[pLog-svn] r5255 -plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior
Mark Wu
markplace at gmail.com
Mon Apr 2 05:56:59 EDT 2007
Hi Oscar:
I did not apply your patch to function.inc.php. It seems the authoer already
check the $mask exist or not.
You original patch:
// Oscar: FIXED A NOTICE IN PHP5
$hostInfo = explode('/', $cidr);
isset( $hostInfo[0] ) ? $ip = $hostInfo[0] : $ip =
"0.0.0.0";
isset( $hostInfo[1] ) ? $mask = $hostInfo[1] : $mask = "8";
Mark
> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of
> mark at devel.lifetype.net
> Sent: Monday, April 02, 2007 5:55 PM
> To: plog-svn at devel.lifetype.net
> Subject: [pLog-svn] r5255
> -plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior
>
> Author: mark
> Date: 2007-04-02 05:55:16 -0400 (Mon, 02 Apr 2007) New Revision: 5255
>
> Modified:
>
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ad
> min.inc.php
>
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/bl
> acklist.inc.php
>
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/co
> mmon_tests.inc.php
>
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/fu
> nctions.inc.php
>
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/po
> st.inc.php
>
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ve
> rsion.inc.php
>
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/wh
> itelist.inc.php
> Log:
> Upgrade to Bad-Behavior 2.0.10 according Reto's suggestion.
>
> Modified:
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ad
> min.inc.php
> ===================================================================
> ---
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ad
> min.inc.php 2007-04-01 13:08:16 UTC (rev 5254)
> +++
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ad
> min.inc.php 2007-04-02 09:55:16 UTC (rev 5255)
> @@ -48,7 +48,7 @@
> <div class="wrap">
> <h2><?php _e("Bad Behavior"); ?></h2>
> <form method="post" action="<?php echo
> $_SERVER['REQUEST_URI']; ?>">
> - <p>For more information please visit the <a
> href="http://www.homelandstupidity.us/software/bad-behavior/">
> Bad Behavior</a> homepage.</p>
> + <p>For more information please visit the <a
> +href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a>
> +homepage.</p>
> <p>If you find Bad Behavior valuable, please consider
> making a <a
> href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&busine
> ss=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo
> BB2_VERSION;
> ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Ba
> d%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&chars
> et=UTF%2d8">financial contribution</a> to further development
> of Bad Behavior.</p>
>
> <fieldset class="options">
>
> Modified:
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/bl
> acklist.inc.php
> ===================================================================
> ---
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/bl
> acklist.inc.php 2007-04-01 13:08:16 UTC (rev 5254)
> +++
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/bl
> acklist.inc.php 2007-04-02 09:55:16 UTC (rev 5255)
> @@ -31,9 +31,11 @@
> "Mozilla/4.0(", // from honeypot
> "Mozilla/4.0+(", // suspicious harvester
> "MSIE", // malicious software
> + "NutchCVS", // unidentified robots
> "OmniExplorer", // spam harvester
> + "psycheclone", // spam harvester
> "PussyCat ", // misc comment spam
> - "psycheclone", // spam harvester
> + "PycURL", // misc comment spam
> "Shockwave Flash", // spam harvester
> "User Agent: ", // spam harvester
> "User-Agent: ", // spam harvester
> @@ -59,6 +61,7 @@
> ".NET CLR 1)", // free poker, etc.
> "POE-Component-Client", // free poker, etc.
> "Turing Machine", // www.anonymizer.com abuse
> + "WebaltBot", // spam harvester
> "WISEbot", // spam harvester
> "WISEnutbot", // spam harvester
> "Windows NT 4.0;)", // wikispam bot
>
> Modified:
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/co
> mmon_tests.inc.php
> ===================================================================
> ---
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/co
> mmon_tests.inc.php 2007-04-01 13:08:16 UTC (rev 5254)
> +++
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/co
> mmon_tests.inc.php 2007-04-02 09:55:16 UTC (rev 5255)
> @@ -28,15 +28,20 @@
> return "f9f2b8b9";
> }
>
> - if (strpos($package['request_uri'], "#") !== FALSE ||
> @strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
> + // Broken spambots send URLs with various invalid characters
> + // Some broken browsers send the #vector in the referer field :(
> + // if (strpos($package['request_uri'], "#") !== FALSE
> || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
> + if (strpos($package['request_uri'], "#") !== FALSE) {
> return "dfd9b1ad";
> }
>
> // Range: field exists and begins with 0
> // Real user-agents do not start ranges at 0
> // NOTE: this blocks the whois.sc bot. No big loss.
> + // Exceptions: MT (not fixable); LJ (refuses to fix; may be
> + // blocked again in the future)
> if (array_key_exists('Range',
> $package['headers_mixed']) &&
> strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
> - if (strncmp($ua, "MovableType", 11)) {
> + if (strncmp($ua, "MovableType", 11) &&
> strncmp($ua, "URI::Fetch",
> +10)) {
> return "7ad04a8a";
> }
> }
> @@ -47,7 +52,10 @@
> }
>
> // Lowercase via is used by open proxies/referrer spammers
> - if (array_key_exists('via', $package['headers'])) {
> + // Exceptions: Clearswift uses lowercase via (refuses to fix;
> + // may be blocked again in the future)
> + if (array_key_exists('via', $package['headers']) &&
> + !strstr($package['headers']['via'],'Clearswift
> Web Policy Engine')) {
> return "9c9e4979";
> }
>
>
> Modified:
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/fu
> nctions.inc.php
> ===================================================================
> ---
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/fu
> nctions.inc.php 2007-04-01 13:08:16 UTC (rev 5254)
> +++
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/fu
> nctions.inc.php 2007-04-02 09:55:16 UTC (rev 5255)
> @@ -44,12 +44,9 @@
> }
> }
> } else {
> - // Oscar: FIXED A NOTICE IN PHP5
> - $hostInfo = explode('/', $cidr);
> - isset( $hostInfo[0] ) ? $ip = $hostInfo[0] :
> $ip = "0.0.0.0";
> - isset( $hostInfo[1] ) ? $mask = $hostInfo[1] :
> $mask = "8";
> - //list($ip, $mask) = explode('/', $cidr);
> - $mask = 0xffffffff << (32 - $mask);
> + list($ip, $mask) = explode('/', $cidr);
> + if (!$mask) $mask = 32;
> + $mask = pow(2,32) - pow(2, (32 - $mask));
> $output = ((ip2long($addr) & $mask) ==
> (ip2long($ip) & $mask));
> }
> return $output;
>
> Modified:
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/po
> st.inc.php
> ===================================================================
> ---
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/po
> st.inc.php 2007-04-01 13:08:16 UTC (rev 5254)
> +++
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/po
> st.inc.php 2007-04-02 09:55:16 UTC (rev 5255)
> @@ -5,10 +5,10 @@
> {
> // LifeType mod by pwestbro: dns blacklist checks can be
> done in the
> // dnsantispam plugin.
> -// // Check blackhole lists for known spam/malicious activity
> -// require_once(BB2_CORE . "/blackhole.inc.php");
> -// bb2_test($settings, $package, bb2_blackhole($package));
>
> + // Check blackhole lists for known spam/malicious activity
> + // require_once(BB2_CORE . "/blackhole.inc.php");
> + // bb2_test($settings, $package, bb2_blackhole($package));
> // MovableType needs specialized screening
> if (stripos($package['headers_mixed']['User-Agent'],
> "MovableType") !== FALSE) {
> if (strcmp($package['headers_mixed']['Range'],
> "bytes=0-99999")) { @@ -48,8 +48,8 @@
> // Posting too slow? 48 hr
> // LifeType mod by jondaley: since pages can be
> cached, the cookie might not be updated
> // and this can get tripped incorrectly
> -// if ($screener + 172800 < time())
> -// return "b40c8ddc";
> + // if ($screener + 172800 < time())
> + // return "b40c8ddc";
>
> // Screen by IP address
> $ip = ip2long($package['ip']);
> @@ -60,10 +60,10 @@
>
> // Screen for user agent changes
> // User connected previously with blank user agent
> - $q = bb2_db_query("SELECT `ip` FROM " .
> $settings['log_table'] . " WHERE (`ip` = '" . $package['ip']
> . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '"
> . $package['user_agent'] . "' AND `date` > DATE_SUB('" .
> bb2_db_date() . "', INTERVAL 5 MINUTE)");
> +// $q = bb2_db_query("SELECT `ip` FROM " .
> $settings['log_table'] . " WHERE (`ip` = '" . $package['ip']
> . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '"
> . $package['user_agent'] . "' AND `date` > DATE_SUB('" .
> bb2_db_date() . "', INTERVAL 5 MINUTE)");
> // Damnit, too many ways for this to fail :(
> - if ($q !== FALSE && $q != NULL &&
> bb2_db_num_rows($q) > 0)
> - return "799165c2";
> +// if ($q !== FALSE && $q != NULL &&
> bb2_db_num_rows($q) > 0)
> +// return "799165c2";
> }
>
> return false;
>
> Modified:
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ve
> rsion.inc.php
> ===================================================================
> ---
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ve
> rsion.inc.php 2007-04-01 13:08:16 UTC (rev 5254)
> +++
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ve
> rsion.inc.php 2007-04-02 09:55:16 UTC (rev 5255)
> @@ -1,3 +1,3 @@
> <?php if (!defined('BB2_CWD')) die("I said no cheating!");
> -define('BB2_VERSION', "2.0.8");
> +define('BB2_VERSION', "2.0.10");
> ?>
>
> Modified:
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/wh
> itelist.inc.php
> ===================================================================
> ---
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/wh
> itelist.inc.php 2007-04-01 13:08:16 UTC (rev 5254)
> +++
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/wh
> itelist.inc.php 2007-04-02 09:55:16 UTC (rev 5255)
> @@ -16,7 +16,6 @@
> "172.16.0.0/12",
> "192.168.0.0/16",
> // "127.0.0.1",
> - "208.54.95.129",
> );
>
> // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> DANGER! DANGER!
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
More information about the pLog-svn
mailing list