad-queries
18
  Domain Path: /languages
19
  License: GPLv2 or later
138
  So you can check out the Standalone PHP Script for sites that are not running WordPress.
139
 
140
 
141
+ **Do you offer any other security plugins?**
142
+
143
+ Yes, check out [Blackhole for Bad Bots](https://wordpress.org/plugins/blackhole-bad-bots/) to protect your site against bad bots. I also have a [video course on WordPress security](https://m0n.co/securewp), for more plugin recommendations and lots of tips and tricks.
144
+
145
+
146
  **Got a question?**
147
 
148
  Send any questions or feedback via my [contact form](https://perishablepress.com/contact/).
171
 
172
  == Changelog ==
173
 
174
+ **2017/10/19**
175
+
176
+ * Changes `\/\.tar` to `\.tar` in Request patterns
177
+ * Changes `\/\.bash` to `\.bash` in Request patterns
178
+ * Adds new User Agent patterns: `shellshock`, `md5sum`, `\/bin\/bash`
179
+ * Adds new Request patterns: `@@`, `@eval`, `\/file\:`, `\/php\:`, `\.cmd`, `\.bat`, `\.htacc`, `\.htpas`, `\.pass`, `usr\/bin\/perl`, `var\/lib\/php`, `wp-config\.php`
180
+ * Adds new Query String patterns: `@@`, `\(0x`, `0x3c62723e`, `\(\)\}`, `\:\;\}\;`, `\;\!--\=`, `@eval`, `eval\(`, `base64_`, `UNION(.*)SELECT`, `\/config\.`, `\/wwwroot`, `\/makefile`, `\$_session`, `\$_request`, `\$_env`, `\$_server`, `\$_post`, `\$_get`, `phpinfo\(`, `shell_exec\(`, `file_get_contents`, `allow_url_include`, `disable_functions`, `auto_prepend_file`, `open_basedir`, `(benchmark|sleep)(\s|%20)*\(`
181
+ * Tests on WordPress 4.9
182
+
183
  **2017/07/30**
184
 
185
  * Changed menu item name to "BBQ Firewall"