[pLog-svn] r4521 - plugins/branches/lifetype-1.1/badbehavior/bad-behavior

Paul Westbrook paul at westbrooks.org
Thu Jan 11 01:30:05 GMT 2007 

Hello,
    I did.  The author commented this check all together from his  
distribution.

--Paul


On Jan 10, 2007, at 4:39 PM, Jon Daley wrote:

> 	Did you mean to remove my uncommented 1 second timeout check?  I  
> haven't seen any false positives with it, and I'll bet it gets some  
> spammers.
>
> On Mon, 8 Jan 2007, pwestbro at devel.lifetype.net wrote:
>
>> Author: pwestbro
>> Date: 2007-01-08 17:46:00 +0000 (Mon, 08 Jan 2007)
>> New Revision: 4521
>>
>> Modified:
>>   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> blacklist.inc.php
>>   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> common_tests.inc.php
>>   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php
>>   plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> version.inc.php
>> Log:
>> Integrated Bad Behavior 2.0.9 into the bad behavior plugin
>>
>>
>> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> blacklist.inc.php
>> ===================================================================
>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> blacklist.inc.php	2007-01-05 18:32:33 UTC (rev 4520)
>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> blacklist.inc.php	2007-01-08 17:46:00 UTC (rev 4521)
>> @@ -31,9 +31,11 @@
>> 		"Mozilla/4.0(",		// from honeypot
>> 		"Mozilla/4.0+(",	// suspicious harvester
>> 		"MSIE",			// malicious software
>> +		"NutchCVS",		// unidentified robots
>> 		"OmniExplorer",		// spam harvester
>> +		"psycheclone",		// spam harvester
>> 		"PussyCat ",		// misc comment spam
>> -		"psycheclone",		// spam harvester
>> +		"PycURL",		// misc comment spam
>> 		"Shockwave Flash",	// spam harvester
>> 		"User Agent: ",		// spam harvester
>> 		"User-Agent: ",		// spam harvester
>>
>> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> common_tests.inc.php
>> ===================================================================
>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> common_tests.inc.php	2007-01-05 18:32:33 UTC (rev 4520)
>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> common_tests.inc.php	2007-01-08 17:46:00 UTC (rev 4521)
>> @@ -29,15 +29,18 @@
>> 	}
>>
>> 	// Broken spambots send URLs with various invalid characters
>> -	if (strpos($package['request_uri'], "#") !== FALSE || strpos 
>> ($package['headers_mixed']['Referer'], "#") !== FALSE) {
>> +	// Some broken browsers send the #vector in the referer field :(
>> +	// if (strpos($package['request_uri'], "#") !== FALSE || strpos 
>> ($package['headers_mixed']['Referer'], "#") !== FALSE) {
>> +	if (strpos($package['request_uri'], "#") !== FALSE) {
>> 		return "dfd9b1ad";
>> 	}
>>
>> 	// Range: field exists and begins with 0
>> 	// Real user-agents do not start ranges at 0
>> 	// NOTE: this blocks the whois.sc bot. No big loss.
>> +	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
>> +	// blocked again in the future)
>> 	if (array_key_exists('Range', $package['headers_mixed']) && strpos 
>> ($package['headers_mixed']['Range'], "=0-") !== FALSE) {
>> -            // LifeType mod: jondaley: LiveJournal uses  
>> URI::Fetch for OpenID checking
>> 		if (strncmp($ua, "MovableType", 11) && strncmp($ua,  
>> "URI::Fetch", 10)) {
>> 			return "7ad04a8a";
>> 		}
>> @@ -49,7 +52,10 @@
>> 	}
>>
>> 	// Lowercase via is used by open proxies/referrer spammers
>> -	if (array_key_exists('via', $package['headers'])) {
>> +	// Exceptions: Clearswift uses lowercase via (refuses to fix;
>> +	// may be blocked again in the future)
>> +	if (array_key_exists('via', $package['headers']) &&
>> +		!strstr($package['headers']['via'],'Clearswift Web Policy  
>> Engine')) {
>> 		return "9c9e4979";
>> 	}
>>
>>
>> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> post.inc.php
>> ===================================================================
>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> post.inc.php	2007-01-05 18:32:33 UTC (rev 4520)
>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> post.inc.php	2007-01-08 17:46:00 UTC (rev 4521)
>> @@ -42,10 +42,9 @@
>>
>> 	if ($screener > 0) {
>> 		// Posting too fast? 5 sec
>> -        // LifeType mod by jondaley: catch 1 second posts
>> 		// FIXME: even 5 sec is too intrusive
>> -        if ($screener + 1 > time())
>> -			return "408d7e72";
>> +		// if ($screener + 5 > time())
>> +		//	return "408d7e72";
>> 		// Posting too slow? 48 hr
>>         // LifeType mod by jondaley: since pages can be cached,
>>         // the cookie might not be updated
>> @@ -64,10 +63,10 @@
>>
>> 		// Screen for user agent changes
>> 		// User connected previously with blank user agent
>> -		$q = bb2_db_query("SELECT `ip` FROM " . $settings 
>> ['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` =  
>> '" . $screener[1] . "') AND `user_agent` != '" . $package 
>> ['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "',  
>> INTERVAL 5 MINUTE)");
>> +//		$q = bb2_db_query("SELECT `ip` FROM " . $settings 
>> ['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` =  
>> '" . $screener[1] . "') AND `user_agent` != '" . $package 
>> ['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "',  
>> INTERVAL 5 MINUTE)");
>> 		// Damnit, too many ways for this to fail :(
>> -		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
>> -			return "799165c2";
>> +//		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
>> +//			return "799165c2";
>> 	}
>>
>> 	return false;
>>
>> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> version.inc.php
>> ===================================================================
>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> version.inc.php	2007-01-05 18:32:33 UTC (rev 4520)
>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>> version.inc.php	2007-01-08 17:46:00 UTC (rev 4521)
>> @@ -1,3 +1,3 @@
>> <?php if (!defined('BB2_CWD')) die("I said no cheating!");
>> -define('BB2_VERSION', "2.0.8");
>> +define('BB2_VERSION', "2.0.9");
>> ?>
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>>
>
> -- 
> Jon Daley
> http://jon.limedaley.com/
>
> What good is it for a man to gain the whole world, yet forfeit his  
> soul?
> -- Jesus Christ
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn

--
Paul Westbrook
paul at westbrooks.org
<http://www.westbrooks.org>

More information about the pLog-svn mailing list