[pLog-svn] r4393 -
plugins/branches/lifetype-1.1/badbehavior/bad-behavior
pwestbro at devel.lifetype.net
pwestbro at devel.lifetype.net
Mon Dec 18 04:16:19 GMT 2006
Author: pwestbro
Date: 2006-12-18 04:16:17 +0000 (Mon, 18 Dec 2006)
New Revision: 4393
Modified:
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blackhole.inc.php
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/core.inc.php
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/mozilla.inc.php
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/responses.inc.php
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/whitelist.inc.php
Log:
Upgraded to version 2.0.8 of Bad Behavior
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blackhole.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blackhole.inc.php 2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blackhole.inc.php 2006-12-18 04:16:17 UTC (rev 4393)
@@ -5,18 +5,18 @@
function bb2_blackhole($package) {
// Only conservative lists
$bb2_blackhole_lists = array(
- "sbl-xbl.spamhaus.org",
+ "sbl-xbl.spamhaus.org", // All around nasties
// "dnsbl.sorbs.net", // Old useless data.
// "list.dsbl.org", // Old useless data.
- "opm.blitzed.org",
+ "dnsbl.ioerror.us", // Bad Behavior Blackhole
);
// Things that shouldn't be blocked, from aggregate lists
$bb2_blackhole_exceptions = array(
- "sbl-xbl.spamhaus.org" => array(),
+ "sbl-xbl.spamhaus.org" => array("127.0.0.4"), // CBL is problematic
"dnsbl.sorbs.net" => array("127.0.0.10",), // Dynamic IPs only
"list.dsbl.org" => array(),
- "opm.blitzed.org" => array(),
+ "dnsbl.ioerror.us" => array(),
);
// Check the blackhole lists
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php 2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php 2006-12-18 04:16:17 UTC (rev 4393)
@@ -43,6 +43,7 @@
// These user agent strings occur anywhere within the line.
$bb2_spambots = array(
+ "\r", // A really dumb bot
"; Widows ", // misc comment/email spam
"a href=", // referrer spam
"Bad Behavior Test", // Add this to your user-agent to test BB
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php 2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php 2006-12-18 04:16:17 UTC (rev 4393)
@@ -28,6 +28,11 @@
return "f9f2b8b9";
}
+ // Broken spambots send URLs with various invalid characters
+ if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
+ return "dfd9b1ad";
+ }
+
// Range: field exists and begins with 0
// Real user-agents do not start ranges at 0
// NOTE: this blocks the whois.sc bot. No big loss.
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/core.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/core.inc.php 2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/core.inc.php 2006-12-18 04:16:17 UTC (rev 4393)
@@ -57,6 +57,9 @@
// Kill 'em all!
function bb2_banned($settings, $package, $key, $previous_key=false)
{
+ // Some spambots hit too hard. Slow them down a bit.
+ sleep(2);
+
require_once(BB2_CORE . "/banned.inc.php");
bb2_display_denial($settings, $key, $previous_key);
bb2_log_denial($settings, $package, $key, $previous_key);
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/mozilla.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/mozilla.inc.php 2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/mozilla.inc.php 2006-12-18 04:16:17 UTC (rev 4393)
@@ -5,6 +5,8 @@
function bb2_mozilla($package)
{
// First off, workaround for Google Desktop, until they fix it FIXME
+ // Google Desktop fixed it, but apparently some old versions are
+ // still out there. :(
// Always check accept header for Mozilla user agents
if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE) {
if (!array_key_exists('Accept', $package['headers_mixed'])) {
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php 2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php 2006-12-18 04:16:17 UTC (rev 4393)
@@ -60,7 +60,7 @@
// Screen for user agent changes
// User connected previously with blank user agent
- $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` = '' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 1 MINUTE)");
+ $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
// Damnit, too many ways for this to fail :(
if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
return "799165c2";
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/responses.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/responses.inc.php 2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/responses.inc.php 2006-12-18 04:16:17 UTC (rev 4393)
@@ -6,7 +6,7 @@
$bb2_responses = array(
'00000000' => array('response' => 200, 'explanation' => '', 'log' => ''),
'136673cd' => array('response' => 403, 'explanation' => 'Your Internet Protocol address is listed on a blacklist of addresses involved in malicious or illegal activity. See the listing below for more details on specific blacklists and removal procedures.', 'log' => 'IP address found on external blacklist'),
- '17566707' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
+ '17566707' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
'17f4e8c8' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent was found on blacklist'),
'21f11d3f' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a mobile Web device, but you do not actually appear to be a mobile Web device.', 'log' => 'User-Agent claimed to be AvantGo, claim appears false'),
'2b90f772' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. If you are using the Opera browser, then Opera must appear in your user agent.', 'log' => 'Connection: TE present, not supported by MSIE'),
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php 2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php 2006-12-18 04:16:17 UTC (rev 4393)
@@ -1,3 +1,3 @@
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.0.7");
+define('BB2_VERSION', "2.0.8");
?>
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/whitelist.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/whitelist.inc.php 2006-12-17 17:28:19 UTC (rev 4392)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/whitelist.inc.php 2006-12-18 04:16:17 UTC (rev 4393)
@@ -16,6 +16,7 @@
"172.16.0.0/12",
"192.168.0.0/16",
// "127.0.0.1",
+ "208.54.95.129",
);
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
More information about the pLog-svn
mailing list