Shield Security for WordPress - Version 15.0.9

Version Description

Download this release

Release Info

Developer paultgoodchild
Plugin Icon 128x128 Shield Security for WordPress
Version 15.0.9
Comparing to
See all releases

Code changes from version 15.0.8 to 15.0.9

Files changed (11) hide show
  1. cl.json +12 -1
  2. icwp-wpsf.php +1 -1
  3. plugin-spec.php +3 -3
  4. plugin.json +3 -3
  5. readme.txt +2 -2
  6. src/lib/src/Modules/Plugin/Debug.php +8 -1
  7. src/lib/vendor/composer/autoload_classmap.php +1 -0
  8. src/lib/vendor/composer/autoload_static.php +1 -0
  9. src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/IpUtils.php +5 -9
  10. src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/Net/IpID.php +3 -8
  11. src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/Net/VerifyHostToIP.php +43 -0
cl.json CHANGED
@@ -19,7 +19,8 @@
19
  "description": [
20
  "Massive performance and processing optimisations with a brand new core Shield Rules Engine.",
21
  "All requests are now processed using a unique and customisable (future releases) set of rules."
22
- ]
 
23
  },
24
  {
25
  "type": "new",
@@ -206,6 +207,16 @@
206
  "type": "fixed"
207
  }
208
  ]
 
 
 
 
 
 
 
 
 
 
209
  }
210
  ]
211
  },
19
  "description": [
20
  "Massive performance and processing optimisations with a brand new core Shield Rules Engine.",
21
  "All requests are now processed using a unique and customisable (future releases) set of rules."
22
+ ],
23
+ "href": "https://shsec.io/ks"
24
  },
25
  {
26
  "type": "new",
207
  "type": "fixed"
208
  }
209
  ]
210
+ },
211
+ {
212
+ "version": "9",
213
+ "released_at": 1652433200,
214
+ "items": [
215
+ {
216
+ "title": "More accurate detection of crawlers such as Facebook that interchange IPv6 and IPv4 in their primary IP resolving.",
217
+ "type": "improved"
218
+ }
219
+ ]
220
  }
221
  ]
222
  },
icwp-wpsf.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Shield Security
4
  * Plugin URI: https://shsec.io/2f
5
  * Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6
- * Version: 15.0.8
7
  * Text Domain: wp-simple-firewall
8
  * Domain Path: /languages
9
  * Author: Shield Security
3
  * Plugin Name: Shield Security
4
  * Plugin URI: https://shsec.io/2f
5
  * Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6
+ * Version: 15.0.9
7
  * Text Domain: wp-simple-firewall
8
  * Domain Path: /languages
9
  * Author: Shield Security
plugin-spec.php CHANGED
@@ -1,8 +1,8 @@
1
  {
2
  "properties": {
3
- "version": "15.0.8",
4
- "release_timestamp": 1652357000,
5
- "build": "202205.1202",
6
  "slug_parent": "icwp",
7
  "slug_plugin": "wpsf",
8
  "human_name": "Shield Security",
1
  {
2
  "properties": {
3
+ "version": "15.0.9",
4
+ "release_timestamp": 1652433200,
5
+ "build": "202205.1301",
6
  "slug_parent": "icwp",
7
  "slug_plugin": "wpsf",
8
  "human_name": "Shield Security",
plugin.json CHANGED
@@ -1,8 +1,8 @@
1
  {
2
  "properties": {
3
- "version": "15.0.8",
4
- "release_timestamp": 1652357000,
5
- "build": "202205.1202",
6
  "slug_parent": "icwp",
7
  "slug_plugin": "wpsf",
8
  "human_name": "Shield Security",
1
  {
2
  "properties": {
3
+ "version": "15.0.9",
4
+ "release_timestamp": 1652433200,
5
+ "build": "202205.1301",
6
  "slug_parent": "icwp",
7
  "slug_plugin": "wpsf",
8
  "human_name": "Shield Security",
readme.txt CHANGED
@@ -8,9 +8,9 @@ Requires at least: 3.7
8
  Requires PHP: 7.0
9
  Recommended PHP: 7.4
10
  Tested up to: 6.0
11
- Stable tag: 15.0.8
12
 
13
- No-Nonsense Security Hardening that protects WordPress against hackers, malicious bots, and spammers (no captchas!). Now with exclusive ShieldNET Technology.
14
 
15
  == Description ==
16
 
8
  Requires PHP: 7.0
9
  Recommended PHP: 7.4
10
  Tested up to: 6.0
11
+ Stable tag: 15.0.9
12
 
13
+ Bad Bots Are Your #1 Security Risk. Malware is a symptom of poor security, not its cause. Discover the advantage of powerful security over marketing.
14
 
15
  == Description ==
16
 
src/lib/src/Modules/Plugin/Debug.php CHANGED
@@ -11,10 +11,17 @@ use FernleafSystems\Wordpress\Services\Utilities\Net\IpID;
11
  class Debug extends Modules\Base\Debug {
12
 
13
  public function run() {
14
- $this->checkIP( '88.201.163.83' );
15
  die( 'finish' );
16
  }
17
 
 
 
 
 
 
 
 
18
  private function checkIP( string $ip ) {
19
  $id = ( new IpID( $ip, 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' ) )->run();
20
  var_dump( $id );
11
  class Debug extends Modules\Base\Debug {
12
 
13
  public function run() {
14
+ $this->testAAAA( 'fwdproxy-odn-017.fbsv.net' );
15
  die( 'finish' );
16
  }
17
 
18
+ private function testAAAA( string $hostname ) {
19
+ $id = ( new IpID('2a03:2880:32ff:11::face:b00c', 'facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)') )->run();
20
+ var_dump($id);
21
+ // $record = dns_get_record( $hostname, DNS_AAAA );
22
+ // var_dump( $record );
23
+ }
24
+
25
  private function checkIP( string $ip ) {
26
  $id = ( new IpID( $ip, 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' ) )->run();
27
  var_dump( $id );
src/lib/vendor/composer/autoload_classmap.php CHANGED
@@ -1295,6 +1295,7 @@ return array(
1295
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\BaseIP' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Net/BaseIP.php',
1296
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\FindSourceFromIp' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Net/FindSourceFromIp.php',
1297
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\IpID' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Net/IpID.php',
 
1298
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\VisitorIpDetection' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Net/VisitorIpDetection.php',
1299
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Obfuscate' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Obfuscate.php',
1300
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Options\\TestCanUseTransients' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Options/TestCanUseTransients.php',
1295
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\BaseIP' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Net/BaseIP.php',
1296
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\FindSourceFromIp' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Net/FindSourceFromIp.php',
1297
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\IpID' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Net/IpID.php',
1298
+ 'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\VerifyHostToIP' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Net/VerifyHostToIP.php',
1299
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\VisitorIpDetection' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Net/VisitorIpDetection.php',
1300
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Obfuscate' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Obfuscate.php',
1301
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Options\\TestCanUseTransients' => $vendorDir . '/fernleafsystems/wordpress-services/src/Utilities/Options/TestCanUseTransients.php',
src/lib/vendor/composer/autoload_static.php CHANGED
@@ -1482,6 +1482,7 @@ class ComposerStaticInit4fc2c6daaffaf40b64b79b6d26830171
1482
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\BaseIP' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Net/BaseIP.php',
1483
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\FindSourceFromIp' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Net/FindSourceFromIp.php',
1484
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\IpID' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Net/IpID.php',
 
1485
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\VisitorIpDetection' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Net/VisitorIpDetection.php',
1486
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Obfuscate' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Obfuscate.php',
1487
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Options\\TestCanUseTransients' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Options/TestCanUseTransients.php',
1482
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\BaseIP' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Net/BaseIP.php',
1483
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\FindSourceFromIp' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Net/FindSourceFromIp.php',
1484
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\IpID' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Net/IpID.php',
1485
+ 'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\VerifyHostToIP' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Net/VerifyHostToIP.php',
1486
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Net\\VisitorIpDetection' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Net/VisitorIpDetection.php',
1487
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Obfuscate' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Obfuscate.php',
1488
  'FernleafSystems\\Wordpress\\Services\\Utilities\\Options\\TestCanUseTransients' => __DIR__ . '/..' . '/fernleafsystems/wordpress-services/src/Utilities/Options/TestCanUseTransients.php',
src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/IpUtils.php CHANGED
@@ -47,12 +47,11 @@ class IpUtils {
47
 
48
  /**
49
  * Checks if an IPv4 or IPv6 address is contained in the list of given IPs or subnets.
50
- * @param string $requestIp IP to check
51
- * @param string|array $ips List of IPs or subnets (can be a string if only a single one)
52
- * @param bool $throwException Whether to throw the exception on IPv6 support lacking
53
  * @return bool Whether the IP is valid
54
  */
55
- public static function checkIp( $requestIp, $ips, $throwException = false ) {
56
  $isIP = false;
57
 
58
  if ( !is_array( $ips ) ) {
@@ -68,9 +67,6 @@ class IpUtils {
68
  }
69
  }
70
  catch ( \Exception $e ) {
71
- if ( $throwException ) {
72
- throw $e;
73
- }
74
  $isIP = false;
75
  }
76
  }
@@ -85,7 +81,7 @@ class IpUtils {
85
  * @param string $ip IPv4 address or subnet in CIDR notation
86
  * @return bool Whether the IP is valid
87
  */
88
- public static function checkIp4( $requestIp, $ip ) {
89
  $isIP = false;
90
 
91
  if ( filter_var( $requestIp, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4 ) ) {
@@ -121,7 +117,7 @@ class IpUtils {
121
  * @author David Soria Parra <dsp at php dot net>
122
  * @see https://github.com/dsp/v6tools
123
  */
124
- public static function checkIp6( $requestIp, $ip ) {
125
  if ( !( ( extension_loaded( 'sockets' ) && defined( 'AF_INET6' ) ) || @inet_pton( '::1' ) ) ) {
126
  throw new \Exception( 'Unable to check Ipv6. Check that PHP was not compiled with option "disable-ipv6".' );
127
  }
47
 
48
  /**
49
  * Checks if an IPv4 or IPv6 address is contained in the list of given IPs or subnets.
50
+ * @param string $requestIp IP to check
51
+ * @param string|array $ips List of IPs or subnets (can be a string if only a single one)
 
52
  * @return bool Whether the IP is valid
53
  */
54
+ public static function checkIp( $requestIp, $ips ) :bool {
55
  $isIP = false;
56
 
57
  if ( !is_array( $ips ) ) {
67
  }
68
  }
69
  catch ( \Exception $e ) {
 
 
 
70
  $isIP = false;
71
  }
72
  }
81
  * @param string $ip IPv4 address or subnet in CIDR notation
82
  * @return bool Whether the IP is valid
83
  */
84
+ public static function checkIp4( $requestIp, $ip ) :bool {
85
  $isIP = false;
86
 
87
  if ( filter_var( $requestIp, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4 ) ) {
117
  * @author David Soria Parra <dsp at php dot net>
118
  * @see https://github.com/dsp/v6tools
119
  */
120
+ public static function checkIp6( $requestIp, $ip ) :bool {
121
  if ( !( ( extension_loaded( 'sockets' ) && defined( 'AF_INET6' ) ) || @inet_pton( '::1' ) ) ) {
122
  throw new \Exception( 'Unable to check Ipv6. Check that PHP was not compiled with option "disable-ipv6".' );
123
  }
src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/Net/IpID.php CHANGED
@@ -125,12 +125,7 @@ class IpID {
125
  }
126
  elseif ( $this->ignoreUserAgentInChecks || $this->verifyAgent( $crawlerSpec ) ) {
127
  // Only verify IP if the UserAgent is provided.
128
- $host = @gethostbyaddr( $this->ip ); // returns the ip on failure
129
- $isVerifiedCrawlerBot = !empty( $host ) && ( $host !== $this->ip )
130
- && preg_match( $crawlerSpec[ 'host_pattern' ], $host )
131
- && gethostbyname( $host ) === $this->ip;
132
-
133
- if ( $isVerifiedCrawlerBot ) {
134
  $updateIpStorage = true;
135
  $crawlerIPs[ $crawlerSlug ][ $this->ip ] = $now;
136
  }
@@ -138,9 +133,9 @@ class IpID {
138
 
139
  if ( $updateIpStorage ) {
140
  // First clean all crawlers of stale IPs.
141
- foreach ( $crawlerIPs as $slug => $IPs ) {
142
  $crawlerIPs[ $slug ] = array_filter(
143
- $crawlerIPs[ $crawlerSlug ],
144
  function ( int $ts ) use ( $now ) {
145
  return ( $now - $ts ) < \WEEK_IN_SECONDS*2;
146
  }
125
  }
126
  elseif ( $this->ignoreUserAgentInChecks || $this->verifyAgent( $crawlerSpec ) ) {
127
  // Only verify IP if the UserAgent is provided.
128
+ if ( ( new VerifyHostToIP() )->run( $this->ip, $crawlerSpec[ 'host_pattern' ] ) ) {
 
 
 
 
 
129
  $updateIpStorage = true;
130
  $crawlerIPs[ $crawlerSlug ][ $this->ip ] = $now;
131
  }
133
 
134
  if ( $updateIpStorage ) {
135
  // First clean all crawlers of stale IPs.
136
+ foreach ( array_keys( $crawlerIPs ) as $slug ) {
137
  $crawlerIPs[ $slug ] = array_filter(
138
+ $crawlerIPs[ $slug ],
139
  function ( int $ts ) use ( $now ) {
140
  return ( $now - $ts ) < \WEEK_IN_SECONDS*2;
141
  }
src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/Net/VerifyHostToIP.php ADDED
@@ -0,0 +1,43 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php declare( strict_types=1 );
2
+
3
+ namespace FernleafSystems\Wordpress\Services\Utilities\Net;
4
+
5
+ use FernleafSystems\Wordpress\Services\Services;
6
+
7
+ class VerifyHostToIP {
8
+
9
+ public function run( string $ip, string $hostnameRegex ) :bool {
10
+ $srvIP = Services::IP();
11
+
12
+ $isVerifiedCrawlerBot = false;
13
+
14
+ // 1. Can we resolve the IP to a hostname
15
+ $hostname = @gethostbyaddr( $ip ); // returns the ip on failure
16
+ if ( !empty( $hostname ) && ( $hostname !== $ip ) ) {
17
+
18
+ // 2. Does the hostname match the pattern we're expecting?
19
+ $isHostnameMatch = preg_match( $hostnameRegex, $hostname );
20
+ if ( $isHostnameMatch ) {
21
+
22
+ $forwardIP = gethostbyname( $hostname );
23
+
24
+ // i.e. the IP could be resolved from the host.
25
+ if ( $forwardIP !== $hostname && $srvIP->isValidIp( $forwardIP ) ) {
26
+
27
+ // 3. Did the forward DNS lookup bring us back to the original IP? Win!
28
+ if ( $srvIP->checkIp( $forwardIP, $ip ) ) {
29
+ $isVerifiedCrawlerBot = true;
30
+ }
31
+ elseif ( $srvIP->getIpVersion( $forwardIP ) !== $srvIP->getIpVersion( $ip ) ) {
32
+ // Perhaps the IP we started with was maybe IPv6, but the forward lookup was IPv4 (or vice-versa)
33
+ // Now we need to test whether the rDNS for the new forward IP brings us back to the same hostname.
34
+ $alternativeHostname = @gethostbyaddr( $forwardIP ); // returns the ip on failure
35
+ $isVerifiedCrawlerBot = $alternativeHostname === $hostname;
36
+ }
37
+ }
38
+ }
39
+ }
40
+
41
+ return $isVerifiedCrawlerBot;
42
+ }
43
+ }