BBQ: Block Bad Queries - Version 20180511

Version Description

To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.

Download this release

Release Info

Developer specialk
Plugin Icon 128x128 BBQ: Block Bad Queries
Version 20180511
Comparing to
See all releases

Code changes from version 20171101 to 20180511

block-bad-queries.php CHANGED
@@ -11,8 +11,8 @@
11
Donate link: https://m0n.co/donate
12
Requires at least: 4.1
13
Tested up to: 4.9
14
- Stable tag: 20171101
15
- Version: 20171101
16
Requires PHP: 5.2
17
Text Domain: block-bad-queries
18
Domain Path: /languages
@@ -33,20 +33,20 @@
33
You should have received a copy of the GNU General Public License
34
with this program. If not, visit: https://www.gnu.org/licenses/
35
36
- Copyright 2017 Monzilla Media. All rights reserved.
37
*/
38
39
if (!defined('ABSPATH')) die();
40
41
- if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20171101');
42
if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
43
if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
44
if (!defined('BBQ_URL')) define('BBQ_URL', plugin_dir_url(__FILE__));
45
46
function bbq_core() {
47
48
- $request_uri_array = apply_filters('request_uri_items', array('@eval', 'eval\(', 'UNION(.*)SELECT', '\(null\)', 'base64_', '\/localhost', '\%2Flocalhost', '\/pingserver', 'wp-config\.php', '\/config\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'proc\/self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/file\:', '\/php\:', '\/cgi\/', '\.cgi', '\.cmd', '\.bat', '\.exe', '\.sql', '\.ini', '\.dll', '\.htacc', '\.htpas', '\.pass', '\.asp', '\.jsp', '\.tar', '\.bash', '\/\.git', '\/\.svn', ' ', '\<', '\>', '\/\=', '\.\.\.', '\+\+\+', '@@', '\/&&', '\/Nt\.', '\;Nt\.', '\=Nt\.', '\,Nt\.', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\(function\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\('));
49
- $query_string_array = apply_filters('query_string_items', array('@@', '\(0x', '0x3c62723e', '\;\!--\=', '\(\)\}', '\:\;\}\;', '\.\.\/', '127\.0\.0\.1', 'UNION(.*)SELECT', '@eval', 'eval\(', 'base64_', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'input_file', 'execute', 'file_get_contents', 'mosconfig', 'open_basedir', '(benchmark|sleep)(\s|%20)*\(', 'phpinfo\(', 'shell_exec\(', '\/wwwroot', '\/makefile', 'path\=\.', 'mod\=\.', 'wp-config\.php', '\/config\.', '\$_session', '\$_request', '\$_env', '\$_server', '\$_post', '\$_get'));
50
$user_agent_array = apply_filters('user_agent_items', array('acapbot', '\/bin\/bash', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'md5sum', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'shellshock', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
51
52
$request_uri_string = false;
@@ -84,7 +84,7 @@ function bbq_response() {
84
header('Status: 403 Forbidden');
85
header('Connection: Close');
86
87
- exit;
88
89
}
90
11
Donate link: https://m0n.co/donate
12
Requires at least: 4.1
13
Tested up to: 4.9
14
+ Stable tag: 20180511
15
+ Version: 20180511
16
Requires PHP: 5.2
17
Text Domain: block-bad-queries
18
Domain Path: /languages
33
You should have received a copy of the GNU General Public License
34
with this program. If not, visit: https://www.gnu.org/licenses/
35
36
+ Copyright 2018 Monzilla Media. All rights reserved.
37
*/
38
39
if (!defined('ABSPATH')) die();
40
41
+ if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20180511');
42
if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
43
if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
44
if (!defined('BBQ_URL')) define('BBQ_URL', plugin_dir_url(__FILE__));
45
46
function bbq_core() {
47
48
+ $request_uri_array = apply_filters('request_uri_items', array('@eval', 'eval\(', 'UNION(.*)SELECT', '\(null\)', 'base64_', '\/localhost', '\%2Flocalhost', '\/pingserver', 'wp-config\.php', '\/config\.', '\/wwwroot', '\/makefile', 'crossdomain\.', 'proc\/self\/environ', 'usr\/bin\/perl', 'var\/lib\/php', 'etc\/passwd', '\/https\:', '\/http\:', '\/ftp\:', '\/file\:', '\/php\:', '\/cgi\/', '\.cgi', '\.cmd', '\.bat', '\.exe', '\.sql', '\.ini', '\.dll', '\.htacc', '\.htpas', '\.pass', '\.asp', '\.jsp', '\.tar', '\.bash', '\/\.git', '\/\.svn', ' ', '\<', '\>', '\/\=', '\.\.\.', '\+\+\+', '@@', '\/&&', '\/Nt\.', '\;Nt\.', '\=Nt\.', '\,Nt\.', '\.exec\(', '\)\.html\(', '\{x\.html\(', '\(function\(', '\.php\([0-9]+\)', '(benchmark|sleep)(\s|%20)*\(', 'indoxploi', 'xrumer'));
49
+ $query_string_array = apply_filters('query_string_items', array('@@', '\(0x', '0x3c62723e', '\;\!--\=', '\(\)\}', '\:\;\}\;', '\.\.\/', '127\.0\.0\.1', 'UNION(.*)SELECT', '@eval', 'eval\(', 'base64_', 'localhost', 'loopback', '\%0A', '\%0D', '\%00', '\%2e\%2e', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'input_file', 'execute', 'file_get_contents', 'mosconfig', 'open_basedir', '(benchmark|sleep)(\s|%20)*\(', 'phpinfo\(', 'shell_exec\(', '\/wwwroot', '\/makefile', 'path\=\.', 'mod\=\.', 'wp-config\.php', '\/config\.', '\$_session', '\$_request', '\$_env', '\$_server', '\$_post', '\$_get', 'indoxploi', 'xrumer'));
50
$user_agent_array = apply_filters('user_agent_items', array('acapbot', '\/bin\/bash', 'binlar', 'casper', 'cmswor', 'diavol', 'dotbot', 'finder', 'flicky', 'md5sum', 'morfeus', 'nutch', 'planet', 'purebot', 'pycurl', 'semalt', 'shellshock', 'skygrid', 'snoopy', 'sucker', 'turnit', 'vikspi', 'zmeu'));
51
52
$request_uri_string = false;
84
header('Status: 403 Forbidden');
85
header('Connection: Close');
86
87
+ exit();
88
89
}
90
languages/block-bad-queries.pot CHANGED
@@ -3,16 +3,16 @@ msgid ""
3
msgstr ""
4
"Project-Id-Version: PACKAGE VERSION\n"
5
"Report-Msgid-Bugs-To: \n"
6
- "POT-Creation-Date: 2017-03-23 00:49+0000\n"
7
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
8
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
9
"Language-Team: \n"
10
"Language: \n"
11
- "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION\n"
12
"MIME-Version: 1.0\n"
13
"Content-Type: text/plain; charset=UTF-8\n"
14
"Content-Transfer-Encoding: 8bit\n"
15
- "X-Generator: Loco - https://localise.biz/"
16
17
#: bbq-settings.php:29
18
msgid "Plugin Information"
@@ -78,7 +78,11 @@ msgstr ""
78
msgid "Rate this plugin&nbsp;&raquo;"
79
msgstr ""
80
81
- #: bbq-settings.php:132 bbq-settings.php:143
82
msgid "Block Bad Queries"
83
msgstr ""
84
3
msgstr ""
4
"Project-Id-Version: PACKAGE VERSION\n"
5
"Report-Msgid-Bugs-To: \n"
6
+ "POT-Creation-Date: 2018-03-14 20:21+0000\n"
7
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
8
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
9
"Language-Team: \n"
10
"Language: \n"
11
+ "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
12
"MIME-Version: 1.0\n"
13
"Content-Type: text/plain; charset=UTF-8\n"
14
"Content-Transfer-Encoding: 8bit\n"
15
+ "X-Generator: Loco https://localise.biz/"
16
17
#: bbq-settings.php:29
18
msgid "Plugin Information"
78
msgid "Rate this plugin&nbsp;&raquo;"
79
msgstr ""
80
81
+ #: bbq-settings.php:132
82
+ msgid "BBQ Firewall"
83
+ msgstr ""
84
+
85
+ #: bbq-settings.php:143
86
msgid "Block Bad Queries"
87
msgstr ""
88
readme.txt CHANGED
@@ -11,8 +11,8 @@ Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsul
11
Donate link: https://m0n.co/donate
12
Requires at least: 4.1
13
Tested up to: 4.9
14
- Stable tag: 20171101
15
- Version: 20171101
16
Requires PHP: 5.2
17
Text Domain: block-bad-queries
18
Domain Path: /languages
@@ -29,6 +29,9 @@ The fastest firewall plugin for WordPress.
29
30
[Block Bad Queries](https://perishablepress.com/block-bad-queries/) (BBQ) is a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like `eval(`, `base64_`, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a [strong .htaccess firewall](https://perishablepress.com/6g/).
31
32
**Awesome Features**
33
34
* 100% Plug-n-play functionality
@@ -46,6 +49,7 @@ The fastest firewall plugin for WordPress.
46
* Hassle-free security plugin that's easy to use
47
* Thoroughly tested, error-free performance
48
* Compatible with other security plugins
49
* Customize blocked strings via [Whitelist/Blacklist plugins](https://perishablepress.com/bbq-whitelist-blacklist/)
50
51
**Pro Version**
@@ -160,10 +164,10 @@ I develop and maintain this free plugin with love for the WordPress community. T
160
161
And/or purchase one of my premium WordPress plugins:
162
163
- * [BBQ Pro](https://plugin-planet.com/bbq-pro/) - Pro version of Block Bad Queries
164
- * [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) - Pro version of Blackhole for Bad Bots
165
- * [SES Pro](https://plugin-planet.com/ses-pro/) - Super-simple &amp; flexible email signup forms
166
- * [USP Pro](https://plugin-planet.com/usp-pro/) - Pro version of User Submitted Posts
167
168
Links, tweets and likes also appreciated. Thank you! :)
169
@@ -171,6 +175,13 @@ Links, tweets and likes also appreciated. Thank you! :)
171
172
== Changelog ==
173
174
**2017/11/01**
175
176
* Updates readme.txt :)
11
Donate link: https://m0n.co/donate
12
Requires at least: 4.1
13
Tested up to: 4.9
14
+ Stable tag: 20180511
15
+ Version: 20180511
16
Requires PHP: 5.2
17
Text Domain: block-bad-queries
18
Domain Path: /languages
29
30
[Block Bad Queries](https://perishablepress.com/block-bad-queries/) (BBQ) is a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like `eval(`, `base64_`, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a [strong .htaccess firewall](https://perishablepress.com/6g/).
31
32
+ > GDPR-compliant: does not collect any user data
33
+ > Gutenberg-compliant: works perfectly with or without Gutenberg
34
+
35
**Awesome Features**
36
37
* 100% Plug-n-play functionality
49
* Hassle-free security plugin that's easy to use
50
* Thoroughly tested, error-free performance
51
* Compatible with other security plugins
52
+ * Regularly updated and "future proof"
53
* Customize blocked strings via [Whitelist/Blacklist plugins](https://perishablepress.com/bbq-whitelist-blacklist/)
54
55
**Pro Version**
164
165
And/or purchase one of my premium WordPress plugins:
166
167
+ * [BBQ Pro](https://plugin-planet.com/bbq-pro/) - Super fast WordPress firewall
168
+ * [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) - Automatically block bad bots
169
+ * [Banhammer Pro](https://plugin-planet.com/banhammer-pro/) - Monitor traffic and ban the bad guys
170
+ * [USP Pro](https://plugin-planet.com/usp-pro/) - Unlimited front-end forms
171
172
Links, tweets and likes also appreciated. Thank you! :)
173
175
176
== Changelog ==
177
178
+ **2018/05/11**
179
+
180
+ * Adds `xrumer` to blocked query strings and request URIs
181
+ * Adds `indoxploi` to blocked query strings and request URIs
182
+ * Generates new translation template
183
+ * Tests on WordPress 5.0
184
+
185
**2017/11/01**
186
187
* Updates readme.txt :)