BBQ: Block Bad Queries - Version 20180511

Version Description

To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.

Download this release

Release Info

Developer specialk
Plugin Icon 128x128 BBQ: Block Bad Queries
Version 20180511
Comparing to
See all releases

Code changes from version 20171101 to 20180511

Files changed (3) hide show
  1. block-bad-queries.php +7 -7
  2. languages/block-bad-queries.pot +8 -4
  3. readme.txt +17 -6
block-bad-queries.php CHANGED
@@ -11,8 +11,8 @@
11
  Donate link: https://m0n.co/donate
12
  Requires at least: 4.1
13
  Tested up to: 4.9
14
- Stable tag: 20171101
15
- Version: 20171101
16
  Requires PHP: 5.2
17
  Text Domain: block-bad-queries
18
  Domain Path: /languages
@@ -33,20 +33,20 @@
33
  You should have received a copy of the GNU General Public License
34
  with this program. If not, visit: https://www.gnu.org/licenses/
35
 
36
- Copyright 2017 Monzilla Media. All rights reserved.
37
  */
38
 
39
  if (!defined('ABSPATH')) die();
40
 
41
- if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20171101');
42
  if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
43
  if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
44
  if (!defined('BBQ_URL')) define('BBQ_URL', plugin_dir_url(__FILE__));
45
 
46
  function bbq_core() {
47
 
48
- $request_uri_array = apply_filters('request_uri_items', array('@eval', 'eval\(', 'UNION(.*)SELECT', '\(null\)', 'base64_', '\/localhost', '\%2Flocalhost', '\/pingserver', 'wp-config\.php', '\/config\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'proc\/self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/file\:', '\/php\:', '\/cgi\/', '\.cgi', '\.cmd', '\.bat', '\.exe', '\.sql', '\.ini', '\.dll', '\.htacc', '\.htpas', '\.pass', '\.asp', '\.jsp', '\.tar', '\.bash', '\/\.git', '\/\.svn', ' ', '\<', '\>', '\/\=', '\.\.\.', '\+\+\+', '@@', '\/&&', '\/Nt\.', '\;Nt\.', '\=Nt\.', '\,Nt\.', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\(function\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\('));
49
- $query_string_array = apply_filters('query_string_items', array('@@', '\(0x', '0x3c62723e', '\;\!--\=', '\(\)\}', '\:\;\}\;', '\.\.\/', '127\.0\.0\.1', 'UNION(.*)SELECT', '@eval', 'eval\(', 'base64_', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'input_file', 'execute', 'file_get_contents', 'mosconfig', 'open_basedir', '(benchmark|sleep)(\s|%20)*\(', 'phpinfo\(', 'shell_exec\(', '\/wwwroot', '\/makefile', 'path\=\.', 'mod\=\.', 'wp-config\.php', '\/config\.', '\$_session', '\$_request', '\$_env', '\$_server', '\$_post', '\$_get'));
50
  $user_agent_array = apply_filters('user_agent_items', array('acapbot', '\/bin\/bash', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'md5sum', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'shellshock', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
51
 
52
  $request_uri_string = false;
@@ -84,7 +84,7 @@ function bbq_response() {
84
  header('Status: 403 Forbidden');
85
  header('Connection: Close');
86
 
87
- exit;
88
 
89
  }
90
 
11
  Donate link: https://m0n.co/donate
12
  Requires at least: 4.1
13
  Tested up to: 4.9
14
+ Stable tag: 20180511
15
+ Version: 20180511
16
  Requires PHP: 5.2
17
  Text Domain: block-bad-queries
18
  Domain Path: /languages
33
  You should have received a copy of the GNU General Public License
34
  with this program. If not, visit: https://www.gnu.org/licenses/
35
 
36
+ Copyright 2018 Monzilla Media. All rights reserved.
37
  */
38
 
39
  if (!defined('ABSPATH')) die();
40
 
41
+ if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20180511');
42
  if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
43
  if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
44
  if (!defined('BBQ_URL')) define('BBQ_URL', plugin_dir_url(__FILE__));
45
 
46
  function bbq_core() {
47
 
48
+ $request_uri_array = apply_filters('request_uri_items', array('@eval', 'eval\(', 'UNION(.*)SELECT', '\(null\)', 'base64_', '\/localhost', '\%2Flocalhost', '\/pingserver', 'wp-config\.php', '\/config\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'proc\/self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/file\:', '\/php\:', '\/cgi\/', '\.cgi', '\.cmd', '\.bat', '\.exe', '\.sql', '\.ini', '\.dll', '\.htacc', '\.htpas', '\.pass', '\.asp', '\.jsp', '\.tar', '\.bash', '\/\.git', '\/\.svn', ' ', '\<', '\>', '\/\=', '\.\.\.', '\+\+\+', '@@', '\/&&', '\/Nt\.', '\;Nt\.', '\=Nt\.', '\,Nt\.', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\(function\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\(', 'indoxploi', 'xrumer'));
49
+ $query_string_array = apply_filters('query_string_items', array('@@', '\(0x', '0x3c62723e', '\;\!--\=', '\(\)\}', '\:\;\}\;', '\.\.\/', '127\.0\.0\.1', 'UNION(.*)SELECT', '@eval', 'eval\(', 'base64_', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'input_file', 'execute', 'file_get_contents', 'mosconfig', 'open_basedir', '(benchmark|sleep)(\s|%20)*\(', 'phpinfo\(', 'shell_exec\(', '\/wwwroot', '\/makefile', 'path\=\.', 'mod\=\.', 'wp-config\.php', '\/config\.', '\$_session', '\$_request', '\$_env', '\$_server', '\$_post', '\$_get', 'indoxploi', 'xrumer'));
50
  $user_agent_array = apply_filters('user_agent_items', array('acapbot', '\/bin\/bash', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'md5sum', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'shellshock', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
51
 
52
  $request_uri_string = false;
84
  header('Status: 403 Forbidden');
85
  header('Connection: Close');
86
 
87
+ exit();
88
 
89
  }
90
 
languages/block-bad-queries.pot CHANGED
@@ -3,16 +3,16 @@ msgid ""
3
  msgstr ""
4
  "Project-Id-Version: PACKAGE VERSION\n"
5
  "Report-Msgid-Bugs-To: \n"
6
- "POT-Creation-Date: 2017-03-23 00:49+0000\n"
7
  "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
8
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
9
  "Language-Team: \n"
10
  "Language: \n"
11
- "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION\n"
12
  "MIME-Version: 1.0\n"
13
  "Content-Type: text/plain; charset=UTF-8\n"
14
  "Content-Transfer-Encoding: 8bit\n"
15
- "X-Generator: Loco - https://localise.biz/"
16
 
17
  #: bbq-settings.php:29
18
  msgid "Plugin Information"
@@ -78,7 +78,11 @@ msgstr ""
78
  msgid "Rate this plugin&nbsp;&raquo;"
79
  msgstr ""
80
 
81
- #: bbq-settings.php:132 bbq-settings.php:143
 
 
 
 
82
  msgid "Block Bad Queries"
83
  msgstr ""
84
 
3
  msgstr ""
4
  "Project-Id-Version: PACKAGE VERSION\n"
5
  "Report-Msgid-Bugs-To: \n"
6
+ "POT-Creation-Date: 2018-03-14 20:21+0000\n"
7
  "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
8
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
9
  "Language-Team: \n"
10
  "Language: \n"
11
+ "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
12
  "MIME-Version: 1.0\n"
13
  "Content-Type: text/plain; charset=UTF-8\n"
14
  "Content-Transfer-Encoding: 8bit\n"
15
+ "X-Generator: Loco https://localise.biz/"
16
 
17
  #: bbq-settings.php:29
18
  msgid "Plugin Information"
78
  msgid "Rate this plugin&nbsp;&raquo;"
79
  msgstr ""
80
 
81
+ #: bbq-settings.php:132
82
+ msgid "BBQ Firewall"
83
+ msgstr ""
84
+
85
+ #: bbq-settings.php:143
86
  msgid "Block Bad Queries"
87
  msgstr ""
88
 
readme.txt CHANGED
@@ -11,8 +11,8 @@ Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsul
11
  Donate link: https://m0n.co/donate
12
  Requires at least: 4.1
13
  Tested up to: 4.9
14
- Stable tag: 20171101
15
- Version: 20171101
16
  Requires PHP: 5.2
17
  Text Domain: block-bad-queries
18
  Domain Path: /languages
@@ -29,6 +29,9 @@ The fastest firewall plugin for WordPress.
29
 
30
  [Block Bad Queries](https://perishablepress.com/block-bad-queries/) (BBQ) is a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like `eval(`, `base64_`, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a [strong .htaccess firewall](https://perishablepress.com/6g/).
31
 
 
 
 
32
  **Awesome Features**
33
 
34
  * 100% Plug-n-play functionality
@@ -46,6 +49,7 @@ The fastest firewall plugin for WordPress.
46
  * Hassle-free security plugin that's easy to use
47
  * Thoroughly tested, error-free performance
48
  * Compatible with other security plugins
 
49
  * Customize blocked strings via [Whitelist/Blacklist plugins](https://perishablepress.com/bbq-whitelist-blacklist/)
50
 
51
  **Pro Version**
@@ -160,10 +164,10 @@ I develop and maintain this free plugin with love for the WordPress community. T
160
 
161
  And/or purchase one of my premium WordPress plugins:
162
 
163
- * [BBQ Pro](https://plugin-planet.com/bbq-pro/) - Pro version of Block Bad Queries
164
- * [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) - Pro version of Blackhole for Bad Bots
165
- * [SES Pro](https://plugin-planet.com/ses-pro/) - Super-simple &amp; flexible email signup forms
166
- * [USP Pro](https://plugin-planet.com/usp-pro/) - Pro version of User Submitted Posts
167
 
168
  Links, tweets and likes also appreciated. Thank you! :)
169
 
@@ -171,6 +175,13 @@ Links, tweets and likes also appreciated. Thank you! :)
171
 
172
  == Changelog ==
173
 
 
 
 
 
 
 
 
174
  **2017/11/01**
175
 
176
  * Updates readme.txt :)
11
  Donate link: https://m0n.co/donate
12
  Requires at least: 4.1
13
  Tested up to: 4.9
14
+ Stable tag: 20180511
15
+ Version: 20180511
16
  Requires PHP: 5.2
17
  Text Domain: block-bad-queries
18
  Domain Path: /languages
29
 
30
  [Block Bad Queries](https://perishablepress.com/block-bad-queries/) (BBQ) is a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like `eval(`, `base64_`, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a [strong .htaccess firewall](https://perishablepress.com/6g/).
31
 
32
+ > GDPR-compliant: does not collect any user data
33
+ > Gutenberg-compliant: works perfectly with or without Gutenberg
34
+
35
  **Awesome Features**
36
 
37
  * 100% Plug-n-play functionality
49
  * Hassle-free security plugin that's easy to use
50
  * Thoroughly tested, error-free performance
51
  * Compatible with other security plugins
52
+ * Regularly updated and "future proof"
53
  * Customize blocked strings via [Whitelist/Blacklist plugins](https://perishablepress.com/bbq-whitelist-blacklist/)
54
 
55
  **Pro Version**
164
 
165
  And/or purchase one of my premium WordPress plugins:
166
 
167
+ * [BBQ Pro](https://plugin-planet.com/bbq-pro/) - Super fast WordPress firewall
168
+ * [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) - Automatically block bad bots
169
+ * [Banhammer Pro](https://plugin-planet.com/banhammer-pro/) - Monitor traffic and ban the bad guys
170
+ * [USP Pro](https://plugin-planet.com/usp-pro/) - Unlimited front-end forms
171
 
172
  Links, tweets and likes also appreciated. Thank you! :)
173
 
175
 
176
  == Changelog ==
177
 
178
+ **2018/05/11**
179
+
180
+ * Adds `xrumer` to blocked query strings and request URIs
181
+ * Adds `indoxploi` to blocked query strings and request URIs
182
+ * Generates new translation template
183
+ * Tests on WordPress 5.0
184
+
185
  **2017/11/01**
186
 
187
  * Updates readme.txt :)