Commit b9cd6da7 authored by Dominik Hebeler's avatar Dominik Hebeler

New Version of Botprotection

parent d39efe60
......@@ -33,15 +33,12 @@ class HumanVerification extends Controller
->with('id', $id)
->with('url', $url)
->with('image', $captcha["img"])
->with('errorMessage', 'Bitte Captcha eingeben:');
->with('errorMessage', 'Fehler: Falsches Captcha eingegeben!');
} else {
# The Captcha was correct. We can remove the key from the user
DB::table('humanverification')->where('uid', $id)->update(['lockedKey' => "", 'whitelistCounter' => 0]);
# If we can unlock the Account of this user we will redirect him to the result page
if ($user !== null && $user->locked === 1) {
DB::table('humanverification')->where('uid', $id)->update(['locked' => false]);
# The Captcha was correct. We can remove the key from the user
DB::table('humanverification')->where('uid', $id)->update(['locked' => false, 'lockedKey' => "", 'whitelist' => 1]);
return redirect($url);
} else {
return redirect('/');
......@@ -102,7 +99,7 @@ class HumanVerification extends Controller
if ($user->whitelist === 1) {
if (
DB::table('humanverification')->where('uid', $uid)->where('updated_at', '<', Carbon::NOW()->subSeconds(2))->update(['unusedResultPages' => 0])
DB::table('humanverification')->where('uid', $uid)->update(['unusedResultPages' => 0])
=== 1
) {
DB::table('usedurls')->where('uid', $uid)->delete();
......
......@@ -7,6 +7,7 @@ use Carbon;
use Closure;
use DB;
use Illuminate\Http\Response;
use URL;
class HumanVerification
{
......@@ -19,115 +20,112 @@ class HumanVerification
*/
public function handle($request, Closure $next)
{
//try {
$id = hash("sha512", $request->ip());
$uid = hash("sha512", $request->ip() . $_SERVER["AGENT"]);
unset($_SERVER["AGENT"]);
/**
* If the user sends a Password or a key
* We will not verificate the user.
* If someone that uses a bot finds this out we
* might have to change it at some point.
*/
if ($request->filled('password') || $request->filled('key') || $request->filled('appversion') || !env('BOT_PROTECTION', false)) {
return $next($request);
}
try {
$id = hash("sha512", $request->ip());
$uid = hash("sha512", $request->ip() . $_SERVER["AGENT"]);
unset($_SERVER["AGENT"]);
/**
* If the user sends a Password or a key
* We will not verificate the user.
* If someone that uses a bot finds this out we
* might have to change it at some point.
*/
if ($request->filled('password') || $request->filled('key') || $request->filled('appversion') || !env('BOT_PROTECTION', false)) {
return $next($request);
}
// The specific user
$user = DB::table('humanverification')->where('uid', $uid)->first();
$createdAt = Carbon::now();
$unusedResultPages = 1;
$locked = false;
# If this user doesn't have an entry we will create one
if ($user === null) {
DB::table('humanverification')->insert(
[
'uid' => $uid,
'id' => $id,
'unusedResultPages' => 0,
'whitelist' => false,
'whitelistCounter' => 0,
'locked' => false,
"lockedKey" => "",
'updated_at' => Carbon::now(),
]
);
# Insert the URL the user tries to reach
$url = url()->full();
DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
// The specific user
$user = DB::table('humanverification')->where('uid', $uid)->first();
}
# If the user is locked we will force a Captcha validation
if ($user->locked === 1) {
$captcha = Captcha::create("default", true);
DB::table('humanverification')->where('uid', $uid)->update(['lockedKey' => $captcha["key"]]);
return
new Response(
view('humanverification.captcha')
->with('title', "Bestätigung erforderlich")
->with('id', $uid)
->with('url', url()->full())
->with('image', $captcha["img"])
);
}
$createdAt = Carbon::now();
$unusedResultPages = 1;
$locked = false;
# If this user doesn't have an entry we will create one
if ($user === null) {
DB::table('humanverification')->insert(
[
'uid' => $uid,
'id' => $id,
'unusedResultPages' => 0,
'whitelist' => false,
'whitelistCounter' => 0,
'locked' => false,
"lockedKey" => "",
'updated_at' => Carbon::now(),
]
);
# Insert the URL the user tries to reach
$url = url()->full();
DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
$user = DB::table('humanverification')->where('uid', $uid)->first();
}
# Find out how many requests this IP has made
$sum = DB::table('humanverification')->where('id', $id)->where('whitelist', false)->sum('unusedResultPages');
# Lock out everyone in a Bot network
# Find out how many requests this IP has made
$sum = DB::table('humanverification')->where('id', $id)->where('whitelist', false)->sum('unusedResultPages');
# A lot of automated requests are from websites that redirect users to our result page.
# We will detect those requests and put a captcha
$referer = URL::previous();
# Just the URL-Parameter
$refererLock = false;
if (stripos($referer, "?") !== false) {
$referer = substr($referer, stripos($referer, "?") + 1);
$referer = urldecode($referer);
if (preg_match("/http[s]{0,1}:\/\/metager\.de\/meta\/meta.ger3\?.*?eingabe=([\w\d]+\.){1,2}[\w\d]+/si", $referer) === 1) {
$refererLock = true;
}
// Defines if this is the only user using that IP Adress
$alone = DB::table('humanverification')->where('id', $id)->count() === 1;
}
$unusedResultPages = intval($user->unusedResultPages);
$unusedResultPages++;
// Defines if this is the only user using that IP Adress
$alone = DB::table('humanverification')->where('id', $id)->count() === 1;
if ((!$alone && $sum >= 50 && $user->whitelist !== 1) || $refererLock) {
DB::table('humanverification')->where('uid', $uid)->update(['locked' => true]);
$user->locked = 1;
}
if ($sum < 50 || $alone || $user->whitelist === 1) {
# This IP doesn't need verification yet
# The user currently isn't locked
# If the user is locked we will force a Captcha validation
if ($user->locked === 1) {
$captcha = Captcha::create("default", true);
DB::table('humanverification')->where('uid', $uid)->update(['lockedKey' => $captcha["key"]]);
return
new Response(
view('humanverification.captcha')
->with('title', "Bestätigung erforderlich")
->with('id', $uid)
->with('url', url()->full())
->with('image', $captcha["img"])
);
}
# We have different security gates:
# 50, 75, 85, >=90 => Captcha validated Result Pages
# If the user shows activity on our result page the counter will be deleted
# Maybe I'll add a ban if the user reaches 100
$unusedResultPages = intval($user->unusedResultPages);
$unusedResultPages++;
$locked = false;
if ($unusedResultPages === 50 || $unusedResultPages === 75 || $unusedResultPages === 85 || $unusedResultPages >= 90) {
$locked = true;
}
if ($alone || $user->whitelist === 1) {
# This IP doesn't need verification yet
# The user currently isn't locked
# We have different security gates:
# 50, 75, 85, >=90 => Captcha validated Result Pages
# If the user shows activity on our result page the counter will be deleted
# Maybe I'll add a ban if the user reaches 100
if ($unusedResultPages === 50 || $unusedResultPages === 75 || $unusedResultPages === 85 || $unusedResultPages >= 90) {
$locked = true;
}
}
DB::table('humanverification')->where('uid', $uid)->update(['unusedResultPages' => $unusedResultPages, 'locked' => $locked]);
# Insert the URL the user tries to reach
DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
} else {
$tmpId = md5($uid . date("d"));
# If the parameter uid is correctly set we will allow access to the result page
if ($request->input('uid', '') !== $tmpId) {
DB::table('humanverification')->where('uid', $uid)->increment('whitelistCounter');
if ($user->whitelistCounter >= 4) {
DB::table('humanverification')->where('uid', $uid)->update(['locked' => true]);
}
# This IP will need verification
return
new Response(
view('humanverification.whitelistVerification')
->with('title', $request->input('eingabe', '') . " - MetaGer")
->with('method', $request->method())
->with('uid', md5($uid . date("d")))
);
} else {
DB::table('humanverification')->where('uid', $uid)->update(['unusedResultPages' => $unusedResultPages]);
# Insert the URL the user tries to reach
DB::table('usedurls')->insert(['uid' => $uid, 'id' => $id, 'eingabe' => $request->input('eingabe', '')]);
}
} catch (\Illuminate\Database\QueryException $e) {
// Failure in contacting metager3.de
}
/* } catch (\Illuminate\Database\QueryException $e) {
// Failure in contacting metager3.de
}*/
$request->request->add(['verification_id' => $uid, 'verification_count' => $unusedResultPages]);
return $next($request);
}
......
......@@ -4,12 +4,10 @@
@section('content')
<h1>Entschuldigen Sie die Störung</h1>
<p>Wir haben Grund zur Annahme, dass von Ihrem Anschluss verstärkt automatisierte Abfragen abgeschickt wurden.
Deshalb bitten wir Sie, die nachfolgende Captcha Abfrage zu beantworten.</p>
<p>Sollten Sie diese Nachricht häufiger sehen oder handelt es sich dabei um einen Irrtum, schicken Sie uns gerne eine Nachricht über unser <a href="/kontakt">Kontaktformular</a>.</p>
<p>Nennen Sie uns in diesem Fall bitte unbedingt folgende Vorgangsnummer: {{ $id }}
<p>Wir schauen uns den Vorgang dann gerne im Detail an.</p>
<p>Bitte geben SIe die Buchstaben aus dem Bild in die Eingabebox ein und bestätigen Sie mit OK um zur Ergebnisseite zu gelangen.</p>
<p>Sie befinden sich in einem Netzwerk aus dem wir verstärkt automatisierte Anfragen erhalten. Keine Sorge: Das bedeutet nicht unbedingt, dass diese Anfragen von Ihrem PC kommen.</p>
<p>Allerdings können wir Ihre Anfragen nicht von denen des "Robots" unterscheiden. Zum Schutz der von uns abgefragten Suchmaschinen müssen wir aber sicherstellen, dass diese nicht mit (automatisierten) Abfragen überflutet werden.</p>
<p>Bitte geben Sie deshalb die Zeichen aus dem Bild in die Eingabebox ein und bestätigen Sie mit "OK" um zur Ergebnisseite zu gelangen.</p>
<form method="post" action="{{ route('verification', ['id' => $id]) }}">
<input type="hidden" name="url" value="{!! $url !!}">
<input type="hidden" name="id" value="{{ $id }}">
......@@ -20,4 +18,6 @@
<p><input type="text" class="form-control" name="captcha" placeholder="Captcha eingeben" autofocus></p>
<p><button type="submit" class="btn btn-success" name="check">OK</button></p>
</form>
<p>Sollten Sie diese Nachricht häufiger sehen oder handelt es sich dabei um einen Irrtum, schicken Sie uns gerne eine Nachricht über unser <a href="/kontakt">Kontaktformular</a>.</p>
<p>Nennen Sie uns in diesem Fall bitte unbedingt folgende Vorgangsnummer: {{ $id }}
@endsection
@extends('layouts.subPages')
@section('title', $title )
@section('content')
<h1 class="page-title">Einen kurzen Augenblick bitte</h1>
<div class="card-heavy">
<p>Sie befinden sich im selben Netzwerk, aus dem wir sehr viele automatisierte Anfragen erhalten. Das bedeutet nicht, dass die Anfragen von Ihrem PC kommen. Wir müssen nun aber verifizieren, dass es sich bei Ihnen um einen realen Nutzer handelt.</p>
<p>Der erste Schritt ist diese Vorschaltseite. Sie brauchen nichts weiter tun, als unten auf den Knopf "Weiter zur Ergebnisseite" zu klicken.</p>
<p>Zukünftig sollten Sie diese Seite nicht mehr sehen.</p>
<form id="goOn" method="{{ $method }}">
@foreach(Request::all() as $key => $value)
<input type="hidden" name="{{ $key }}" value="{{ $value }}" />
@endforeach
<input type="hidden" name="uid" value="{{ $uid }}" />
<p><button type="submit" class="btn btn-success">Weiter zur Ergebnisseite</button></p>
</form>
</div>
<script>
$(document).ready(function() {
$(".mg-panel").css("display", "none");
$("#goOn").submit();
});
</script>
@endsection
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment