[pLog-svn] r5255 - plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior

mark at devel.lifetype.net mark at devel.lifetype.net
Mon Apr 2 05:55:16 EDT 2007 

Author: mark
Date: 2007-04-02 05:55:16 -0400 (Mon, 02 Apr 2007)
New Revision: 5255

Modified:
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/admin.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
Log:
Upgrade to Bad-Behavior 2.0.10 according Reto's suggestion.

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/admin.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/admin.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/admin.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
@@ -48,7 +48,7 @@
 	<div class="wrap">
 	<h2><?php _e("Bad Behavior"); ?></h2>
 	<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
-	<p>For more information please visit the <a href="http://www.homelandstupidity.us/software/bad-behavior/">Bad Behavior</a> homepage.</p>
+	<p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
 	<p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
 
 	<fieldset class="options">

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
@@ -31,9 +31,11 @@
 		"Mozilla/4.0(",		// from honeypot
 		"Mozilla/4.0+(",	// suspicious harvester
 		"MSIE",			// malicious software
+		"NutchCVS",		// unidentified robots
 		"OmniExplorer",		// spam harvester
+		"psycheclone",		// spam harvester
 		"PussyCat ",		// misc comment spam
-		"psycheclone",		// spam harvester
+		"PycURL",		// misc comment spam
 		"Shockwave Flash",	// spam harvester
 		"User Agent: ",		// spam harvester
 		"User-Agent: ",		// spam harvester
@@ -59,6 +61,7 @@
 		".NET CLR 1)",		// free poker, etc.
 		"POE-Component-Client",	// free poker, etc.
 		"Turing Machine",	// www.anonymizer.com abuse
+		"WebaltBot",		// spam harvester
 		"WISEbot",		// spam harvester
 		"WISEnutbot",		// spam harvester
 		"Windows NT 4.0;)",	// wikispam bot

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
@@ -28,15 +28,20 @@
 		return "f9f2b8b9";
 	}
 
-	if (strpos($package['request_uri'], "#") !== FALSE || @strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
+	// Broken spambots send URLs with various invalid characters
+	// Some broken browsers send the #vector in the referer field :(
+	// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
+	if (strpos($package['request_uri'], "#") !== FALSE) {
 		return "dfd9b1ad";
 	}
 
 	// Range: field exists and begins with 0
 	// Real user-agents do not start ranges at 0
 	// NOTE: this blocks the whois.sc bot. No big loss.
+	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
+	// blocked again in the future)
 	if (array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
-		if (strncmp($ua, "MovableType", 11)) {
+		if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10)) {
 			return "7ad04a8a";
 		}
 	}
@@ -47,7 +52,10 @@
 	}
 
 	// Lowercase via is used by open proxies/referrer spammers
-	if (array_key_exists('via', $package['headers'])) {
+	// Exceptions: Clearswift uses lowercase via (refuses to fix;
+	// may be blocked again in the future)
+	if (array_key_exists('via', $package['headers']) &&
+		!strstr($package['headers']['via'],'Clearswift Web Policy Engine')) {
 		return "9c9e4979";
 	}
 

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
@@ -44,12 +44,9 @@
 			}
 		}
 	} else {
-		// Oscar: FIXED A NOTICE IN PHP5
-		$hostInfo =  explode('/', $cidr);
-		isset( $hostInfo[0] ) ? $ip = $hostInfo[0] : $ip = "0.0.0.0";
-		isset( $hostInfo[1] ) ? $mask = $hostInfo[1] : $mask = "8";		
-		//list($ip, $mask) = explode('/', $cidr);
-		$mask = 0xffffffff << (32 - $mask);
+		list($ip, $mask) = explode('/', $cidr);
+		if (!$mask) $mask = 32;
+		$mask = pow(2,32) - pow(2, (32 - $mask));
 		$output = ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
 	}
 	return $output;

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
@@ -5,10 +5,10 @@
 {
     // LifeType mod by pwestbro: dns blacklist checks can be done in the 
     // dnsantispam plugin.
-//	// Check blackhole lists for known spam/malicious activity
-//	require_once(BB2_CORE . "/blackhole.inc.php");
-//	bb2_test($settings, $package, bb2_blackhole($package));
 
+	// Check blackhole lists for known spam/malicious activity
+	// require_once(BB2_CORE . "/blackhole.inc.php");
+	// bb2_test($settings, $package, bb2_blackhole($package));
 	// MovableType needs specialized screening
 	if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
 		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
@@ -48,8 +48,8 @@
 		// Posting too slow? 48 hr
         // LifeType mod by jondaley: since pages can be cached, the cookie might not be updated
         // and this can get tripped incorrectly
-//		if ($screener + 172800 < time())
-//			return "b40c8ddc";
+		// if ($screener + 172800 < time())
+		//     return "b40c8ddc";
 
 		// Screen by IP address
 		$ip = ip2long($package['ip']);
@@ -60,10 +60,10 @@
 
 		// Screen for user agent changes
 		// User connected previously with blank user agent
-		$q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
+//		$q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
 		// Damnit, too many ways for this to fail :(
-		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
-			return "799165c2";
+//		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
+//			return "799165c2";
 	}
 
 	return false;

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
@@ -1,3 +1,3 @@
 <?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.0.8");
+define('BB2_VERSION', "2.0.10");
 ?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
@@ -16,7 +16,6 @@
 		"172.16.0.0/12",
 		"192.168.0.0/16",
 //		"127.0.0.1",
-		"208.54.95.129",
 	);
 
 	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!

More information about the pLog-svn mailing list