[pLog-svn] r4521 -
plugins/branches/lifetype-1.1/badbehavior/bad-behavior
Jon Daley
plogworld at jon.limedaley.com
Thu Jan 11 00:39:39 GMT 2007
Did you mean to remove my uncommented 1 second timeout check? I
haven't seen any false positives with it, and I'll bet it gets some
spammers.
On Mon, 8 Jan 2007, pwestbro at devel.lifetype.net wrote:
> Author: pwestbro
> Date: 2007-01-08 17:46:00 +0000 (Mon, 08 Jan 2007)
> New Revision: 4521
>
> Modified:
> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php
> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php
> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php
> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php
> Log:
> Integrated Bad Behavior 2.0.9 into the bad behavior plugin
>
>
> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php
> ===================================================================
> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php 2007-01-05 18:32:33 UTC (rev 4520)
> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php 2007-01-08 17:46:00 UTC (rev 4521)
> @@ -31,9 +31,11 @@
> "Mozilla/4.0(", // from honeypot
> "Mozilla/4.0+(", // suspicious harvester
> "MSIE", // malicious software
> + "NutchCVS", // unidentified robots
> "OmniExplorer", // spam harvester
> + "psycheclone", // spam harvester
> "PussyCat ", // misc comment spam
> - "psycheclone", // spam harvester
> + "PycURL", // misc comment spam
> "Shockwave Flash", // spam harvester
> "User Agent: ", // spam harvester
> "User-Agent: ", // spam harvester
>
> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php
> ===================================================================
> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php 2007-01-05 18:32:33 UTC (rev 4520)
> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php 2007-01-08 17:46:00 UTC (rev 4521)
> @@ -29,15 +29,18 @@
> }
>
> // Broken spambots send URLs with various invalid characters
> - if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
> + // Some broken browsers send the #vector in the referer field :(
> + // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
> + if (strpos($package['request_uri'], "#") !== FALSE) {
> return "dfd9b1ad";
> }
>
> // Range: field exists and begins with 0
> // Real user-agents do not start ranges at 0
> // NOTE: this blocks the whois.sc bot. No big loss.
> + // Exceptions: MT (not fixable); LJ (refuses to fix; may be
> + // blocked again in the future)
> if (array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
> - // LifeType mod: jondaley: LiveJournal uses URI::Fetch for OpenID checking
> if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10)) {
> return "7ad04a8a";
> }
> @@ -49,7 +52,10 @@
> }
>
> // Lowercase via is used by open proxies/referrer spammers
> - if (array_key_exists('via', $package['headers'])) {
> + // Exceptions: Clearswift uses lowercase via (refuses to fix;
> + // may be blocked again in the future)
> + if (array_key_exists('via', $package['headers']) &&
> + !strstr($package['headers']['via'],'Clearswift Web Policy Engine')) {
> return "9c9e4979";
> }
>
>
> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php
> ===================================================================
> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php 2007-01-05 18:32:33 UTC (rev 4520)
> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php 2007-01-08 17:46:00 UTC (rev 4521)
> @@ -42,10 +42,9 @@
>
> if ($screener > 0) {
> // Posting too fast? 5 sec
> - // LifeType mod by jondaley: catch 1 second posts
> // FIXME: even 5 sec is too intrusive
> - if ($screener + 1 > time())
> - return "408d7e72";
> + // if ($screener + 5 > time())
> + // return "408d7e72";
> // Posting too slow? 48 hr
> // LifeType mod by jondaley: since pages can be cached,
> // the cookie might not be updated
> @@ -64,10 +63,10 @@
>
> // Screen for user agent changes
> // User connected previously with blank user agent
> - $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
> +// $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
> // Damnit, too many ways for this to fail :(
> - if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
> - return "799165c2";
> +// if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
> +// return "799165c2";
> }
>
> return false;
>
> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php
> ===================================================================
> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php 2007-01-05 18:32:33 UTC (rev 4520)
> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php 2007-01-08 17:46:00 UTC (rev 4521)
> @@ -1,3 +1,3 @@
> <?php if (!defined('BB2_CWD')) die("I said no cheating!");
> -define('BB2_VERSION', "2.0.8");
> +define('BB2_VERSION', "2.0.9");
> ?>
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
--
Jon Daley
http://jon.limedaley.com/
What good is it for a man to gain the whole world, yet forfeit his soul?
-- Jesus Christ
More information about the pLog-svn
mailing list