Fix. Http. Hard coded cleantalk IPs removed. (#481)

CleanTalk · Mar 3, 2025 · e0a7171 · e0a7171
1 parent e3208b2
commit e0a7171
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 84 deletions.
diff --git a/lib/CleantalkSP/Common/Helpers/IP.php b/lib/CleantalkSP/Common/Helpers/IP.php
@@ -49,34 +49,6 @@ class IP
         ),
     );
 
-    /**
-     * @var array Set of CleanTalk servers
-     */
-    public static $cleantalks_servers = array(
-        // MODERATE
-        'moderate1.cleantalk.org' => '162.243.144.175',
-        'moderate2.cleantalk.org' => '159.203.121.181',
-        'moderate3.cleantalk.org' => '88.198.153.60',
-        'moderate4.cleantalk.org' => '159.69.51.30',
-        'moderate5.cleantalk.org' => '95.216.200.119',
-        'moderate6.cleantalk.org' => '138.68.234.8',
-        // APIX
-        'apix1.cleantalk.org' => '35.158.52.161',
-        'apix2.cleantalk.org' => '18.206.49.217',
-        'apix3.cleantalk.org' => '3.18.23.246',
-        'apix4.cleantalk.org' => '44.227.90.42',
-        'apix5.cleantalk.org' => '15.188.198.212',
-        'apix6.cleantalk.org' => '54.219.94.72',
-        'apix7.cleantalk.org' => '54.219.94.72',
-        'apix8.cleantalk.org' => '148.251.84.122',
-        'apix9.cleantalk.org' => '135.148.237.215',
-        'apix10.cleantalk.org' => '5.9.221.172',
-        'apix11.cleantalk.org' => '88.198.99.241',
-        //ns
-        'netserv2.cleantalk.org' => '178.63.60.214',
-        'netserv4.cleantalk.org' => '51.81.55.252',
-    );
-
     /**
      * Getting arrays of IP (REMOTE_ADDR, X-Forwarded-For, X-Real-Ip, Cf_Connecting_Ip)
      *
@@ -560,42 +532,6 @@ public static function calculateMaskForIPs($ip, $mask_start, $mask_end)
         return $out;
     }
 
-    /**
-     * Get URL form IP. Check if it's belong to cleantalk.
-     *
-     * @param string $ip
-     *
-     * @return bool|false
-     * @psalm-suppress PossiblyUnusedMethod
-     */
-    public static function isIPCleantalks($ip)
-    {
-        if (self::validate($ip)) {
-            $url = array_search($ip, self::$cleantalks_servers, true);
-            return (bool) $url;
-        }
-
-        return false;
-    }
-
-    /**
-     * Get URL form IP. Check if it's belong to cleantalk.
-     *
-     * @param $ip
-     *
-     * @return false|int|string
-     * @psalm-suppress PossiblyUnusedMethod
-     */
-    public static function resolveCleantalks($ip)
-    {
-        if (self::validate($ip)) {
-            $url = array_search($ip, self::$cleantalks_servers, true);
-            return $url ?: self::resolve($ip);
-        }
-
-        return $ip;
-    }
-
     /**
      * Get URL form IP
      *

diff --git a/lib/CleantalkSP/SpbctWP/Helpers/HTTP.php b/lib/CleantalkSP/SpbctWP/Helpers/HTTP.php
@@ -18,39 +18,41 @@
 class HTTP extends \CleantalkSP\Common\Helpers\HTTP
 {
     /**
-     * Sort CleanTalks API servers by response time
-     * Wrapper for self::sortHostsByResponseTime()
+     * Get CleanTalk API servers from DNS
      *
      * @return array
      */
-    public static function getCleantalksAPIServersOrderedByResponseTime()
+    public static function getCleantalksAPIServersFromDNS()
     {
-        return static::sortHostsByResponseTime(
-        // Get only apix*.cleantalk.org domains from cleantalk servers
-            array_filter(
-                IP::$cleantalks_servers,
-                static function ($key) {
-                    return (bool)preg_match('/^apix\d\d?\.cleantalk\.org$/', $key);
-                },
-                ARRAY_FILTER_USE_KEY
-            )
-        );
+        $servers = [];
+        $dns_records = dns_get_record('api.cleantalk.org', DNS_A);
+
+        foreach ($dns_records as $record) {
+            if (isset($record['ip'])) {
+                $server_host = gethostbyaddr($record['ip']);
+                if ( $server_host !== false && $server_host !== $record['ip'] ) {
+                    $servers[$server_host] = $record['ip'];
+                }
+            }
+        }
+
+        return $servers;
     }
 
     /**
-     * Sort CleanTalks moderate servers by response time
+     * Sort CleanTalks API servers by response time
      * Wrapper for self::sortHostsByResponseTime()
      *
      * @return array
      */
-    public static function getCleantalksModerateServersOrderedByResponseTime()
+    public static function getCleantalksAPIServersOrderedByResponseTime()
     {
         return static::sortHostsByResponseTime(
-        // Get only moderate*.cleantalk.org domains from cleantalk servers
+        // Get only apix*.cleantalk.org domains from cleantalk servers
             array_filter(
-                IP::$cleantalks_servers,
+                static::getCleantalksAPIServersFromDNS(),
                 static function ($key) {
-                    return (bool)preg_match('/^moderate\d\d?\.cleantalk\.org$/', $key);
+                    return (bool)preg_match('/^apix\d\d?\.cleantalk\.org$/', $key);
                 },
                 ARRAY_FILTER_USE_KEY
             )

diff --git a/security-malware-firewall.php b/security-malware-firewall.php
@@ -1347,7 +1347,7 @@ function spbc_test_connection($urls_to_test = array())
 {
 
     $out          = array();
-    $urls_to_test = $urls_to_test ?: array_keys(\CleantalkSP\SpbctWP\Helpers\IP::$cleantalks_servers);
+    $urls_to_test = $urls_to_test ?: array_keys(HTTP::getCleantalksAPIServersFromDNS());
 
     foreach ( $urls_to_test as $url ) {
         $start  = microtime(true);

diff --git a/tests/Common/Helpers/HelperHTTPTest.php b/tests/Common/Helpers/HelperHTTPTest.php
@@ -62,7 +62,7 @@ public function testPingMethods()
 
     public function testPingCurl() {
         $hosts = array_filter(
-            IP::$cleantalks_servers,
+            HTTP::getCleantalksAPIServersFromDNS(),
             static function ($key) {
                 return (bool)preg_match('/^apix\d\d?\.cleantalk\.org$/', $key);
             },