[pLog-svn] r4043 -
plugins/branches/lifetype-1.1/badbehavior/bad-behavior
pwestbro at devel.lifetype.net
pwestbro at devel.lifetype.net
Mon Sep 25 03:39:36 GMT 2006
Author: pwestbro
Date: 2006-09-25 03:39:35 +0000 (Mon, 25 Sep 2006)
New Revision: 4043
Added:
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blackhole.inc.php
Modified:
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/responses.inc.php
plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php
Log:
Integrated Bad Behavior 2.0.6 into the plugin
Added: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blackhole.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blackhole.inc.php 2006-09-24 22:34:10 UTC (rev 4042)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blackhole.inc.php 2006-09-25 03:39:35 UTC (rev 4043)
@@ -0,0 +1,37 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Look up address on various blackhole lists.
+// These cannot be used for GET requests under any circumstances!
+function bb2_blackhole($package) {
+ // Only conservative lists
+ $bb2_blackhole_lists = array(
+ "sbl-xbl.spamhaus.org",
+ "dnsbl.sorbs.net",
+ "list.dsbl.org",
+ "opm.blitzed.org",
+ );
+
+ // Things that shouldn't be blocked, from aggregate lists
+ $bb2_blackhole_exceptions = array(
+ "sbl-xbl.spamhaus.org" => array(),
+ "dnsbl.sorbs.net" => array("127.0.0.10",), // Dynamic IPs only
+ "list.dsbl.org" => array(),
+ "opm.blitzed.org" => array(),
+ );
+
+ // Check the blackhole lists
+ $ip = $package['ip'];
+ $find = implode('.', array_reverse(explode('.', $ip)));
+ foreach ($bb2_blackhole_lists as $dnsbl) {
+ $result = gethostbynamel($find . "." . $dnsbl . ".");
+ if (!empty($result)) {
+ // Got a match and it isn't on the exception list
+ $result = @array_diff($result, $bb2_blackhole_exceptions[$dnsbl]);
+ if (!empty($result)) {
+ return '136673cd';
+ }
+ }
+ }
+ return false;
+}
+?>
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php 2006-09-24 22:34:10 UTC (rev 4042)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php 2006-09-25 03:39:35 UTC (rev 4043)
@@ -5,6 +5,7 @@
// Blacklisted user agents
// These user agent strings occur at the beginning of the line.
$bb2_spambots_0 = array(
+ "<sc", // XSS exploit attempts
"8484 Boston Project", // video poker/porn spam
"adwords", // referrer spam
"autoemailspider", // spam harvester
@@ -32,9 +33,10 @@
"PussyCat ", // misc comment spam
"psycheclone", // spam harvester
"Shockwave Flash", // spam harvester
+ "User Agent: ", // spam harvester
"User-Agent: ", // spam harvester
"Wordpress Hash Grabber",// malicious software
- "\\\"", // malicious software
+ "\"", // malicious software
);
// These user agent strings occur anywhere within the line.
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php 2006-09-24 22:34:10 UTC (rev 4042)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php 2006-09-25 03:39:35 UTC (rev 4043)
@@ -3,6 +3,10 @@
// All tests which apply specifically to POST requests
function bb2_post($settings, $package)
{
+ // Check blackhole lists for known spam/malicious activity
+ require_once(BB2_CORE . "/blackhole.inc.php");
+ bb2_test($settings, $package, bb2_blackhole($package));
+
// MovableType needs specialized screening
if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
@@ -55,7 +59,6 @@
// Damnit, too many ways for this to fail :(
if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
return "799165c2";
-
}
return false;
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/responses.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/responses.inc.php 2006-09-24 22:34:10 UTC (rev 4042)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/responses.inc.php 2006-09-25 03:39:35 UTC (rev 4043)
@@ -5,6 +5,7 @@
function bb2_get_response($key) {
$bb2_responses = array(
'00000000' => array('response' => 200, 'explanation' => '', 'log' => ''),
+ '136673cd' => array('response' => 403, 'explanation' => 'Your Internet Protocol address is listed on a blacklist of addresses involved in malicious or illegal activity. See the listing below for more details on specific blacklists and removal procedures.', 'log' => 'IP address found on external blacklist'),
'17566707' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
'17f4e8c8' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent was found on blacklist'),
'21f11d3f' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a mobile Web device, but you do not actually appear to be a mobile Web device.', 'log' => 'User-Agent claimed to be AvantGo, claim appears false'),
Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php
===================================================================
--- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php 2006-09-24 22:34:10 UTC (rev 4042)
+++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php 2006-09-25 03:39:35 UTC (rev 4043)
@@ -1,3 +1,3 @@
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.0.5");
+define('BB2_VERSION', "2.0.6");
?>
More information about the pLog-svn
mailing list