add admin cookie check

classes/rules/ScanBotsRule.php

@@ -0,0 +1,200 @@
+<?php
+
+class ScanBotsRule implements RuleInterface
+{
+    // 1. Exact matches using Keys for O(1) Instant Lookup
+    // Redundant wp-content/ and wp-includes/ files were removed because the prefix scanner catches them all!
+    private static $exact_targets = [
+        '/database.php' => true,
+        '/acp.php' => true,
+        '/gettest.php' => true,
+        '/4h.php' => true,
+        '/flower.php' => true,
+        '/styll.php' => true,
+        '/re.php' => true,
+        '/alfashell.php' => true,
+        '/axx.php' => true,
+        '/X57.php' => true,
+        '/erty.php' => true,
+        '/miansha.php' => true,
+        '/bengi.php' => true,
+        '/bs1.php' => true,
+        '/motu.php' => true,
+        '/gssdd.php' => true,
+        '/in.php' => true,
+        '/bal.php' => true,
+        '/dev.php' => true,
+        '/k.php' => true,
+        '/prv8.php' => true,
+        '/lb.php' => true,
+        '/hi.php' => true,
+        '/f35.php' => true,
+        '/update/f35.php' => true,
+        '/a1.php' => true,
+        '/fi.php' => true,
+        '/init.php' => true,
+        '/abcd.php' => true,
+        '/av.php' => true,
+        '/kj.php' => true,
+        '/fe5.php' => true,
+        '/about.php' => true,
+        '/ok.php' => true,
+        '/w4.php' => true,
+        '/assets/css/index.php' => true,
+        '/wp.php' => true,
+        '/BDKR28WP.php' => true,
+        '/wp-the.php' => true,
+        '/wp-michan.php' => true,
+        '/makeasmtp.php' => true,
+        '/alpha.php' => true,
+        '/we.php' => true,
+        '/155.php' => true,
+        '/goat.php' => true,
+        '/fff.php' => true,
+        '/ff1.php' => true,
+        '/cgi-bin/index.php' => true,
+        '/plugins.php' => true,
+        '/222.php' => true,
+        '/ms-edit.php' => true,
+        '/goods.php' => true,
+        '/adminfuns.php' => true,
+        '/166.php' => true,
+        '/test1.php' => true,
+        '/wp-blog.php' => true,
+        '/sbhu.php' => true,
+        '/wp-update.php' => true,
+        '/ms.php' => true,
+        '/x.php' => true,
+        '/tinyfilemanager.php' => true,
+        '/classwithtostring.php' => true,
+        '/aaa.php' => true,
+        '/plss3.php' => true,
+        '/06.php' => true,
+        '/a.php' => true,
+        '/xqq.php' => true,
+        '/class-t.api.php' => true,
+        '/wp-act.php' => true,
+        '/wp9.php' => true,
+        '/bless.php' => true,
+        '/file59.php' => true,
+        '/file.php' => true,
+        '/sc.php' => true,
+        '/1.php' => true,
+        '/aa.php' => true,
+        '/bgymj.php' => true,
+        '/style.php' => true,
+        '/inputs.php' => true,
+        '/f6.php' => true,
+        '/ol.php' => true,
+        '/xmlrpc.php' => true,
+        '/gifclass.php' => true,
+        '/66.php' => true,
+        '/ioxi-o.php' => true,
+        '/edit.php' => true,
+        '/3.php' => true,
+        '/wsvvs.php' => true,
+        '/pass2.php' => true,
+        '/maxro.php' => true,
+        '/mga.php' => true,
+        '/2.php' => true,
+        '/wdf.php' => true,
+        '/path.php' => true,
+        '/txets.php' => true,
+        '/sys.php' => true,
+        '/pp.php' => true,
+        '/g.php' => true,
+        '/h.php' => true,
+        '/xxxx.php' => true,
+        '/sty.php' => true,
+        '/a2.php' => true,
+        '/fvvff.php' => true,
+        '/claw.php' => true,
+        '/swallowable.php' => true,
+        '/foxr.php' => true,
+        '/w2025.php' => true,
+        '/cs.php' => true,
+        '/kk.php' => true,
+        '/rithin.php' => true,
+        '/h2h.php' => true,
+        '/wo.php' => true,
+        '/jocundly.php' => true,
+        '/rere.php' => true,
+        '/bafFz.php' => true,
+        '/elabel.php' => true,
+        '/teee.php' => true,
+        '/no1.php' => true,
+        '/akses.php' => true,
+        '/lp6.php' => true,
+        '/eee.php' => true,
+        '/asw.php' => true,
+        '/sf.php' => true,
+        '/by.php' => true,
+        '/x12.php' => true,
+        '/uuu.php' => true,
+        '/fsgdjkl.php' => true,
+        '/settings.php' => true,
+        '/utky.php' => true,
+        '/yos.php' => true,
+        '/albin.php' => true,
+        '/invisi.php' => true,
+        '/ty.php' => true,
+        '/wziar1.php' => true,
+        '/742.php' => true,
+        '/wp-p2r3q9c8k4.php' => true,
+        '/cash.php' => true,
+        '/nw_ok.php' => true,
+        '/filefuns.php' => true,
+        '/leon.php' => true,
+        '/199.php' => true,
+        '/aifa.php' => true,
+        '/gptsh.php' => true,
+    ];
+
+    // 2. Prefix Targets (Folders/Directories)
+    // ANY traffic accessing these folders immediately triggers the ban.
+    private static $prefix_targets = [
+        '/wp-content/',
+        '/wp-includes/',
+        '/wp-admin/',
+        '/x/'
+    ];
+
+    public function execute()
+    {
+        if (empty($_SERVER['REQUEST_URI'])) {
+            return true;
+        }
+        $ip = BotLogger::getRealIp();
+
+        if (BotLogger::isWhitelisted($ip)) {
+            return true;
+        }
+        // 1. Strip Query Strings (e.g. ?id=1) so bots cannot bypass the exact match
+        $path = strtok($_SERVER['REQUEST_URI'], '?');
+
+        // 2. O(1) Instant RAM-speed check for exact files
+        if (isset(self::$exact_targets[$path])) {
+            $this->blockRequest($ip);
+        }
+
+        // 3. Prefix Check for WordPress & Malicious Directories
+        foreach (self::$prefix_targets as $prefix) {
+            if (strpos($path, $prefix) === 0) {
+                $this->blockRequest($ip);
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Reusable trigger to log and drop connection
+     */
+    private function blockRequest($ip)
+    {
+        BotLogger::logBan($ip, 'SCAN_BOT');
+
+        header('HTTP/1.1 405 Method Not Allowed');
+        die('Method Not Allowed');
+    }
+}