[pLog-svn] r4393 - plugins/branches/lifetype-1.1/badbehavior/bad-behavior

pwestbro at devel.lifetype.net pwestbro at devel.lifetype.net
Mon Dec 18 04:16:19 GMT 2006 

Author: pwestbro
Date: 2006-12-18 04:16:17 +0000 (Mon, 18 Dec 2006)
New Revision: 4393

Modified:
   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blackhole.inc.php
   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php
   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php
   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/core.inc.php
   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/mozilla.inc.php
   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php
   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/responses.inc.php
   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php
   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/whitelist.inc.php
Log:
Upgraded to version 2.0.8 of Bad Behavior


Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blackhole.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blackhole.inc.php	2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blackhole.inc.php	2006-12-18 04:16:17 UTC (rev 4393)
@@ -5,18 +5,18 @@
 function bb2_blackhole($package) {
 	// Only conservative lists
 	$bb2_blackhole_lists = array(
-		"sbl-xbl.spamhaus.org",
+		"sbl-xbl.spamhaus.org",	// All around nasties
 //		"dnsbl.sorbs.net",	// Old useless data.
 //		"list.dsbl.org",	// Old useless data.
-		"opm.blitzed.org",
+		"dnsbl.ioerror.us",	// Bad Behavior Blackhole
 	);
 	
 	// Things that shouldn't be blocked, from aggregate lists
 	$bb2_blackhole_exceptions = array(
-		"sbl-xbl.spamhaus.org" => array(),
+		"sbl-xbl.spamhaus.org" => array("127.0.0.4"),	// CBL is problematic
 		"dnsbl.sorbs.net" => array("127.0.0.10",),	// Dynamic IPs only
 		"list.dsbl.org" => array(),
-		"opm.blitzed.org" => array(),
+		"dnsbl.ioerror.us" => array(),
 	);
 
 	// Check the blackhole lists

Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php	2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php	2006-12-18 04:16:17 UTC (rev 4393)
@@ -43,6 +43,7 @@
 
 	// These user agent strings occur anywhere within the line.
 	$bb2_spambots = array(
+		"\r",			// A really dumb bot
 		"; Widows ",		// misc comment/email spam
 		"a href=",		// referrer spam
 		"Bad Behavior Test",	// Add this to your user-agent to test BB

Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php	2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php	2006-12-18 04:16:17 UTC (rev 4393)
@@ -28,6 +28,11 @@
 		return "f9f2b8b9";
 	}
 
+	// Broken spambots send URLs with various invalid characters
+	if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
+		return "dfd9b1ad";
+	}
+
 	// Range: field exists and begins with 0
 	// Real user-agents do not start ranges at 0
 	// NOTE: this blocks the whois.sc bot. No big loss.

Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/core.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/core.inc.php	2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/core.inc.php	2006-12-18 04:16:17 UTC (rev 4393)
@@ -57,6 +57,9 @@
 // Kill 'em all!
 function bb2_banned($settings, $package, $key, $previous_key=false)
 {
+	// Some spambots hit too hard. Slow them down a bit.
+	sleep(2);
+
 	require_once(BB2_CORE . "/banned.inc.php");
 	bb2_display_denial($settings, $key, $previous_key);
 	bb2_log_denial($settings, $package, $key, $previous_key);

Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/mozilla.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/mozilla.inc.php	2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/mozilla.inc.php	2006-12-18 04:16:17 UTC (rev 4393)
@@ -5,6 +5,8 @@
 function bb2_mozilla($package)
 {
 	// First off, workaround for Google Desktop, until they fix it FIXME
+	// Google Desktop fixed it, but apparently some old versions are
+	// still out there. :(
 	// Always check accept header for Mozilla user agents
 	if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE) {
 		if (!array_key_exists('Accept', $package['headers_mixed'])) {

Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php	2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php	2006-12-18 04:16:17 UTC (rev 4393)
@@ -60,7 +60,7 @@
 
 		// Screen for user agent changes
 		// User connected previously with blank user agent
-		$q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` = '' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 1 MINUTE)");
+		$q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
 		// Damnit, too many ways for this to fail :(
 		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
 			return "799165c2";

Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/responses.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/responses.inc.php	2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/responses.inc.php	2006-12-18 04:16:17 UTC (rev 4393)
@@ -6,7 +6,7 @@
 	$bb2_responses = array(
 		'00000000' => array('response' => 200, 'explanation' => '', 'log' => ''),
 		'136673cd' => array('response' => 403, 'explanation' => 'Your Internet Protocol address is listed on a blacklist of addresses involved in malicious or illegal activity. See the listing below for more details on specific blacklists and removal procedures.', 'log' => 'IP address found on external blacklist'),
-		'17566707' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
+		'17566707' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
 		'17f4e8c8' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent was found on blacklist'),
 		'21f11d3f' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a mobile Web device, but you do not actually appear to be a mobile Web device.', 'log' => 'User-Agent claimed to be AvantGo, claim appears false'),
 		'2b90f772' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. If you are using the Opera browser, then Opera must appear in your user agent.', 'log' => 'Connection: TE present, not supported by MSIE'),

Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php	2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php	2006-12-18 04:16:17 UTC (rev 4393)
@@ -1,3 +1,3 @@
 <?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.0.7");
+define('BB2_VERSION', "2.0.8");
 ?>

Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/whitelist.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/whitelist.inc.php	2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/whitelist.inc.php	2006-12-18 04:16:17 UTC (rev 4393)
@@ -16,6 +16,7 @@
 		"172.16.0.0/12",
 		"192.168.0.0/16",
 //		"127.0.0.1",
+		"208.54.95.129",
 	);
 
 	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!

More information about the pLog-svn mailing list