This repository has been archived by the owner on Jun 24, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfunctions.php
240 lines (192 loc) · 8.43 KB
/
functions.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
<?php
// Create a function to determine if a specific IP addresses has made too many URLs within a short/recent time span by querying the database
function isRude($link, $ip) {
// Create an interval => limit array that defines rudeness for an IP address
$rudeness = array(1 => 1, 60 => 5, 3600 => 10, 86400 => 30);
foreach ($rudeness as $interval => $limit) {
$sql = "SELECT COUNT(*) FROM `urls` WHERE `ip` = :ip AND `time` > DATE_SUB(NOW(), INTERVAL $interval SECOND) AND `status` = '1'";
$checkrude = $link->prepare($sql);
$checkrude->bindParam(':ip', $ip);
$checkrude->execute();
$urlcount = $checkrude->fetchColumn();
// Return true stopping the addition of a URL if the IP address is rude and has hit or exceeded the limit for an interval
if ($urlcount >= $limit) {
return TRUE;
}
}
// All good if the IP address has not hit any of the limits and they are not rude
return FALSE;
}
// Create a function to check if a URL is valid/online phishing website according to PhishTank
function isPT ($url, $ptkey) {
// PhishTank expects the URL that you are checking to be URL encoded
$url = urlencode($url);
// Perform an HTTP POST request to PhishTank including the encoded url to get a JSON response using your application/developer key
$c = curl_init();
curl_setopt($c, CURLOPT_URL, 'http://checkurl.phishtank.com/checkurl/');
curl_setopt($c, CURLOPT_POST, 1);
curl_setopt($c, CURLOPT_POSTFIELDS, "format=json&app_key=$ptkey&url=$url");
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_USERAGENT, 'GAW.SH URL Shortener - http://gaw.sh/');
curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($c, CURLOPT_TIMEOUT, 2);
$r = curl_exec($c);
curl_close($c);
// If the URL is in PhishTanks database, it is a valid and online phishing website
if (preg_match('/"in_database":true/', $r)) {
return TRUE;
} else {
return FALSE;
}
}
// Create a function to check if a URL is listed on the Google Safe Browsing API which includes phishing/malware URLs
function isGSB ($url, $gsbkey) {
// Append the encoded URL that we are checking to the Google Safe Browsing API lookup URL
$gsburl = 'https://sb-ssl.google.com/safebrowsing/api/lookup?client=gawsh&apikey=' . $gsbkey . '&appver=1.5.2&pver=3.0&url=' . urlencode($url);
// Perform an HTTP GET request to the Google Safe Browsing API and make a decision based on response code
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $gsburl);
curl_setopt($c, CURLOPT_HEADER, 1);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_NOBODY, 1);
curl_setopt($c, CURLOPT_USERAGENT, 'GAW.SH URL Shortener - http://gaw.sh/');
curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($c, CURLOPT_TIMEOUT, 2);
$r = curl_exec($c);
$code = curl_getinfo($c, CURLINFO_HTTP_CODE);
curl_close($c);
// A 200 HTTP response code indicates that the website is involved with phishing or malware
if ($code == '200') {
return TRUE;
} else {
return FALSE;
}
}
// Create a function to check if a domain is on Spamhaus' DBL
function isDBL ($domain) {
// Append ".dbl.spamhaus.org" to the domain name and look it up
$domain .= '.dbl.spamhaus.org';
$lookup = gethostbyname($domain);
// Check the domain name in question against the Spamhaus DBL; ignore 127.0.1.255 (IPs)
if ( ($lookup == '127.0.1.255') || ($lookup == $domain) ) {
return FALSE;
} else {
return TRUE;
}
}
// Create a function to check if a domain is on SURBL
function isSURBL ($domain) {
// Append ".multi.surbl.org" to the domain name and look it up
$domain .= '.multi.surbl.org';
$lookup = gethostbyname($domain);
// Check the domain name in question against SURBL
if ($lookup == $domain) {
return FALSE;
} else {
return TRUE;
}
}
// Create a function to check if a domain is on URIBL
function isURIBL ($domain) {
// Append ".multi.uribl.com" to the domain name and look it up
$domain .= '.multi.uribl.com';
$lookup = gethostbyname($domain);
// Check the domain name in question against URIBL
if ($lookup == $domain) {
return FALSE;
} else {
return TRUE;
}
}
// Create a function to check if a domain resolves to an IP address on Spamhaus' ZEN
function isZEN ($domain) {
// Resolve the domain name to an IPv4 address
$lookups = dns_get_record($domain, DNS_A);
// Loop through each IP address returned
foreach ($lookups as $lookup) {
// Reverse the octet order of the IP address, append ".zen.spamhaus.org", and look it up
$checkname = implode('.', array_reverse(explode('.', $lookup['ip']))) . '.zen.spamhaus.org';
$check = gethostbyname($checkname);
// Check the IP address in question against Spamhaus' ZEN; ignore 127.0.0.10-11 IPs (PBL)
if ( ($check != $checkname) && ($check != '127.0.0.10') && ($check != '127.0.0.11') ) {
return TRUE;
}
}
}
// Create a function to check if a domain name is dumb
function isDumb ($domain) {
// Create an array of dumb domain names from file
$dumbfile = $_SERVER['DOCUMENT_ROOT'] . 'admin/dumb.txt';
$dumb = file($dumbfile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
// Check the domain name in question against list of dumb domains
if (array_search(strtolower($domain), $dumb)) {
return TRUE;
}
}
// Create a function to check if a URL is legit
function isLegit ($url) {
// Hit the URL with an HTTP request using cURL to make sure it connects/works
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $url);
curl_setopt($c, CURLOPT_HEADER, 1);
curl_setopt($c, CURLOPT_NOBODY, 1);
curl_setopt($c, CURLOPT_USERAGENT, 'GAW.SH URL Shortener - http://gaw.sh/');
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($c, CURLOPT_TIMEOUT, 2);
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0); // Do not fail on "invalid" SSL certificates
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);
$r = curl_exec($c);
$code = curl_getinfo($c, CURLINFO_HTTP_CODE);
curl_close($c);
// As long as the URL works and does not return 404/Not Found, it is legit
if ( ($code != '0') && ($code != '404') ) {
return TRUE;
} else {
return FALSE;
}
}
// Master function to run all of the above checks against a URL and/or its domain name
// ...but do not use all functions against local URLs/aliases passed from admin/blcheck.php where local = true
function checkURL ($url, $local = 'false') {
// Need the Google Safe Browsing API and PhishTank keys from "config.php"
global $gsbkey, $ptkey;
// Always determine domain name
$domain = parse_url($url, PHP_URL_HOST);
// Always check that all URLs have sane characters
// but this bug breaks IPv6 address URLs: https://bugs.php.net/bug.php?id=54629
if (!filter_var($url, FILTER_VALIDATE_URL)) {
$error = 'Invalid URL (formatting)';
// Disallow URLs containing "=http://" or "=https://"
} elseif ( (preg_match('/=http(s)?:\/\//', $url)) || (preg_match('/%3Dhttp(s)?%3A%2F%2F/', $url)) ) {
$error = 'Invalid URL';
// Check remote domain names against the dumb domain list
} elseif ( ($local == 'false') && (isDumb($domain)) ) {
$error = 'Invalid URL (bad domain name)';
// Check that remote URLs actually work
} elseif ( ($local == 'false') && (!isLegit($url)) ) {
$error = 'Invalid URL (not found)';
// Check remote domain names against Spamhaus' DBL
} elseif ( ($local == 'false') && (isDBL($domain)) ) {
$error = 'Invalid URL (<a href="http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20DBL">blacklisted</a>)';
// Check remote domain names against SURBL
} elseif ( ($local == 'false') && (isSURBL($domain)) ) {
$error = 'Invalid URL (<a href="http://www.surbl.org/faqs">blacklisted</a>)';
// Check remote domain names against URIBL
} elseif ( ($local == 'false') && (isURIBL($domain)) ) {
$error = 'Invalid URL (<a href="http://www.uribl.com/about.shtml">blacklisted</a>)';
// Check remote domain names against Spamhaus' ZEN
} elseif ( ($local == 'false') && (isZEN($domain)) ) {
$error = 'Invalid URL (<a href="http://www.spamhaus.org/faq/index.lasso">blacklisted</a>)';
// Check all URLs against Google Safe Browsing API, if an API key was given in "config.php"
} elseif ( (!empty($gsbkey)) && (isGSB($url, $gsbkey)) ) {
$error = 'Invalid URL (<a href="http://www.google.com/safebrowsing/diagnostic?site=' . $domain . '">blacklisted</a>)';
// Check all URLs against PhishTank API, if a developer key was given in "config.php"
} elseif ( (!empty($ptkey)) && (isPT($url, $ptkey)) ) {
$error = 'Invalid URL (<a href="https://www.phishtank.com/">phishing</a>)';
}
// Return any error (i.e. the URL is bad)
if ( (isset($error)) && (!empty($error)) ) {
return $error;
}
}