[pLog-svn] r5255 -plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior

Oscar Renalias oscar at renalias.net
Mon Apr 2 13:13:24 EDT 2007


I think that's good enough, thank you. I will give it a try and see  
if there's any more notices.

On 2 Apr 2007, at 12:56, Mark Wu wrote:

> Hi Oscar:
>
> I did not apply your patch to function.inc.php. It seems the  
> authoer already
> check the $mask exist or not.
>
> You original patch:
>
> 		// Oscar: FIXED A NOTICE IN PHP5
> 		$hostInfo =  explode('/', $cidr);
> 		isset( $hostInfo[0] ) ? $ip = $hostInfo[0] : $ip =
> "0.0.0.0";
> 		isset( $hostInfo[1] ) ? $mask = $hostInfo[1] : $mask = "8";
>
> Mark
>
>> -----Original Message-----
>> From: plog-svn-bounces at devel.lifetype.net
>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of
>> mark at devel.lifetype.net
>> Sent: Monday, April 02, 2007 5:55 PM
>> To: plog-svn at devel.lifetype.net
>> Subject: [pLog-svn] r5255
>> -plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior
>>
>> Author: mark
>> Date: 2007-04-02 05:55:16 -0400 (Mon, 02 Apr 2007) New Revision: 5255
>>
>> Modified:
>>
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ad
>> min.inc.php
>>
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/bl
>> acklist.inc.php
>>
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/co
>> mmon_tests.inc.php
>>
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/fu
>> nctions.inc.php
>>
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/po
>> st.inc.php
>>
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ve
>> rsion.inc.php
>>
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/wh
>> itelist.inc.php
>> Log:
>> Upgrade to Bad-Behavior 2.0.10 according Reto's suggestion.
>>
>> Modified:
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ad
>> min.inc.php
>> ===================================================================
>> ---
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ad
>> min.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
>> +++
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ad
>> min.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
>> @@ -48,7 +48,7 @@
>>  	<div class="wrap">
>>  	<h2><?php _e("Bad Behavior"); ?></h2>
>>  	<form method="post" action="<?php echo
>> $_SERVER['REQUEST_URI']; ?>">
>> -	<p>For more information please visit the <a
>> href="http://www.homelandstupidity.us/software/bad-behavior/">
>> Bad Behavior</a> homepage.</p>
>> +	<p>For more information please visit the <a
>> +href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a>
>> +homepage.</p>
>>  	<p>If you find Bad Behavior valuable, please consider
>> making a <a
>> href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&busine
>> ss=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo
>> BB2_VERSION;
>> ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Ba
>> d%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&chars
>> et=UTF%2d8">financial contribution</a> to further development
>> of Bad Behavior.</p>
>>
>>  	<fieldset class="options">
>>
>> Modified:
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/bl
>> acklist.inc.php
>> ===================================================================
>> ---
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/bl
>> acklist.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
>> +++
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/bl
>> acklist.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
>> @@ -31,9 +31,11 @@
>>  		"Mozilla/4.0(",		// from honeypot
>>  		"Mozilla/4.0+(",	// suspicious harvester
>>  		"MSIE",			// malicious software
>> +		"NutchCVS",		// unidentified robots
>>  		"OmniExplorer",		// spam harvester
>> +		"psycheclone",		// spam harvester
>>  		"PussyCat ",		// misc comment spam
>> -		"psycheclone",		// spam harvester
>> +		"PycURL",		// misc comment spam
>>  		"Shockwave Flash",	// spam harvester
>>  		"User Agent: ",		// spam harvester
>>  		"User-Agent: ",		// spam harvester
>> @@ -59,6 +61,7 @@
>>  		".NET CLR 1)",		// free poker, etc.
>>  		"POE-Component-Client",	// free poker, etc.
>>  		"Turing Machine",	// www.anonymizer.com abuse
>> +		"WebaltBot",		// spam harvester
>>  		"WISEbot",		// spam harvester
>>  		"WISEnutbot",		// spam harvester
>>  		"Windows NT 4.0;)",	// wikispam bot
>>
>> Modified:
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/co
>> mmon_tests.inc.php
>> ===================================================================
>> ---
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/co
>> mmon_tests.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
>> +++
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/co
>> mmon_tests.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
>> @@ -28,15 +28,20 @@
>>  		return "f9f2b8b9";
>>  	}
>>
>> -	if (strpos($package['request_uri'], "#") !== FALSE ||
>> @strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
>> +	// Broken spambots send URLs with various invalid characters
>> +	// Some broken browsers send the #vector in the referer field :(
>> +	// if (strpos($package['request_uri'], "#") !== FALSE
>> || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
>> +	if (strpos($package['request_uri'], "#") !== FALSE) {
>>  		return "dfd9b1ad";
>>  	}
>>
>>  	// Range: field exists and begins with 0
>>  	// Real user-agents do not start ranges at 0
>>  	// NOTE: this blocks the whois.sc bot. No big loss.
>> +	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
>> +	// blocked again in the future)
>>  	if (array_key_exists('Range',
>> $package['headers_mixed']) &&
>> strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
>> -		if (strncmp($ua, "MovableType", 11)) {
>> +		if (strncmp($ua, "MovableType", 11) &&
>> strncmp($ua, "URI::Fetch",
>> +10)) {
>>  			return "7ad04a8a";
>>  		}
>>  	}
>> @@ -47,7 +52,10 @@
>>  	}
>>
>>  	// Lowercase via is used by open proxies/referrer spammers
>> -	if (array_key_exists('via', $package['headers'])) {
>> +	// Exceptions: Clearswift uses lowercase via (refuses to fix;
>> +	// may be blocked again in the future)
>> +	if (array_key_exists('via', $package['headers']) &&
>> +		!strstr($package['headers']['via'],'Clearswift
>> Web Policy Engine')) {
>>  		return "9c9e4979";
>>  	}
>>
>>
>> Modified:
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/fu
>> nctions.inc.php
>> ===================================================================
>> ---
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/fu
>> nctions.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
>> +++
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/fu
>> nctions.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
>> @@ -44,12 +44,9 @@
>>  			}
>>  		}
>>  	} else {
>> -		// Oscar: FIXED A NOTICE IN PHP5
>> -		$hostInfo =  explode('/', $cidr);
>> -		isset( $hostInfo[0] ) ? $ip = $hostInfo[0] :
>> $ip = "0.0.0.0";
>> -		isset( $hostInfo[1] ) ? $mask = $hostInfo[1] :
>> $mask = "8";		
>> -		//list($ip, $mask) = explode('/', $cidr);
>> -		$mask = 0xffffffff << (32 - $mask);
>> +		list($ip, $mask) = explode('/', $cidr);
>> +		if (!$mask) $mask = 32;
>> +		$mask = pow(2,32) - pow(2, (32 - $mask));
>>  		$output = ((ip2long($addr) & $mask) ==
>> (ip2long($ip) & $mask));
>>  	}
>>  	return $output;
>>
>> Modified:
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/po
>> st.inc.php
>> ===================================================================
>> ---
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/po
>> st.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
>> +++
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/po
>> st.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
>> @@ -5,10 +5,10 @@
>>  {
>>      // LifeType mod by pwestbro: dns blacklist checks can be
>> done in the
>>      // dnsantispam plugin.
>> -//	// Check blackhole lists for known spam/malicious activity
>> -//	require_once(BB2_CORE . "/blackhole.inc.php");
>> -//	bb2_test($settings, $package, bb2_blackhole($package));
>>
>> +	// Check blackhole lists for known spam/malicious activity
>> +	// require_once(BB2_CORE . "/blackhole.inc.php");
>> +	// bb2_test($settings, $package, bb2_blackhole($package));
>>  	// MovableType needs specialized screening
>>  	if (stripos($package['headers_mixed']['User-Agent'],
>> "MovableType") !== FALSE) {
>>  		if (strcmp($package['headers_mixed']['Range'],
>> "bytes=0-99999")) { @@ -48,8 +48,8 @@
>>  		// Posting too slow? 48 hr
>>          // LifeType mod by jondaley: since pages can be
>> cached, the cookie might not be updated
>>          // and this can get tripped incorrectly
>> -//		if ($screener + 172800 < time())
>> -//			return "b40c8ddc";
>> +		// if ($screener + 172800 < time())
>> +		//     return "b40c8ddc";
>>
>>  		// Screen by IP address
>>  		$ip = ip2long($package['ip']);
>> @@ -60,10 +60,10 @@
>>
>>  		// Screen for user agent changes
>>  		// User connected previously with blank user agent
>> -		$q = bb2_db_query("SELECT `ip` FROM " .
>> $settings['log_table'] . " WHERE (`ip` = '" . $package['ip']
>> . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '"
>> . $package['user_agent'] . "' AND `date` > DATE_SUB('" .
>> bb2_db_date() . "', INTERVAL 5 MINUTE)");
>> +//		$q = bb2_db_query("SELECT `ip` FROM " .
>> $settings['log_table'] . " WHERE (`ip` = '" . $package['ip']
>> . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '"
>> . $package['user_agent'] . "' AND `date` > DATE_SUB('" .
>> bb2_db_date() . "', INTERVAL 5 MINUTE)");
>>  		// Damnit, too many ways for this to fail :(
>> -		if ($q !== FALSE && $q != NULL &&
>> bb2_db_num_rows($q) > 0)
>> -			return "799165c2";
>> +//		if ($q !== FALSE && $q != NULL &&
>> bb2_db_num_rows($q) > 0)
>> +//			return "799165c2";
>>  	}
>>
>>  	return false;
>>
>> Modified:
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ve
>> rsion.inc.php
>> ===================================================================
>> ---
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ve
>> rsion.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
>> +++
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/ve
>> rsion.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
>> @@ -1,3 +1,3 @@
>>  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
>> -define('BB2_VERSION', "2.0.8");
>> +define('BB2_VERSION', "2.0.10");
>>  ?>
>>
>> Modified:
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/wh
>> itelist.inc.php
>> ===================================================================
>> ---
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/wh
>> itelist.inc.php	2007-04-01 13:08:16 UTC (rev 5254)
>> +++
>> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/wh
>> itelist.inc.php	2007-04-02 09:55:16 UTC (rev 5255)
>> @@ -16,7 +16,6 @@
>>  		"172.16.0.0/12",
>>  		"192.168.0.0/16",
>>  //		"127.0.0.1",
>> -		"208.54.95.129",
>>  	);
>>
>>  	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
>> DANGER! DANGER!
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>



More information about the pLog-svn mailing list