initial import from https://downloads.wordpress.org/plugin/wp-fail2ban.4.2.5.zip

feature/xmlrpc/log.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * XML-RPC Request logging
+ *
+ * @package wp-fail2ban
+ * @since 4.0.0
+ */
+namespace org\lecklider\charles\wordpress\wp_fail2ban;
+
+if (!defined('ABSPATH')) {
+    exit;
+}
+
+/**
+ * Log XML-RPC requests
+ *
+ * It seems attackers are doing weird things with XML-RPC. This makes it easy to
+ * log them for analysis and future blocking.
+ *
+ * @since 4.0.0 Fix: Removed HTTP_RAW_POST_DATA
+ *              https://wordpress.org/support/?p=10971843
+ * @since 3.6.0 
+ * 
+ * @codeCoverageIgnore
+ */
+if (false === ($fp = fopen(WP_FAIL2BAN_XMLRPC_LOG, 'a+'))) {
+    // TODO: decided whether to log this
+} else {
+    $raw_data = (version_compare(PHP_VERSION, '7.0.0') >= 0)
+        ? file_get_contents('php://input')
+        : $HTTP_RAW_POST_DATA;
+
+    fprintf($fp, "# ---\n# Date: %s\n# IP: %s\n\n%s\n", date(DATE_ATOM), remote_addr(), $raw_data);
+    fclose($fp);
+}

feature/xmlrpc/pingback.php

@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * pingback logging
+ *
+ * @package wp-fail2ban
+ * @since 4.0.0
+ */
+namespace org\lecklider\charles\wordpress\wp_fail2ban;
+
+if ( !defined( 'ABSPATH' ) ) {
+    exit;
+}
+/**
+ * @since 4.0.5 Guard
+ */
+
+if ( !function_exists( __NAMESPACE__ . '\\xmlrpc_call' ) ) {
+    /**
+     * Log pingbacks
+     *
+     * @since 3.5.0 Refactored for unit testing
+     * @since 2.2.0
+     *
+     * @param string    $call
+     */
+    function xmlrpc_call( $call )
+    {
+        
+        if ( 'pingback.ping' == $call ) {
+            openlog( 'WP_FAIL2BAN_PINGBACK_LOG' );
+            syslog( LOG_INFO, 'Pingback requested' );
+            closelog();
+            // @codeCoverageIgnoreEnd
+        }
+    
+    }
+    
+    add_action( 'xmlrpc_call', __NAMESPACE__ . '\\xmlrpc_call' );
+}