BBQ: Block Bad Queries - Version 20171019

Version Description

To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.

Download this release

Release Info

Developer specialk
Plugin Icon 128x128 BBQ: Block Bad Queries
Version 20171019
Comparing to
See all releases

Code changes from version 20170730 to 20171019

Files changed (2) hide show
  1. block-bad-queries.php +8 -7
  2. readme.txt +18 -3
block-bad-queries.php CHANGED
@@ -10,9 +10,10 @@
10
Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
Donate link: https://m0n.co/donate
12
Requires at least: 4.1
13
- Tested up to: 4.8
14
- Stable tag: 20170730
15
- Version: 20170730
16
Text Domain: block-bad-queries
17
Domain Path: /languages
18
License: GPLv2 or later
@@ -37,16 +38,16 @@
37
38
if (!defined('ABSPATH')) die();
39
40
- if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20170730');
41
if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
42
if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
43
if (!defined('BBQ_URL')) define('BBQ_URL', plugin_dir_url(__FILE__));
44
45
function bbq_core() {
46
47
- $request_uri_array = apply_filters('request_uri_items', array('eval\(', 'UNION(.*)SELECT', '\(null\)', 'base64_', '\/localhost', '\%2Flocalhost', '\/pingserver', '\/config\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'proc\/self\/environ', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/cgi\/', '\.cgi', '\.exe', '\.sql', '\.ini', '\.dll', '\.asp', '\.jsp', '\/\.bash', '\/\.git', '\/\.svn', '\/\.tar', ' ', '\<', '\>', '\/\=', '\.\.\.', '\+\+\+', '\/&&', '\/Nt\.', '\;Nt\.', '\=Nt\.', '\,Nt\.', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\(function\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\('));
48
- $query_string_array = apply_filters('query_string_items', array('\.\.\/', '127\.0\.0\.1', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'input_file', 'execute', 'mosconfig', 'path\=\.', 'mod\=\.', 'wp-config\.php'));
49
- $user_agent_array = apply_filters('user_agent_items', array('acapbot', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
50
51
$request_uri_string = false;
52
$query_string_string = false;
10
Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
Donate link: https://m0n.co/donate
12
Requires at least: 4.1
13
+ Tested up to: 4.9
14
+ Stable tag: 20171019
15
+ Version: 20171019
16
+ Requires PHP: 5.2
17
Text Domain: block-bad-queries
18
Domain Path: /languages
19
License: GPLv2 or later
38
39
if (!defined('ABSPATH')) die();
40
41
+ if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20171019');
42
if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
43
if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
44
if (!defined('BBQ_URL')) define('BBQ_URL', plugin_dir_url(__FILE__));
45
46
function bbq_core() {
47
48
+ $request_uri_array = apply_filters('request_uri_items', array('@eval', 'eval\(', 'UNION(.*)SELECT', '\(null\)', 'base64_', '\/localhost', '\%2Flocalhost', '\/pingserver', 'wp-config\.php', '\/config\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'proc\/self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/file\:', '\/php\:', '\/cgi\/', '\.cgi', '\.cmd', '\.bat', '\.exe', '\.sql', '\.ini', '\.dll', '\.htacc', '\.htpas', '\.pass', '\.asp', '\.jsp', '\.tar', '\.bash', '\/\.git', '\/\.svn', ' ', '\<', '\>', '\/\=', '\.\.\.', '\+\+\+', '@@', '\/&&', '\/Nt\.', '\;Nt\.', '\=Nt\.', '\,Nt\.', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\(function\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\('));
49
+ $query_string_array = apply_filters('query_string_items', array('@@', '\(0x', '0x3c62723e', '\;\!--\=', '\(\)\}', '\:\;\}\;', '\.\.\/', '127\.0\.0\.1', 'UNION(.*)SELECT', '@eval', 'eval\(', 'base64_', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'input_file', 'execute', 'file_get_contents', 'mosconfig', 'open_basedir', '(benchmark|sleep)(\s|%20)*\(', 'phpinfo\(', 'shell_exec\(', '\/wwwroot', '\/makefile', 'path\=\.', 'mod\=\.', 'wp-config\.php', '\/config\.', '\$_session', '\$_request', '\$_env', '\$_server', '\$_post', '\$_get'));
50
+ $user_agent_array = apply_filters('user_agent_items', array('acapbot', '\/bin\/bash', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'md5sum', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'shellshock', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
51
52
$request_uri_string = false;
53
$query_string_string = false;
readme.txt CHANGED
@@ -10,9 +10,10 @@ Author URI: https://plugin-planet.com/
10
Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
Donate link: https://m0n.co/donate
12
Requires at least: 4.1
13
- Tested up to: 4.8
14
- Stable tag: 20170730
15
- Version: 20170730
16
Text Domain: block-bad-queries
17
Domain Path: /languages
18
License: GPLv2 or later
@@ -137,6 +138,11 @@ Nope! BBQ is available in the following flavors:
137
So you can check out the Standalone PHP Script for sites that are not running WordPress.
138
139
140
**Got a question?**
141
142
Send any questions or feedback via my [contact form](https://perishablepress.com/contact/).
@@ -165,6 +171,15 @@ Links, tweets and likes also appreciated. Thank you! :)
165
166
== Changelog ==
167
168
**2017/07/30**
169
170
* Changed menu item name to "BBQ Firewall"
10
Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsult
11
Donate link: https://m0n.co/donate
12
Requires at least: 4.1
13
+ Tested up to: 4.9
14
+ Stable tag: 20171019
15
+ Version: 20171019
16
+ Requires PHP: 5.2
17
Text Domain: block-bad-queries
18
Domain Path: /languages
19
License: GPLv2 or later
138
So you can check out the Standalone PHP Script for sites that are not running WordPress.
139
140
141
+ **Do you offer any other security plugins?**
142
+
143
+ Yes, check out [Blackhole for Bad Bots](https://wordpress.org/plugins/blackhole-bad-bots/) to protect your site against bad bots. I also have a [video course on WordPress security](https://m0n.co/securewp), for more plugin recommendations and lots of tips and tricks.
144
+
145
+
146
**Got a question?**
147
148
Send any questions or feedback via my [contact form](https://perishablepress.com/contact/).
171
172
== Changelog ==
173
174
+ **2017/10/19**
175
+
176
+ * Changes `\/\.tar` to `\.tar` in Request patterns
177
+ * Changes `\/\.bash` to `\.bash` in Request patterns
178
+ * Adds new User Agent patterns: `shellshock`, `md5sum`, `\/bin\/bash`
179
+ * Adds new Request patterns: `@@`, `@eval`, `\/file\:`, `\/php\:`, `\.cmd`, `\.bat`, `\.htacc`, `\.htpas`, `\.pass`, `usr\/bin\/perl`, `var\/lib\/php`, `wp-config\.php`
180
+ * Adds new Query String patterns: `@@`, `\(0x`, `0x3c62723e`, `\(\)\}`, `\:\;\}\;`, `\;\!--\=`, `@eval`, `eval\(`, `base64_`, `UNION(.*)SELECT`, `\/config\.`, `\/wwwroot`, `\/makefile`, `\$_session`, `\$_request`, `\$_env`, `\$_server`, `\$_post`, `\$_get`, `phpinfo\(`, `shell_exec\(`, `file_get_contents`, `allow_url_include`, `disable_functions`, `auto_prepend_file`, `open_basedir`, `(benchmark|sleep)(\s|%20)*\(`
181
+ * Tests on WordPress 4.9
182
+
183
**2017/07/30**
184
185
* Changed menu item name to "BBQ Firewall"