[pLog-svn] r5255 -plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior

Mark Wu markplace at gmail.com
Mon Apr 2 05:56:59 EDT 2007


Hi Oscar:

I did not apply your patch to function.inc.php. It seems the authoer already
check the $mask exist or not.

You original patch:

		// Oscar: FIXED A NOTICE IN PHP5
		$hostInfo =  explode('/', $cidr);
		isset( $hostInfo[0] ) ? $ip = $hostInfo[0] : $ip =
"0.0.0.0";
		isset( $hostInfo[1] ) ? $mask = $hostInfo[1] : $mask = "8";

Mark 

> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net 
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of 
> mark at devel.lifetype.net
> Sent: Monday, April 02, 2007 5:55 PM
> To: plog-svn at devel.lifetype.net
> Subject: [pLog-svn] r5255 
> -plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior
> 
> Author: mark
> Date: 2007-04-02 05:55:16 -0400 (Mon, 02 Apr 2007) New Revision: 5255
> 
> Modified:
>    
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ad
> min.inc.php
>    
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/bl
> acklist.inc.php
>    
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/co
> mmon_tests.inc.php
>    
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/fu
> nctions.inc.php
>    
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/po
> st.inc.php
>    
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ve
> rsion.inc.php
>    
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/wh
> itelist.inc.php
> Log:
> Upgrade to Bad-Behavior 2.0.10 according Reto's suggestion.
> 
> Modified: 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ad
> min.inc.php
> ===================================================================
> --- 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ad
> min.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
> +++ 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ad
> min.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
> @@ -48,7 +48,7 @@
>  	<div class="wrap">
>  	<h2><?php _e("Bad Behavior"); ?></h2>
>  	<form method="post" action="<?php echo 
> $_SERVER['REQUEST_URI']; ?>">
> -	<p>For more information please visit the <a 
> href="http://www.homelandstupidity.us/software/bad-behavior/">
> Bad Behavior</a> homepage.</p>
> +	<p>For more information please visit the <a 
> +href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> 
> +homepage.</p>
>  	<p>If you find Bad Behavior valuable, please consider 
> making a <a 
> href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&busine
> ss=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo 
> BB2_VERSION; 
> ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Ba
> d%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&chars
> et=UTF%2d8">financial contribution</a> to further development 
> of Bad Behavior.</p>
>  
>  	<fieldset class="options">
> 
> Modified: 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/bl
> acklist.inc.php
> ===================================================================
> --- 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/bl
> acklist.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
> +++ 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/bl
> acklist.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
> @@ -31,9 +31,11 @@
>  		"Mozilla/4.0(",		// from honeypot
>  		"Mozilla/4.0+(",	// suspicious harvester
>  		"MSIE",			// malicious software
> +		"NutchCVS",		// unidentified robots
>  		"OmniExplorer",		// spam harvester
> +		"psycheclone",		// spam harvester
>  		"PussyCat ",		// misc comment spam
> -		"psycheclone",		// spam harvester
> +		"PycURL",		// misc comment spam
>  		"Shockwave Flash",	// spam harvester
>  		"User Agent: ",		// spam harvester
>  		"User-Agent: ",		// spam harvester
> @@ -59,6 +61,7 @@
>  		".NET CLR 1)",		// free poker, etc.
>  		"POE-Component-Client",	// free poker, etc.
>  		"Turing Machine",	// www.anonymizer.com abuse
> +		"WebaltBot",		// spam harvester
>  		"WISEbot",		// spam harvester
>  		"WISEnutbot",		// spam harvester
>  		"Windows NT 4.0;)",	// wikispam bot
> 
> Modified: 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/co
> mmon_tests.inc.php
> ===================================================================
> --- 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/co
> mmon_tests.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
> +++ 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/co
> mmon_tests.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
> @@ -28,15 +28,20 @@
>  		return "f9f2b8b9";
>  	}
>  
> -	if (strpos($package['request_uri'], "#") !== FALSE || 
> @strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
> +	// Broken spambots send URLs with various invalid characters
> +	// Some broken browsers send the #vector in the referer field :(
> +	// if (strpos($package['request_uri'], "#") !== FALSE 
> || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
> +	if (strpos($package['request_uri'], "#") !== FALSE) {
>  		return "dfd9b1ad";
>  	}
>  
>  	// Range: field exists and begins with 0
>  	// Real user-agents do not start ranges at 0
>  	// NOTE: this blocks the whois.sc bot. No big loss.
> +	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
> +	// blocked again in the future)
>  	if (array_key_exists('Range', 
> $package['headers_mixed']) && 
> strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
> -		if (strncmp($ua, "MovableType", 11)) {
> +		if (strncmp($ua, "MovableType", 11) && 
> strncmp($ua, "URI::Fetch", 
> +10)) {
>  			return "7ad04a8a";
>  		}
>  	}
> @@ -47,7 +52,10 @@
>  	}
>  
>  	// Lowercase via is used by open proxies/referrer spammers
> -	if (array_key_exists('via', $package['headers'])) {
> +	// Exceptions: Clearswift uses lowercase via (refuses to fix;
> +	// may be blocked again in the future)
> +	if (array_key_exists('via', $package['headers']) &&
> +		!strstr($package['headers']['via'],'Clearswift 
> Web Policy Engine')) {
>  		return "9c9e4979";
>  	}
>  
> 
> Modified: 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/fu
> nctions.inc.php
> ===================================================================
> --- 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/fu
> nctions.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
> +++ 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/fu
> nctions.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
> @@ -44,12 +44,9 @@
>  			}
>  		}
>  	} else {
> -		// Oscar: FIXED A NOTICE IN PHP5
> -		$hostInfo =  explode('/', $cidr);
> -		isset( $hostInfo[0] ) ? $ip = $hostInfo[0] : 
> $ip = "0.0.0.0";
> -		isset( $hostInfo[1] ) ? $mask = $hostInfo[1] : 
> $mask = "8";		
> -		//list($ip, $mask) = explode('/', $cidr);
> -		$mask = 0xffffffff << (32 - $mask);
> +		list($ip, $mask) = explode('/', $cidr);
> +		if (!$mask) $mask = 32;
> +		$mask = pow(2,32) - pow(2, (32 - $mask));
>  		$output = ((ip2long($addr) & $mask) == 
> (ip2long($ip) & $mask));
>  	}
>  	return $output;
> 
> Modified: 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/po
> st.inc.php
> ===================================================================
> --- 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/po
> st.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
> +++ 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/po
> st.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
> @@ -5,10 +5,10 @@
>  {
>      // LifeType mod by pwestbro: dns blacklist checks can be 
> done in the 
>      // dnsantispam plugin.
> -//	// Check blackhole lists for known spam/malicious activity
> -//	require_once(BB2_CORE . "/blackhole.inc.php");
> -//	bb2_test($settings, $package, bb2_blackhole($package));
>  
> +	// Check blackhole lists for known spam/malicious activity
> +	// require_once(BB2_CORE . "/blackhole.inc.php");
> +	// bb2_test($settings, $package, bb2_blackhole($package));
>  	// MovableType needs specialized screening
>  	if (stripos($package['headers_mixed']['User-Agent'], 
> "MovableType") !== FALSE) {
>  		if (strcmp($package['headers_mixed']['Range'], 
> "bytes=0-99999")) { @@ -48,8 +48,8 @@
>  		// Posting too slow? 48 hr
>          // LifeType mod by jondaley: since pages can be 
> cached, the cookie might not be updated
>          // and this can get tripped incorrectly
> -//		if ($screener + 172800 < time())
> -//			return "b40c8ddc";
> +		// if ($screener + 172800 < time())
> +		//     return "b40c8ddc";
>  
>  		// Screen by IP address
>  		$ip = ip2long($package['ip']);
> @@ -60,10 +60,10 @@
>  
>  		// Screen for user agent changes
>  		// User connected previously with blank user agent
> -		$q = bb2_db_query("SELECT `ip` FROM " . 
> $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] 
> . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" 
> . $package['user_agent'] . "' AND `date` > DATE_SUB('" . 
> bb2_db_date() . "', INTERVAL 5 MINUTE)");
> +//		$q = bb2_db_query("SELECT `ip` FROM " . 
> $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] 
> . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" 
> . $package['user_agent'] . "' AND `date` > DATE_SUB('" . 
> bb2_db_date() . "', INTERVAL 5 MINUTE)");
>  		// Damnit, too many ways for this to fail :(
> -		if ($q !== FALSE && $q != NULL && 
> bb2_db_num_rows($q) > 0)
> -			return "799165c2";
> +//		if ($q !== FALSE && $q != NULL && 
> bb2_db_num_rows($q) > 0)
> +//			return "799165c2";
>  	}
>  
>  	return false;
> 
> Modified: 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ve
> rsion.inc.php
> ===================================================================
> --- 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ve
> rsion.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
> +++ 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ve
> rsion.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
> @@ -1,3 +1,3 @@
>  <?php if (!defined('BB2_CWD')) die("I said no cheating!"); 
> -define('BB2_VERSION', "2.0.8");
> +define('BB2_VERSION', "2.0.10");
>  ?>
> 
> Modified: 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/wh
> itelist.inc.php
> ===================================================================
> --- 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/wh
> itelist.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
> +++ 
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/wh
> itelist.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
> @@ -16,7 +16,6 @@
>  		"172.16.0.0/12",
>  		"192.168.0.0/16",
>  //		"127.0.0.1",
> -		"208.54.95.129",
>  	);
>  
>  	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! 
> DANGER! DANGER!
> 
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn



More information about the pLog-svn mailing list