BBQ: Block Bad Queries - Version 20201123

Version Description

To upgrade BBQ, remove old version and replace with new version. Or just click "Update" from the Plugins screen and let WordPress do it for you automatically. Nothing else needs done.

Note: uninstalling/deleting the plugin via the WP Plugins screen results in the removal of all settings and email data from the WP database.

Download this release

Release Info

Developer specialk
Plugin Icon 128x128 BBQ: Block Bad Queries
Version 20201123
Comparing to
See all releases

Code changes from version 20201116 to 20201123

Files changed (2) hide show
  1. block-bad-queries.php +11 -7
  2. readme.txt +14 -28
block-bad-queries.php CHANGED
@@ -10,8 +10,8 @@
10
  Donate link: https://monzillamedia.com/donate.html
11
  Requires at least: 4.1
12
  Tested up to: 5.6
13
- Stable tag: 20201116
14
- Version: 20201116
15
  Requires PHP: 5.6.20
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
@@ -37,7 +37,7 @@
37
 
38
  if (!defined('ABSPATH')) die();
39
 
40
- if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20201116');
41
  if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
42
  if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
43
  if (!defined('BBQ_URL')) define('BBQ_URL', plugins_url('/block-bad-queries/'));
@@ -48,7 +48,7 @@ function bbq_core() {
48
 
49
  $query_string_array = apply_filters('query_string_items', array('\(0x', '0x3c62723e', ';!--=', '\(\)\}', ':;\};', '\.\.\/', '\/\*\*\/', '127\.0\.0\.1', 'localhost', 'loopback', '%0a', '%0d', '%00', '%2e%2e', '%0d%0a', '@copy', 'concat(.*)(\(|%28)', 'allow_url_(fopen|include)', '(c99|php|web)shell', 'auto_prepend_file', 'disable_functions?', 'gethostbyname', 'input_file', 'execute', 'safe_mode', 'file_(get|put)_contents', 'mosconfig', 'open_basedir', 'outfile', 'proc_open', 'root_path', 'user_func_array', 'path=\.', 'mod=\.', '(globals|request)(=|\[)', 'f(fclose|fgets|fputs|fsbuff)', '\$_(env|files|get|post|request|server|session)', '(\+|%2b)(concat|delete|get|select|union)(\+|%2b)', '(cmd|command)(=|%3d)(chdir|mkdir)', '(absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?)', '(s)?(ftp|inurl|php)(s)?(:(\/|%2f|%u2215)(\/|%2f|%u2215))', '(\/|%2f)(=|%3d|\$&|_mm|cgi(\.|-)|inurl(:|%3a)(\/|%2f)|(mod|path)(=|%3d)(\.|%2e))', '(;|<|>|\'|"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(\/\*|alter|base64|benchmark|cast|char|concat|convert|create|declare|delete|drop|encode|exec|fopen|function|html|insert|md5|order|request|script|select|set|union|update)'));
50
 
51
- $user_agent_array = apply_filters('user_agent_items', array('&lt;', '%0a', '%0d', '%27', '%3c', '%3e', '%00', '0x00', '\/bin\/bash', '360Spider', 'acapbot', 'acoonbot', 'ahrefs', 'alexibot', 'asterias', 'attackbot', 'backdorbot', 'base64_decode', 'becomebot', 'binlar', 'blackwidow', 'blekkobot', 'blexbot', 'blowfish', 'bullseye', 'bunnys', 'butterfly', 'careerbot', 'casper', 'checkpriv', 'cheesebot', 'cherrypick', 'chinaclaw', 'choppy', 'clshttp', 'cmsworld', 'copernic', 'copyrightcheck', 'cosmos', 'crescent', 'cy_cho', 'datacha', 'demon', 'diavol', 'discobot', 'disconnect', 'dittospyder', 'dotbot', 'dotnetdotcom', 'dumbot', 'emailcollector', 'emailsiphon', 'emailwolf', 'eval\(', 'exabot', 'extract', 'eyenetie', 'feedfinder', 'flaming', 'flashget', 'flicky', 'foobot', 'g00g1e', 'getright', 'gigabot', 'go-ahead-got', 'gozilla', 'grabnet', 'grafula', 'harvest', 'heritrix', 'httrack', 'icarus6j', 'jetbot', 'jetcar', 'jikespider', 'kmccrew', 'leechftp', 'libweb', 'linkextractor', 'linkscan', 'linkwalker', 'loader', 'lwp-download', 'masscan', 'miner', 'majestic', 'md5sum', 'mechanize', 'mj12bot', 'morfeus', 'moveoverbot', 'netmechanic', 'netspider', 'nicerspro', 'nikto', 'ninja', 'nutch', 'octopus', 'pagegrabber', 'planetwork', 'postrank', 'proximic', 'purebot', 'pycurl', 'python', 'queryn', 'queryseeker', 'radian6', 'radiation', 'realdownload', 'remoteview', 'rogerbot', 'scooter', 'seekerspider', 'semalt', '(c99|php|web)shell', 'shellshock', 'siclab', 'sindice', 'sistrix', 'sitebot', 'site(.*)copier', 'siteexplorer', 'sitesnagger', 'skygrid', 'smartdownload', 'snoopy', 'sosospider', 'spankbot', 'spbot', 'sqlmap', 'stackrambler', 'stripper', 'sucker', 'surftbot', 'sux0r', 'suzukacz', 'suzuran', 'takeout', 'teleport', 'telesoft', 'true_robots', 'turingos', 'turnit', 'unserialize', 'vampire', 'vikspider', 'voideye', 'webleacher', 'webreaper', 'webstripper', 'webvac', 'webviewer', 'webwhacker', 'winhttp', 'wwwoffle', 'woxbot', 'xaldon', 'xxxyy', 'yamanalab', 'yioopbot', 'youda', 'zeus', 'zmeu', 'zune', 'zyborg'));
52
 
53
  $referrer_array = apply_filters('referrer_items', array('ambien', 'blue\s?pill', 'ejaculat', 'erectile', 'erections', 'hoodia', 'huronriver', 'impotence', 'levitra', 'libido', 'lipitor', 'phentermin', 'pro[sz]ac', 'sandyauer', 'semalt\.com', 'todaperfeita', 'tramadol', 'ultram', 'unicauca', 'valium', 'viagra', 'vicodin', 'xanax', 'ypxaieo'));
54
 
@@ -59,6 +59,9 @@ function bbq_core() {
59
  $user_agent_string = '';
60
  $referrer_string = '';
61
 
 
 
 
62
  $matches = array();
63
 
64
  if (isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) $request_uri_string = $_SERVER['REQUEST_URI'];
@@ -68,10 +71,11 @@ function bbq_core() {
68
 
69
  if ($request_uri_string || $query_string_string || $user_agent_string || $referrer_string) {
70
 
 
 
71
  if (
72
 
73
- strlen($request_uri_string) > 2000 ||
74
- strlen($referrer_string) > 2000 ||
75
 
76
  preg_match('/'. implode('|', $request_uri_array) .'/i', $request_uri_string, $matches) ||
77
  preg_match('/'. implode('|', $query_string_array) .'/i', $query_string_string, $matches) ||
@@ -80,7 +84,7 @@ function bbq_core() {
80
 
81
  ) {
82
 
83
- // if (isset($matches[0])) error_log('BBQ: '. $matches[0]);
84
 
85
  bbq_response();
86
 
10
  Donate link: https://monzillamedia.com/donate.html
11
  Requires at least: 4.1
12
  Tested up to: 5.6
13
+ Stable tag: 20201123
14
+ Version: 20201123
15
  Requires PHP: 5.6.20
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
37
 
38
  if (!defined('ABSPATH')) die();
39
 
40
+ if (!defined('BBQ_VERSION')) define('BBQ_VERSION', '20201123');
41
  if (!defined('BBQ_FILE')) define('BBQ_FILE', plugin_basename(__FILE__));
42
  if (!defined('BBQ_DIR')) define('BBQ_DIR', plugin_dir_path(__FILE__));
43
  if (!defined('BBQ_URL')) define('BBQ_URL', plugins_url('/block-bad-queries/'));
48
 
49
  $query_string_array = apply_filters('query_string_items', array('\(0x', '0x3c62723e', ';!--=', '\(\)\}', ':;\};', '\.\.\/', '\/\*\*\/', '127\.0\.0\.1', 'localhost', 'loopback', '%0a', '%0d', '%00', '%2e%2e', '%0d%0a', '@copy', 'concat(.*)(\(|%28)', 'allow_url_(fopen|include)', '(c99|php|web)shell', 'auto_prepend_file', 'disable_functions?', 'gethostbyname', 'input_file', 'execute', 'safe_mode', 'file_(get|put)_contents', 'mosconfig', 'open_basedir', 'outfile', 'proc_open', 'root_path', 'user_func_array', 'path=\.', 'mod=\.', '(globals|request)(=|\[)', 'f(fclose|fgets|fputs|fsbuff)', '\$_(env|files|get|post|request|server|session)', '(\+|%2b)(concat|delete|get|select|union)(\+|%2b)', '(cmd|command)(=|%3d)(chdir|mkdir)', '(absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?)', '(s)?(ftp|inurl|php)(s)?(:(\/|%2f|%u2215)(\/|%2f|%u2215))', '(\/|%2f)(=|%3d|\$&|_mm|cgi(\.|-)|inurl(:|%3a)(\/|%2f)|(mod|path)(=|%3d)(\.|%2e))', '(;|<|>|\'|"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(\/\*|alter|base64|benchmark|cast|char|concat|convert|create|declare|delete|drop|encode|exec|fopen|function|html|insert|md5|order|request|script|select|set|union|update)'));
50
 
51
+ $user_agent_array = apply_filters('user_agent_items', array('&lt;', '%0a', '%0d', '%27', '%3c', '%3e', '%00', '0x00', '\/bin\/bash', '360Spider', 'acapbot', 'acoonbot', 'ahrefs', 'alexibot', 'asterias', 'attackbot', 'backdorbot', 'base64_decode', 'becomebot', 'binlar', 'blackwidow', 'blekkobot', 'blexbot', 'blowfish', 'bullseye', 'bunnys', 'butterfly', 'careerbot', 'casper', 'checkpriv', 'cheesebot', 'cherrypick', 'chinaclaw', 'choppy', 'clshttp', 'cmsworld', 'copernic', 'copyrightcheck', 'cosmos', 'crescent', 'cy_cho', 'datacha', 'demon', 'diavol', 'discobot', 'disconnect', 'dittospyder', 'dotbot', 'dotnetdotcom', 'dumbot', 'emailcollector', 'emailsiphon', 'emailwolf', 'eval\(', 'exabot', 'extract', 'eyenetie', 'feedfinder', 'flaming', 'flashget', 'flicky', 'foobot', 'g00g1e', 'getright', 'gigabot', 'go-ahead-got', 'gozilla', 'grabnet', 'grafula', 'harvest', 'heritrix', 'httrack', 'icarus6j', 'jetbot', 'jetcar', 'jikespider', 'kmccrew', 'leechftp', 'libweb', 'linkextractor', 'linkscan', 'linkwalker', 'loader', 'lwp-download', 'masscan', 'miner', 'majestic', 'md5sum', 'mechanize', 'mj12bot', 'morfeus', 'moveoverbot', 'netmechanic', 'netspider', 'nicerspro', 'nikto', 'ninja', 'nutch', 'octopus', 'pagegrabber', 'planetwork', 'postrank', 'proximic', 'purebot', 'pycurl', 'queryn', 'queryseeker', 'radian6', 'radiation', 'realdownload', 'remoteview', 'rogerbot', 'scooter', 'seekerspider', 'semalt', '(c99|php|web)shell', 'shellshock', 'siclab', 'sindice', 'sistrix', 'sitebot', 'site(.*)copier', 'siteexplorer', 'sitesnagger', 'skygrid', 'smartdownload', 'snoopy', 'sosospider', 'spankbot', 'spbot', 'sqlmap', 'stackrambler', 'stripper', 'sucker', 'surftbot', 'sux0r', 'suzukacz', 'suzuran', 'takeout', 'teleport', 'telesoft', 'true_robots', 'turingos', 'turnit', 'unserialize', 'vampire', 'vikspider', 'voideye', 'webleacher', 'webreaper', 'webstripper', 'webvac', 'webviewer', 'webwhacker', 'winhttp', 'wwwoffle', 'woxbot', 'xaldon', 'xxxyy', 'yamanalab', 'yioopbot', 'youda', 'zeus', 'zmeu', 'zune', 'zyborg'));
52
 
53
  $referrer_array = apply_filters('referrer_items', array('ambien', 'blue\s?pill', 'ejaculat', 'erectile', 'erections', 'hoodia', 'huronriver', 'impotence', 'levitra', 'libido', 'lipitor', 'phentermin', 'pro[sz]ac', 'sandyauer', 'semalt\.com', 'todaperfeita', 'tramadol', 'ultram', 'unicauca', 'valium', 'viagra', 'vicodin', 'xanax', 'ypxaieo'));
54
 
59
  $user_agent_string = '';
60
  $referrer_string = '';
61
 
62
+ $long_requests = apply_filters('bbq_long_requests', true);
63
+ $match_logging = apply_filters('bbq_match_logging', false);
64
+
65
  $matches = array();
66
 
67
  if (isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) $request_uri_string = $_SERVER['REQUEST_URI'];
71
 
72
  if ($request_uri_string || $query_string_string || $user_agent_string || $referrer_string) {
73
 
74
+ $check_length = (strlen($request_uri_string) > 2000 || strlen($referrer_string) > 2000) ? true : false;
75
+
76
  if (
77
 
78
+ ($long_requests && $check_length) ||
 
79
 
80
  preg_match('/'. implode('|', $request_uri_array) .'/i', $request_uri_string, $matches) ||
81
  preg_match('/'. implode('|', $query_string_array) .'/i', $query_string_string, $matches) ||
84
 
85
  ) {
86
 
87
+ if ($match_logging && isset($matches[0])) error_log('BBQ: '. $matches[0]);
88
 
89
  bbq_response();
90
 
readme.txt CHANGED
@@ -10,8 +10,8 @@ Contributors: specialk, aldolat, WpBlogHost, jameswilkes, juliobox, lernerconsul
10
  Donate link: https://monzillamedia.com/donate.html
11
  Requires at least: 4.1
12
  Tested up to: 5.6
13
- Stable tag: 20201116
14
- Version: 20201116
15
  Requires PHP: 5.6.20
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
@@ -69,6 +69,7 @@ BBQ provides all the best firewall features:
69
  * Extremely low rate of false positives
70
  * Compatible with other security plugins
71
  * Regularly updated and "future proof"
 
72
 
73
  > For advanced protection and features, check out [BBQ Pro &raquo;](https://plugin-planet.com/bbq-pro/)
74
 
@@ -96,8 +97,9 @@ Once active, BBQ automatically protects your site against threats. Quietly, behi
96
 
97
  * To allow patterns otherwise blocked by BBQ, check out the [BBQ Whitelist plugin](https://perishablepress.com/bbq-whitelist-blacklist/#bbq-whitelist)
98
  * To block patterns otherwise allowed by BBQ, check out the [BBQ Blacklist plugin](https://perishablepress.com/bbq-whitelist-blacklist/#bbq-blacklist)
 
99
 
100
- Note that the [Pro version of BBQ](https://plugin-planet.com/bbq-pro/) makes it possible to customize patterns (add, edit, remove) directly via the plugin settings, with a click.
101
 
102
 
103
  **Uninstalling**
@@ -211,31 +213,7 @@ If you are using some PHP checker that's reporting an error or bad string in BBQ
211
 
212
  **How to enable logging?**
213
 
214
- BBQ can be configured to log the matching pattern for any blocked request. By default, BBQ will add a log entry in the site's default error log. To enable logging, open the file, `block-bad-queries.php`, and locate the following line:
215
-
216
- // if (isset($matches[0])) error_log('BBQ: '. $matches[0]);
217
-
218
- Change that line to this:
219
-
220
- if (isset($matches[0])) error_log('BBQ: '. $matches[0]);
221
-
222
- By removing the `//`, the line will be active and logging enabled. Try a test, visit your homepage and request the following URL:
223
-
224
- https://example.com/eval(
225
-
226
- Replace `example.com` with your site's actual domain. The request should be blocked by BBQ. So now you can visit your site's error log. The blocked pattern, in this case `eval(`, will be recorded in the error log like so:
227
-
228
- BBQ: eval(
229
-
230
- When you have finished testing/logging, make sure to disable logging by replacing this line:
231
-
232
- if (isset($matches[0])) error_log('BBQ: '. $matches[0]);
233
-
234
- With this:
235
-
236
- // if (isset($matches[0])) error_log('BBQ: '. $matches[0]);
237
-
238
- That is the default, which is logging = disabled.
239
 
240
 
241
  **Got a question?**
@@ -270,6 +248,14 @@ Links, tweets and likes also appreciated. Thank you! :)
270
  If you like BBQ, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!
271
 
272
 
 
 
 
 
 
 
 
 
273
  **2020/11/16**
274
 
275
  * Improves XSS protection
10
  Donate link: https://monzillamedia.com/donate.html
11
  Requires at least: 4.1
12
  Tested up to: 5.6
13
+ Stable tag: 20201123
14
+ Version: 20201123
15
  Requires PHP: 5.6.20
16
  Text Domain: block-bad-queries
17
  Domain Path: /languages
69
  * Extremely low rate of false positives
70
  * Compatible with other security plugins
71
  * Regularly updated and "future proof"
72
+ * Lightweight, fast and flexible
73
 
74
  > For advanced protection and features, check out [BBQ Pro &raquo;](https://plugin-planet.com/bbq-pro/)
75
 
97
 
98
  * To allow patterns otherwise blocked by BBQ, check out the [BBQ Whitelist plugin](https://perishablepress.com/bbq-whitelist-blacklist/#bbq-whitelist)
99
  * To block patterns otherwise allowed by BBQ, check out the [BBQ Blacklist plugin](https://perishablepress.com/bbq-whitelist-blacklist/#bbq-blacklist)
100
+ * To customize long-request blocking, pattern-match logging, and response headers, check out the [BBQ Customize plugin](https://perishablepress.com/customize-bbq-firewall/)
101
 
102
+ Note that the [Pro version of BBQ](https://plugin-planet.com/bbq-pro/) makes it possible to customize patterns and everything else directly via the plugin settings, with a click.
103
 
104
 
105
  **Uninstalling**
213
 
214
  **How to enable logging?**
215
 
216
+ BBQ can be configured to log the matching pattern for any blocked request. By default, BBQ will add a log entry in the site's default error log. To enable logging, use the free [customize plugin](https://perishablepress.com/customize-bbq-firewall/).
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
217
 
218
 
219
  **Got a question?**
248
  If you like BBQ, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/block-bad-queries/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!
249
 
250
 
251
+ **2020/11/23**
252
+
253
+ * Removes `python` from the User Agent rules
254
+ * Adds filter for URI long-request blocking
255
+ * Adds filter for enabling logging of blocked requests
256
+ * Releases [customize plugin](https://perishablepress.com/customize-bbq-firewall/) to change default functionality
257
+ * Further tests on WordPress 5.6
258
+
259
  **2020/11/16**
260
 
261
  * Improves XSS protection