[pLog-svn] r4521 - plugins/branches/lifetype-1.1/badbehavior/bad-behavior

Jon Daley plogworld at jon.limedaley.com
Thu Jan 11 01:42:48 GMT 2007


 	Yes - it was commented in 2.0.8 as well.  I had uncommented it 
since at fast times, I think it would be useful.  I am not sure why he 
killed it altogether, after he discovered 5 seconds was annoying.

  On Wed, 10 Jan 2007, Paul Westbrook wrote:

> Hello,
>  I did.  The author commented this check all together from his distribution.
>
> --Paul
>
>
> On Jan 10, 2007, at 4:39 PM, Jon Daley wrote:
>
>> 	Did you mean to remove my uncommented 1 second timeout check?  I 
>> haven't seen any false positives with it, and I'll bet it gets some 
>> spammers.
>> 
>> On Mon, 8 Jan 2007, pwestbro at devel.lifetype.net wrote:
>> 
>>> Author: pwestbro
>>> Date: 2007-01-08 17:46:00 +0000 (Mon, 08 Jan 2007)
>>> New Revision: 4521
>>> 
>>> Modified:
>>>  plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php
>>>  plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php
>>>  plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php
>>>  plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php
>>> Log:
>>> Integrated Bad Behavior 2.0.9 into the bad behavior plugin
>>> 
>>> 
>>> Modified: 
>>> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php
>>> ===================================================================
>>> --- 
>>> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php 
>>> 2007-01-05 18:32:33 UTC (rev 4520)
>>> +++ 
>>> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/blacklist.inc.php 
>>> 2007-01-08 17:46:00 UTC (rev 4521)
>>> @@ -31,9 +31,11 @@
>>> 		"Mozilla/4.0(",		// from honeypot
>>> 		"Mozilla/4.0+(",	// suspicious harvester
>>> 		"MSIE",			// malicious software
>>> +		"NutchCVS",		// unidentified robots
>>> 		"OmniExplorer",		// spam harvester
>>> +		"psycheclone",		// spam harvester
>>> 		"PussyCat ",		// misc comment spam
>>> -		"psycheclone",		// spam harvester
>>> +		"PycURL",		// misc comment spam
>>> 		"Shockwave Flash",	// spam harvester
>>> 		"User Agent: ",		// spam harvester
>>> 		"User-Agent: ",		// spam harvester
>>> 
>>> Modified: 
>>> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php
>>> ===================================================================
>>> --- 
>>> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php 
>>> 2007-01-05 18:32:33 UTC (rev 4520)
>>> +++ 
>>> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/common_tests.inc.php 
>>> 2007-01-08 17:46:00 UTC (rev 4521)
>>> @@ -29,15 +29,18 @@
>>> 	}
>>>
>>> 	// Broken spambots send URLs with various invalid characters
>>> -	if (strpos($package['request_uri'], "#") !== FALSE || 
>>> strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
>>> +	// Some broken browsers send the #vector in the referer field :(
>>> +	// if (strpos($package['request_uri'], "#") !== FALSE || 
>>> strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
>>> +	if (strpos($package['request_uri'], "#") !== FALSE) {
>>> 		return "dfd9b1ad";
>>> 	}
>>>
>>> 	// Range: field exists and begins with 0
>>> 	// Real user-agents do not start ranges at 0
>>> 	// NOTE: this blocks the whois.sc bot. No big loss.
>>> +	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
>>> +	// blocked again in the future)
>>> 	if (array_key_exists('Range', $package['headers_mixed']) && 
>>> strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
>>> -            // LifeType mod: jondaley: LiveJournal uses URI::Fetch for 
>>> OpenID checking
>>> 		if (strncmp($ua, "MovableType", 11) && strncmp($ua, 
>>> "URI::Fetch", 10)) {
>>> 			return "7ad04a8a";
>>> 		}
>>> @@ -49,7 +52,10 @@
>>> 	}
>>>
>>> 	// Lowercase via is used by open proxies/referrer spammers
>>> -	if (array_key_exists('via', $package['headers'])) {
>>> +	// Exceptions: Clearswift uses lowercase via (refuses to fix;
>>> +	// may be blocked again in the future)
>>> +	if (array_key_exists('via', $package['headers']) &&
>>> +		!strstr($package['headers']['via'],'Clearswift Web Policy 
>>> Engine')) {
>>> 		return "9c9e4979";
>>> 	}
>>> 
>>> 
>>> Modified: 
>>> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php
>>> ===================================================================
>>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php 
>>> 2007-01-05 18:32:33 UTC (rev 4520)
>>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/post.inc.php 
>>> 2007-01-08 17:46:00 UTC (rev 4521)
>>> @@ -42,10 +42,9 @@
>>>
>>> 	if ($screener > 0) {
>>> 		// Posting too fast? 5 sec
>>> -        // LifeType mod by jondaley: catch 1 second posts
>>> 		// FIXME: even 5 sec is too intrusive
>>> -        if ($screener + 1 > time())
>>> -			return "408d7e72";
>>> +		// if ($screener + 5 > time())
>>> +		//	return "408d7e72";
>>> 		// Posting too slow? 48 hr
>>>        // LifeType mod by jondaley: since pages can be cached,
>>>        // the cookie might not be updated
>>> @@ -64,10 +63,10 @@
>>>
>>> 		// Screen for user agent changes
>>> 		// User connected previously with blank user agent
>>> -		$q = bb2_db_query("SELECT `ip` FROM " . 
>>> $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` 
>>> = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] 
>>> . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
>>> +//		$q = bb2_db_query("SELECT `ip` FROM " . 
>>> $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` 
>>> = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] 
>>> . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
>>> 		// Damnit, too many ways for this to fail :(
>>> -		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
>>> -			return "799165c2";
>>> +//		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
>>> +//			return "799165c2";
>>> 	}
>>>
>>> 	return false;
>>> 
>>> Modified: 
>>> plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php
>>> ===================================================================
>>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php 
>>> 2007-01-05 18:32:33 UTC (rev 4520)
>>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/version.inc.php 
>>> 2007-01-08 17:46:00 UTC (rev 4521)
>>> @@ -1,3 +1,3 @@
>>> <?php if (!defined('BB2_CWD')) die("I said no cheating!");
>>> -define('BB2_VERSION', "2.0.8");
>>> +define('BB2_VERSION', "2.0.9");
>>> ?>
>>> 
>>> _______________________________________________
>>> pLog-svn mailing list
>>> pLog-svn at devel.lifetype.net
>>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>>> 
>> 
>> -- 
>> Jon Daley
>> http://jon.limedaley.com/
>> 
>> What good is it for a man to gain the whole world, yet forfeit his soul?
>> -- Jesus Christ
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
> --
> Paul Westbrook
> paul at westbrooks.org
> <http://www.westbrooks.org>
>
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn

-- 
Jon Daley
http://jon.limedaley.com/

If you don't know the truth, you will believe anything.
-- Eric Simmons


More information about the pLog-svn mailing list