pub/wp-login
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: pub:d36c7780abfe22f952af0c5c55a3674c68169012
Branches Tags
pub:master pub:production pub:productive
..
compare: pub:master
Branches Tags
pub:master pub:production pub:productive

19 Commits
d36c7780ab ... master

Author SHA1 Message Date
st-server
35120cae90 mehr logging 2025-12-15 14:52:25 +01:00
Troy Grunt
00aa586df5 updates 2025-01-25 20:39:02 +01:00
troy
5e2cb8068f mehr honey 2023-04-18 15:23:28 +02:00
titz lapi
76e31da3ae closes #7 2023-04-15 00:13:47 +02:00
troy-grunt
7017447bc8 Merge pull request 'feature/php.php-und-co' (#6) from feature/php.php-und-co into master 
Reviewed-on: #6
 2022-10-31 22:39:07 +01:00
troy
bcbebb100b closes #4 unsichtbare catchen 2022-10-31 22:39:51 +01:00
troy
6eb8724a44 closes #5 2022-10-31 22:36:37 +01:00
Sebastian Titz
a24a3be274 neues wp gedöns 2022-08-31 08:08:21 +02:00
troy
ed478344e2 no tabs 2022-07-22 23:28:26 +02:00
troy
4e33ab6ef3 gitconfig und dsstore 2022-02-20 18:52:54 +01:00
Sebastian Titz
097b6e75c0 Merge branch 'master' of https://git.seemsleg.it/pub/wp-login 
Conflicts:
	index.php
 2021-11-24 09:56:54 +01:00
Sebastian Titz
6af9d933ab lrln 2021-11-24 09:47:53 +01:00
troy
25b3afc9a9 tippfehler 2021-11-19 14:39:48 +01:00
Sebastian Titz
8ccb3d4e63 restapi und gate als honeypot 2021-11-17 13:03:34 +01:00
troy-grunt
b3df7aa993 wp content 2021-10-21 09:20:59 +02:00
troy
a2534bc053 . 2021-10-09 13:44:23 +02:00
troy-grunt
5c5c6ae055 Closes #1 2021-08-30 22:57:14 +02:00
Sebastian Titz
3a39f7238b log date pattern 2021-08-27 08:55:35 +02:00
Sebastian Titz
12efda4053 banmeplz in custom log file 2021-08-27 07:43:09 +02:00
3 changed files with 239 additions and 7 deletions
Expand all files Collapse all files

5
htaccess
View File

@@ -14,4 +14,9 @@ Options +FollowSymLinks
RewriteRule ^wp-login.php$ /wp-login/index.php?h=wp-login [L] RewriteRule ^wp-login.php$ /wp-login/index.php?h=wp-login [L]
RewriteRule ^wp-admin.*$ /wp-login/index.php?h=wp-login [L] RewriteRule ^wp-admin.*$ /wp-login/index.php?h=wp-login [L]
RewriteRule ^xmlrpc.php$ /wp-login/index.php?h=xmlrpc [L] RewriteRule ^xmlrpc.php$ /wp-login/index.php?h=xmlrpc [L]
RewriteRule ^wp-content/.*& /wp-login/index.php?h=wp-content [L]
RewriteRule ^restapi.php$ /wp-login/index.php?h=api [L]
RewriteRule ^gate.php$ /wp-login/index.php?h=api [L]
RewriteRule ^.git/config$ /wp-login/index.php?h=gitconfig [L]
RewriteRule ^.DS_Store$ /wp-login/index.php [L]
</IfModule> </IfModule>

48
index.php
View File

@@ -1,6 +1,21 @@
<?php <?php
error_log ( '[myhoneypot] [' . $_SERVER ['REMOTE_ADDR'] . '] BAN ME PLZ' ); function logHack($msg) {
sleep ( 5 ); $logFile = "/var/log/apache2/hack_attempts.log";
$timestamp = date("Y-m-d H:i:s");
$ip = $_SERVER['REMOTE_ADDR'] ?? 'UNKNOWN';
$userAgent = $_SERVER['HTTP_USER_AGENT'] ?? 'UNKNOWN';
$url = $_SERVER['REQUEST_URI'] ?? 'UNKNOWN';
$referer = $_SERVER['HTTP_REFERER'] ?? 'UNKNOWN';
$logEntry = "[$timestamp] BANMEPLZ IP: $ip | URL: $url | Ref: $referer | UA: $userAgent | Msg: $msg";
error_log($logEntry . PHP_EOL, 3, $logFile);
}
logHack($_GET['h']??'unk');
sleep ( 25 );
if (isset ( $_GET ['h'] )) { if (isset ( $_GET ['h'] )) {
if ($_GET ['h'] == 'xmlrpc') { if ($_GET ['h'] == 'xmlrpc') {
echo '<?xml version="1.0" encoding="UTF-8"?> echo '<?xml version="1.0" encoding="UTF-8"?>
@@ -21,6 +36,25 @@ if (isset ( $_GET ['h'] )) {
</fault> </fault>
</methodResponse> </methodResponse>
'; ';
}
if ($_GET ['h'] == 'api') {
echo '{"return":"success","version":"v1","_":' . time () . '}';
}
if ($_GET ['h'] == 'gitconfig') {
echo '[core]
repositoryformatversion = 0
filemode = false
bare = false
logallrefupdates = true
symlinks = false
ignorecase = true
[remote "origin"]
url = https://git.budelmann-elektronik.com/be/website.git
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master';
} }
if ($_GET ['h'] == 'wp-login') { if ($_GET ['h'] == 'wp-login') {
echo '<!DOCTYPE html> echo '<!DOCTYPE html>
@@ -48,13 +82,13 @@ if (isset ( $_GET ['h'] )) {
</script> </script>
<div id="login"> <div id="login">
<h1><a href="https://de.wordpress.org/">Powered by WordPress</a></h1> <h1><a href="https://de.wordpress.org/">Powered by WordPress</a></h1>
<form name="loginform" id="loginform" action="/wp-login.php" method="post"> <form name="loginform" id="loginform" action="/wp-login.php" method="post">
<p> <p>
<label for="user_login">Benutzername oder E-Mail-Adresse</label> <label for="user_login">Benutzername oder E-Mail-Adresse</label>
<input type="text" name="log" id="user_login" class="input" value="" size="20" autocapitalize="off" /> <input type="text" name="log" id="user_login" class="input" value="" size="20" autocapitalize="off" />
</p> </p>
<div class="user-pass-wrap"> <div class="user-pass-wrap">
<label for="user_pass">Passwort</label> <label for="user_pass">Passwort</label>
<div class="wp-pwd"> <div class="wp-pwd">
@@ -71,16 +105,16 @@ if (isset ( $_GET ['h'] )) {
<input type="hidden" name="testcookie" value="1" /> <input type="hidden" name="testcookie" value="1" />
</p> </p>
</form> </form>
<p id="nav"> <p id="nav">
<a href="/wp-login.php?action=lostpassword">Passwort vergessen?</a> <a href="/wp-login.php?action=lostpassword">Passwort vergessen?</a>
</p> </p>
<script type="text/javascript"> <script type="text/javascript">
function wp_attempt_focus() {setTimeout( function() {try {d = document.getElementById( "user_login" );d.focus(); d.select();} catch( er ) {}}, 200);} function wp_attempt_focus() {setTimeout( function() {try {d = document.getElementById( "user_login" );d.focus(); d.select();} catch( er ) {}}, 200);}
wp_attempt_focus(); wp_attempt_focus();
if ( typeof wpOnload === \'function\' ) { wpOnload() } </script> if ( typeof wpOnload === \'function\' ) { wpOnload() } </script>
<p id="backtoblog"><a href="/"> <p id="backtoblog"><a href="/">
&larr; Zurück zu Wordpress </a></p> &larr; Zurück zu Wordpress </a></p>
</div> </div>
<script src=\'/wp-includes/js/jquery/jquery.min.js?ver=3.5.1\' id=\'jquery-core-js\'></script> <script src=\'/wp-includes/js/jquery/jquery.min.js?ver=3.5.1\' id=\'jquery-core-js\'></script>
<script src=\'/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2\' id=\'jquery-migrate-js\'></script> <script src=\'/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2\' id=\'jquery-migrate-js\'></script>

193
qna-admin.php Normal file
View File

@@ -0,0 +1,193 @@
<?php
if (! isset ( $_COOKIE ['monster'] )) {
http_response_code ( 404 );
die ();
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>StarCitizen-Community QnA</title>
<link rel="stylesheet" type="text/css" href="/cssjs/admin.css" media="screen" />
<link rel="stylesheet" type="text/css" href="/cssjs/jquery-ui.min.css" media="screen" />
<link rel="stylesheet" type="text/css" href="/cssjs/bootstrap.min.css" media="screen" />
<link rel="stylesheet" href="assets/css/main.css" />
<meta charset="utf-8" />
<style>
.block {
margin-bottom: 1em;
margin-left: 1em;
border-bottom: 1px solid black;
}
.button {
margin: 1em;
border: 1px solid black;
}
.word {
margin-right: 1em;
}
div.addword {
width:200px;
float:right;
overflow-y: hidden;
height: 50px;
margin-top: -25px;
}
a.clickdel {
color: black;
text-decoration: none;
}
a.clickdel:hover {
text-decoration: line-through;
}
</style>
</head>
<body><?php
include ('_func.php');
include '_admin_navi.php';
if (access ( 'qna', $_a ['r'] )) {
echo '<div>
[<a href="?">Gestellte Fragen</a>]
[<a href="?a=meanings">Bedeutungen</a>]
[<a href="?a=answeres">Antworten</a>]
</div>';
if (isset ( $_GET ['a'] )) {
if ($_GET ['a'] == 'feedback') {
if (isset ( $_GET ['f'] ) && ($_GET ['f'] == 'y' || $_GET ['f'] == 'n')) {
$sql->set ( "UPDATE qna_questions SET hilfreich = ? WHERE id = ?", 'si', array (
$_GET ['f'],
$_GET ['id']
) );
header ( 'Location: ?' );
die ();
}
if (isset ( $_GET ['f'] ) && $_GET ['f'] == 'e') {
$sql->set ( "DELETE FROM qna_questions WHERE id = ?", 'i', $_GET ['id'] );
header ( 'Location: ?' );
die ();
}
}
if ($_GET ['a'] == 'addmeaning' && isset ( $_POST ['words'] ) && isset ( $_POST ['meaning'] )) {
if ($_POST ['meaning'] != '') {
$data = $sql->single ( "SELECT id FROM qna_meanings WHERE meaning LIKE ?", 's', strtolower ( $_POST ['meaning'] ) );
$id = 0;
if (! $data) {
$id = $sql->set ( "INSERT INTO qna_meanings ( meaning) VALUES (?)", 's', strtolower ( $_POST ['meaning'] ), true );
} else {
$id = $data ['id'];
}
if ($id) {
$sql->set ( "INSERT INTO qna_words (meaningID,word) VALUES (?,?)", 'is', array (
$id,
strtolower ( $_POST ['meaning'] )
) );
$words = explode ( ' ', $_POST ['words'] );
foreach ( $words as $w ) {
if ($w != '') {
$sql->set ( "INSERT INTO qna_words (meaningID,word) VALUES (?,?)", 'is', array (
$id,
strtolower ( $w )
) );
}
}
}
header ( 'Location: ?a=meanings' );
die ();
}
}
if ($_GET ['a'] == 'addword' && isset ( $_POST ['word'] ) && isset ( $_GET ['id'] )) {
$words = explode ( ' ', $_POST ['word'] );
foreach ( $words as $w ) {
if ($w != '') {
$sql->set ( "INSERT INTO qna_words (meaningID,word) VALUES (?,?)", 'is', array (
$_GET ['id'],
strtolower ( $w )
) );
}
}
header ( 'Location: ?a=meanings' );
die ();
}
if ($_GET ['a'] == 'remword' && isset ( $_GET ['word'] ) && isset ( $_GET ['id'] )) {
$sql->set ( "DELETE FROM qna_words WHERE meaningID = ? AND word LIKE ?", 'is', array (
$_GET ['id'],
$_GET ['word']
) );
header ( 'Location: ?a=meanings' );
die ();
}
if ($_GET ['a'] == 'meanings') {
$data = $sql->get ( "SELECT m.id,m.meaning,w.id AS wid, w.word FROM qna_meanings AS m, qna_words AS w WHERE m.id = w.meaningID ORDER BY meaning" );
if ($data) {
$old = 0;
foreach ( $data as $d ) {
if ($old != $d ['id']) {
if ($old > 0) {
echo '<div class="addword"><form action="?a=addword&id=' . $old . '" method="post" /><input type="text" name="word" style="width: 140px; float: left;" /><input type="submit" name="submit" value="&#x1f4be;" style="width: 35px; padding: 0;" /></form></div></div>
</div>';
}
echo '<div class="block">
<div><b>' . $d ['meaning'] . '</b></div><div>';
$old = $d ['id'];
}
echo '<span class="word"><a href="?a=remword&word=' . $d ['word'] . '&id=' . $old . '" class="clickdel" onclick="return confirm(\'Wirklich löschen?\');">' . $d ['word'] . '</a></span>';
}
echo '</div>
</div>';
}
echo '<hr><div class="block"><form action="?a=addmeaning" method="post">
Hauptbedeutungswort (muss eindeutig sein)<input type="text" name="meaning" /><br/>
<form action="?a=addmeaning" method="post">
Worte mit gleicher Bedeutung (wie man es schreiben würde, leerzeichengetrennt)<input type="text" name="words" /><br/>
<input type="submit" name="submit" value="Speichern" />
</form></div>';
}
if ($_GET ['a'] == 'answeres') {
$data = $sql->get ( "SELECT DISTINCT a.id,a.answere, GROUP_CONCAT( mo.meaning SEPARATOR ' ') AS meanings, GROUP_CONCAT( mx.meaning SEPARATOR ' ') AS meanouts FROM qna_answeres AS a LEFT JOIN qna_meanings AS mo ON FIND_IN_SET(mo.id,a.meaningIDs) LEFT JOIN qna_meanings AS mx ON FIND_IN_SET(mx.id,a.meanoutIDs) GROUP BY a.id" );
if ($data) {
foreach ( $data as $d ) {
echo '<div class="block"><div><b>' . $d ['answere'] . '</b></div><div>';
if ($d ['meanings']) {
foreach ( explode ( ' ', $d ['meanings'] ) as $m ) {
echo '<span class="word">' . $m . '</span>';
}
}
if ($d ['meanouts']) {
foreach ( explode ( ' ', $d ['meanouts'] ) as $m ) {
echo '<span class="word">!' . $m . '</span>';
}
}
echo '</div><div><a href="?a=edit&id=' . $d ['id'] . '" class="button">edit</a></div></div>';
}
}
}
} else {
$data = $sql->get ( "SELECT * FROM qna_questions ORDER BY FIELD(hilfreich,'n',null,'y')" );
if ($data) {
foreach ( $data as $d ) {
echo '<div class="block">
<div><b>' . $d ['qu'] . '</b> (' . $d ['founds'] . ')</div>
<div>' . $d ['ans'] . ' ' . ($d ['hilfreich'] ? '(' . $d ['hilfreich'] . ')' : '<a href="?a=feedback&id=' . $d ['id'] . '&f=y" class="button">Y</a> <a href="?a=feedback&id=' . $d ['id'] . '&f=n" class="button">N</a> <a href="?a=feedback&id=' . $d ['id'] . '&f=e" class="button">E</a>') . '</div>
</div>';
}
}
}
}
?>
<script src="/cssjs/jquery.min.js"></script>
<script src="/cssjs/jquery-ui.min.js"></script>
<script src="/cssjs/form.js"></script>
</body>
</html>