[pLog-svn] r4521 -
plugins/branches/lifetype-1.1/badbehavior/bad-behavior
Paul Westbrook
paul at westbrooks.org
Thu Jan 11 01:30:05 GMT 2007
Hello,
I did. The author commented this check all together from his
distribution.
--Paul
On Jan 10, 2007, at 4:39 PM, Jon Daley wrote:
> Did you mean to remove my uncommented 1 second timeout check? I
> haven't seen any false positives with it, and I'll bet it gets some
> spammers.
>
> On Mon, 8 Jan 2007, pwestbro at devel.lifetype.net wrote:
>
>> Author: pwestbro
>> Date: 2007-01-08 17:46:00 +0000 (Mon, 08 Jan 2007)
>> New Revision: 4521
>>
>> Modified:
>> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> blacklist.inc.php
>> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> common_tests.inc.php
>> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php
>> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> version.inc.php
>> Log:
>> Integrated Bad Behavior 2.0.9 into the bad behavior plugin
>>
>>
>> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> blacklist.inc.php
>> ===================================================================
>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> blacklist.inc.php 2007-01-05 18:32:33 UTC (rev 4520)
>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> blacklist.inc.php 2007-01-08 17:46:00 UTC (rev 4521)
>> @@ -31,9 +31,11 @@
>> "Mozilla/4.0(", // from honeypot
>> "Mozilla/4.0+(", // suspicious harvester
>> "MSIE", // malicious software
>> + "NutchCVS", // unidentified robots
>> "OmniExplorer", // spam harvester
>> + "psycheclone", // spam harvester
>> "PussyCat ", // misc comment spam
>> - "psycheclone", // spam harvester
>> + "PycURL", // misc comment spam
>> "Shockwave Flash", // spam harvester
>> "User Agent: ", // spam harvester
>> "User-Agent: ", // spam harvester
>>
>> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> common_tests.inc.php
>> ===================================================================
>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> common_tests.inc.php 2007-01-05 18:32:33 UTC (rev 4520)
>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> common_tests.inc.php 2007-01-08 17:46:00 UTC (rev 4521)
>> @@ -29,15 +29,18 @@
>> }
>>
>> // Broken spambots send URLs with various invalid characters
>> - if (strpos($package['request_uri'], "#") !== FALSE || strpos
>> ($package['headers_mixed']['Referer'], "#") !== FALSE) {
>> + // Some broken browsers send the #vector in the referer field :(
>> + // if (strpos($package['request_uri'], "#") !== FALSE || strpos
>> ($package['headers_mixed']['Referer'], "#") !== FALSE) {
>> + if (strpos($package['request_uri'], "#") !== FALSE) {
>> return "dfd9b1ad";
>> }
>>
>> // Range: field exists and begins with 0
>> // Real user-agents do not start ranges at 0
>> // NOTE: this blocks the whois.sc bot. No big loss.
>> + // Exceptions: MT (not fixable); LJ (refuses to fix; may be
>> + // blocked again in the future)
>> if (array_key_exists('Range', $package['headers_mixed']) && strpos
>> ($package['headers_mixed']['Range'], "=0-") !== FALSE) {
>> - // LifeType mod: jondaley: LiveJournal uses
>> URI::Fetch for OpenID checking
>> if (strncmp($ua, "MovableType", 11) && strncmp($ua,
>> "URI::Fetch", 10)) {
>> return "7ad04a8a";
>> }
>> @@ -49,7 +52,10 @@
>> }
>>
>> // Lowercase via is used by open proxies/referrer spammers
>> - if (array_key_exists('via', $package['headers'])) {
>> + // Exceptions: Clearswift uses lowercase via (refuses to fix;
>> + // may be blocked again in the future)
>> + if (array_key_exists('via', $package['headers']) &&
>> + !strstr($package['headers']['via'],'Clearswift Web Policy
>> Engine')) {
>> return "9c9e4979";
>> }
>>
>>
>> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> post.inc.php
>> ===================================================================
>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> post.inc.php 2007-01-05 18:32:33 UTC (rev 4520)
>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> post.inc.php 2007-01-08 17:46:00 UTC (rev 4521)
>> @@ -42,10 +42,9 @@
>>
>> if ($screener > 0) {
>> // Posting too fast? 5 sec
>> - // LifeType mod by jondaley: catch 1 second posts
>> // FIXME: even 5 sec is too intrusive
>> - if ($screener + 1 > time())
>> - return "408d7e72";
>> + // if ($screener + 5 > time())
>> + // return "408d7e72";
>> // Posting too slow? 48 hr
>> // LifeType mod by jondaley: since pages can be cached,
>> // the cookie might not be updated
>> @@ -64,10 +63,10 @@
>>
>> // Screen for user agent changes
>> // User connected previously with blank user agent
>> - $q = bb2_db_query("SELECT `ip` FROM " . $settings
>> ['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` =
>> '" . $screener[1] . "') AND `user_agent` != '" . $package
>> ['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "',
>> INTERVAL 5 MINUTE)");
>> +// $q = bb2_db_query("SELECT `ip` FROM " . $settings
>> ['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` =
>> '" . $screener[1] . "') AND `user_agent` != '" . $package
>> ['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "',
>> INTERVAL 5 MINUTE)");
>> // Damnit, too many ways for this to fail :(
>> - if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
>> - return "799165c2";
>> +// if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
>> +// return "799165c2";
>> }
>>
>> return false;
>>
>> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> version.inc.php
>> ===================================================================
>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> version.inc.php 2007-01-05 18:32:33 UTC (rev 4520)
>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/
>> version.inc.php 2007-01-08 17:46:00 UTC (rev 4521)
>> @@ -1,3 +1,3 @@
>> <?php if (!defined('BB2_CWD')) die("I said no cheating!");
>> -define('BB2_VERSION', "2.0.8");
>> +define('BB2_VERSION', "2.0.9");
>> ?>
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>>
>
> --
> Jon Daley
> http://jon.limedaley.com/
>
> What good is it for a man to gain the whole world, yet forfeit his
> soul?
> -- Jesus Christ
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
--
Paul Westbrook
paul at westbrooks.org
<http://www.westbrooks.org>
More information about the pLog-svn
mailing list