Commit ad836752 authored by Dominik Hebeler's avatar Dominik Hebeler

Botschutz eingebaut.

parent a7aa037d
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Validator;
use Input;
use DB;
use Carbon;
class HumanVerification extends Controller
{
public static function captcha(Request $request, $id, $url){
if($request->getMethod() == 'POST'){
$rules = ['captcha' => 'required|captcha'];
$validator = Validator::make($request->all(), $rules);
if($validator->fails()){
return view('captcha')->with('title', 'Bestätigung notwendig')->with('id', $id)->with('url', base64_decode($url))->with('errorMessage', 'Bitte Captcha eingeben:');
}else{
# If we can unlock the Account of this user we will redirect him to the result page
$id = $request->input('id');
$url = $request->input('url');
$user = DB::table('humanverification')->where('id', $id)->first();
if($user !== null && $user->locked === "1"){
DB::table('humanverification')->where('id', $id)->update(['locked' => false]);
return redirect($url);
}else{
return redirect('/');
}
}
}
return view('captcha')->with('title', 'Bestätigung notwendig')->with('id', $id)->with('url', base64_decode($url));
}
public static function remove(Request $request){
if(!$request->has('mm')){
abort(404, "Keine Katze gefunden.");
}
$id = md5($request->ip());
if(HumanVerification::checkId($request, $request->input('mm'))){
# Remove the entry from the database
DB::table('humanverification')->where('id', $id)->where('updated_at', '<', Carbon::NOW()->subSeconds(2) )->delete();
}
return response(hex2bin('89504e470d0a1a0a0000000d494844520000000100000001010300000025db56ca00000003504c5445000000a77a3dda0000000174524e530040e6d8660000000a4944415408d76360000000020001e221bc330000000049454e44ae426082'), 200)
->header('Content-Type', 'image/png');
}
public static function removeGet(Request $request, $mm, $password, $url){
$url = base64_decode($url);
# If the user is correct and the password is we will delete any entry in the database
$requiredPass = md5($mm . Carbon::NOW()->day . $url . env("PROXY_PASSWORD"));
if(HumanVerification::checkId($request, $mm) && $requiredPass === $password){
# Remove the entry from the database
DB::table('humanverification')->where('id', $mm)->where('updated_at', '<', Carbon::NOW()->subSeconds(2) )->delete();
}
return redirect($url);
}
private static function checkId($request, $id){
if(md5($request->ip()) === $id){
return true;
}else{
return false;
}
}
}
......@@ -16,6 +16,7 @@ class Kernel extends HttpKernel
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Fideloper\Proxy\TrustProxies::class,
// \App\Http\Middleware\VerifyCsrfToken::class,
];
/**
......@@ -26,10 +27,6 @@ class Kernel extends HttpKernel
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
#\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
......@@ -37,6 +34,15 @@ class Kernel extends HttpKernel
'throttle:60,1',
'bindings',
],
'session' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
/**
......@@ -54,5 +60,6 @@ class Kernel extends HttpKernel
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'referer.check' => \App\Http\Middleware\RefererCheck::class,
'humanverification' => \App\Http\Middleware\HumanVerification::class,
];
}
<?php
namespace App\Http\Middleware;
use Closure;
use DB;
use Carbon;
class HumanVerification
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$id = md5($request->ip());
/**
* If the user sends a Password or a key
* We will not verificate the user.
* If someone that uses a bot finds this out we
* might have to change it at some point.
*/
if($request->filled('password') || $request->filled('key')){
return $next($request);
}
$user = DB::table('humanverification')->where($id, $id)->first();
$createdAt = now();
$unusedResultPages = 1;
$locked = false;
# If this user doesn't have an entry we will create one
if($user === null){
DB::table('humanverification')->insert(
['id' => $id, 'unusedResultPages' => 1, 'locked' => false, 'updated_at' => now()]
);
$user = DB::table('humanverification')->where($id, $id)->first();
}else if($user->locked !== "1"){
$unusedResultPages = intval($user->unusedResultPages);
$unusedResultPages++;
# We have different security gates:
# 50, 75, 85, >=90 => Captcha validated Result Pages
# If the user shows activity on our result page the counter will be deleted
# Maybe I'll add a ban if the user reaches 100
if($unusedResultPages === 50){
$locked = true;
}
DB::table('humanverification')->where('id', $id)->update(['unusedResultPages' => $unusedResultPages, 'locked' => $locked, 'updated_at' => $createdAt]);
}
$request->request->add(['verification_id' => $id, 'verification_count' => $unusedResultPages]);
# If the user is locked we will force a Captcha validation
if($user->locked === "1"){
return redirect('meta/verification/' . $id . '/' . urlencode(base64_encode(url()->full())));
}
return $next($request);
}
}
......@@ -8,6 +8,7 @@ use Illuminate\Support\Facades\Redis;
use Jenssegers\Agent\Agent;
use LaravelLocalization;
use Log;
use Carbon;
use Predis\Connection\ConnectionException;
class MetaGer
......@@ -53,12 +54,13 @@ class MetaGer
protected $urlsBlacklisted = [];
protected $url;
protected $languageDetect;
protected $verificationId;
protected $verificationCount;
public function __construct()
{
# Timer starten
$this->starttime = microtime(true);
# Versuchen Blacklists einzulesen
if (file_exists(config_path() . "/blacklistDomains.txt") && file_exists(config_path() . "/blacklistUrl.txt")) {
$tmp = file_get_contents(config_path() . "/blacklistDomains.txt");
......@@ -252,6 +254,9 @@ class MetaGer
#Adgoal Implementation
$this->results = $this->parseAdgoal($this->results);
# Human Verification
$this->results = $this->humanVerification($this->results);
$counter = 0;
$firstRank = 0;
......@@ -447,6 +452,22 @@ class MetaGer
return $results;
}
public function humanVerification($results){
# Let's check if we need to implement a redirect for human verification
if($this->verificationCount > 10){
foreach($results as $result){
$link = $result->link;
$day = Carbon::now()->day;
$pw = md5($this->verificationId . $day . $link . env("PROXY_PASSWORD"));
$url = route('humanverification', ['mm' => $this->verificationId, 'pw' => $pw, "url" => urlencode(base64_encode($link))]);
$result->link = $url;
}
return $results;
}else{
return $results;
}
}
public function authorize($key)
{
$postdata = http_build_query(array(
......@@ -1022,6 +1043,8 @@ class MetaGer
$this->quicktips = true;
}
$this->verificationId = $request->input('verification_id', null);
$this->verificationCount = intval($request->input('verification_count', '0'));
$this->apiKey = $request->input('key', '');
$this->validated = false;
......
......@@ -39,6 +39,8 @@ class RouteServiceProvider extends ServiceProvider
$this->mapWebRoutes();
$this->mapSessionRoutes();
//
}
......@@ -76,4 +78,21 @@ class RouteServiceProvider extends ServiceProvider
require base_path('routes/api.php');
});
}
/**
* Define the "session" routes for the application.
*
* These routes all receive session state, CSRF protection, etc.
*
* @return void
*/
protected function mapSessionRoutes()
{
Route::group([
'middleware' => 'session',
'namespace' => $this->namespace,
], function ($router) {
require base_path('routes/session.php');
});
}
}
File mode changed from 100644 to 100755
......@@ -12,6 +12,7 @@
"laravel/framework": "5.5.*",
"laravelcollective/html": "^5.2.0",
"mcamara/laravel-localization": "^1.1",
"mews/captcha": "^2.2",
"piwik/piwik-php-tracker": "^1.0",
"predis/predis": "^1.1"
},
......
......@@ -182,6 +182,7 @@ return [
Jenssegers\Agent\AgentServiceProvider::class,
Fideloper\Proxy\TrustedProxyServiceProvider::class,
Collective\Html\HtmlServiceProvider::class,
Mews\Captcha\CaptchaServiceProvider::class,
],
/*
......@@ -233,6 +234,8 @@ return [
'Agent' => Jenssegers\Agent\Facades\Agent::class,
'Form' => Collective\Html\FormFacade::class,
'HTML' => Collective\Html\HtmlFacade::class,
'Captcha' => Mews\Captcha\Facades\Captcha::class,
'Carbon' => Carbon\Carbon::class,
],
];
<?php
return [
'characters' => '2346789abcdefghjmnpqrtuxyzABCDEFGHJMNPQRTUXYZ',
'default' => [
'length' => 5,
'width' => 220,
'height' => 66,
'quality' => 90,
],
'flat' => [
'length' => 6,
'width' => 160,
'height' => 46,
'quality' => 90,
'lines' => 6,
'bgImage' => false,
'bgColor' => '#ecf2f4',
'fontColors'=> ['#2c3e50', '#c0392b', '#16a085', '#c0392b', '#8e44ad', '#303f9f', '#f57c00', '#795548'],
'contrast' => -5,
],
'mini' => [
'length' => 3,
'width' => 60,
'height' => 32,
],
'inverse' => [
'length' => 5,
'width' => 120,
'height' => 36,
'quality' => 90,
'sensitive' => true,
'angle' => 12,
'sharpen' => 10,
'blur' => 2,
'invert' => true,
'contrast' => -5,
]
];
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class CreateHumanverificationTable extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('humanverification', function (Blueprint $table) {
$table->string('id');
$table->integer('unusedResultPages');
$table->boolean('locked');
$table->date('updated_at');
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::drop('humanverification');
}
}
......@@ -15,6 +15,7 @@
* php-xml
* php-zip
* php-redis
* php-gd
* sqlite3
* redis-server
* Die Perl-Pakete
......
......@@ -133,11 +133,9 @@ function clickLog () {
}
function botProtection () {
if ($('meta[name=pqr]').length > 0) {
var link = atob($('meta[name=pqr]').attr('content'));
var hash = $('meta[name=pq]').attr('content');
document.location.href = link + '&bot=' + hash;
}
$(".result").find("a").click(function(){
$.post('/img/cat.jpg', { mm: $("meta[name=mm]").attr("content")});
});
}
function popovers () {
......
@extends('layouts.subPages')
@section('title', $title )
@section('content')
<h1>Entschuldigen Sie die Störung</h1>
<p>Wir haben Grund zur Annahme, dass von Ihrem Anschluss verstärkt automatisierte Abfragen abgeschickt wurden.
Deshalb bitten wir Sie, die nachfolgende Captcha Abfrage zu beantworten.</p>
<p>Sollten Sie diese Nachricht häufiger sehen oder handelt es sich dabei um einen Irrtum, schicken Sie uns gerne eine Nachricht über unser <a href="/kontakt">Kontaktformular</a>.</p>
<p>Nennen Sie uns in diesem Fall bitte unbedingt folgende Vorgangsnummer: {{ $id }}
<p>Wir schauen uns den Vorgang dann gerne im Detail an.</p>
<form method="post">
{{ csrf_field() }}
<input type="hidden" name="url" value="{!! $url !!}">
<input type="hidden" name="id" value="{{ $id }}">
<p>{!! captcha_img() !!}</p>
@if(isset($errorMessage))
<p><font color="red">{{$errorMessage}}</font></p>
@endif
<p><input type="text" name="captcha"></p>
<p><button type="submit" name="check">OK</button></p>
</form>
<p>Hinweis: Zum Zwecke der Autorisierung wird auf dieser Seite ein Session Cookie gesetzt.
@endsection
\ No newline at end of file
......@@ -8,6 +8,8 @@
<meta name="p" content="{{ getmypid() }}" />
<meta name="q" content="{{ $eingabe }}" />
<meta name="l" content="{{ LaravelLocalization::getCurrentLocale() }}" />
<meta name="mm" content="{{ Request::input('verification_id') }}" />
<meta name="mn" content="{{ Request::input('verification_count') }}" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE" />
<meta http-equiv="language" content="{!! trans('staticPages.meta.language') !!}" />
......
<?php
# In this File we collect all routes which require a session or other cookies to be active
Route::get('captcha/api/{config?}', '\Mews\Captcha\CaptchaController@getCaptchaApi')->middleware('session');
Route::get('captcha/{config?}', '\Mews\Captcha\CaptchaController@getCaptcha')->middleware('session');
Route::match(['get', 'post'], 'meta/verification/{id}/{url}', 'HumanVerification@captcha');
\ No newline at end of file
......@@ -10,7 +10,6 @@
| to using a Closure or controller method. Build something great!
|
*/
Route::group(
[
'prefix' => LaravelLocalization::setLocale(), /*,
......@@ -140,7 +139,10 @@ Route::group(
Route::get('settings', 'StartpageController@loadSettings');
Route::match(['get', 'post'], 'meta/meta.ger3', 'MetaGerSearch@search');
Route::match(['get', 'post'], 'meta/meta.ger3', 'MetaGerSearch@search')->middleware('humanverification');
Route::post('img/cat.jpg', 'HumanVerification@remove');
Route::get('r/metager/{mm}/{pw}/{url}', ['as' => 'humanverification', 'uses' => 'HumanVerification@removeGet']);
Route::get('meta/picture', 'Pictureproxy@get');
Route::get('clickstats', 'LogController@clicklog');
Route::get('pluginClose', 'LogController@pluginClose');
......
File mode changed from 100644 to 100755
File mode changed from 100644 to 100755
File mode changed from 100644 to 100755
File mode changed from 100644 to 100755
File mode changed from 100644 to 100755
File mode changed from 100644 to 100755
File mode changed from 100644 to 100755
File mode changed from 100644 to 100755
File mode changed from 100644 to 100755
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment