[pLog-svn] r4521 - plugins/branches/lifetype-1.1/badbehavior/bad-behavior

Paul Westbrook paul at westbrooks.org
Thu Jan 11 01:45:05 GMT 2007 

Hello,
   I didn't realize that it had been commented out in the previous  
release.  I can un-comment those lines and re-add your comment.

--Paul


On Jan 10, 2007, at 5:42 PM, Jon Daley wrote:

> 	Yes - it was commented in 2.0.8 as well.  I had uncommented it  
> since at fast times, I think it would be useful.  I am not sure why  
> he killed it altogether, after he discovered 5 seconds was annoying.
>
>  On Wed, 10 Jan 2007, Paul Westbrook wrote:
>
>> Hello,
>>  I did.  The author commented this check all together from his  
>> distribution.
>>
>> --Paul
>>
>>
>> On Jan 10, 2007, at 4:39 PM, Jon Daley wrote:
>>
>>> 	Did you mean to remove my uncommented 1 second timeout check?  I  
>>> haven't seen any false positives with it, and I'll bet it gets  
>>> some spammers.
>>> On Mon, 8 Jan 2007, pwestbro at devel.lifetype.net wrote:
>>>> Author: pwestbro
>>>> Date: 2007-01-08 17:46:00 +0000 (Mon, 08 Jan 2007)
>>>> New Revision: 4521
>>>> Modified:
>>>>  plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> blacklist.inc.php
>>>>  plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> common_tests.inc.php
>>>>  plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> post.inc.php
>>>>  plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> version.inc.php
>>>> Log:
>>>> Integrated Bad Behavior 2.0.9 into the bad behavior plugin
>>>> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> blacklist.inc.php
>>>> ===================================================================
>>>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> blacklist.inc.php 2007-01-05 18:32:33 UTC (rev 4520)
>>>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> blacklist.inc.php 2007-01-08 17:46:00 UTC (rev 4521)
>>>> @@ -31,9 +31,11 @@
>>>> 		"Mozilla/4.0(",		// from honeypot
>>>> 		"Mozilla/4.0+(",	// suspicious harvester
>>>> 		"MSIE",			// malicious software
>>>> +		"NutchCVS",		// unidentified robots
>>>> 		"OmniExplorer",		// spam harvester
>>>> +		"psycheclone",		// spam harvester
>>>> 		"PussyCat ",		// misc comment spam
>>>> -		"psycheclone",		// spam harvester
>>>> +		"PycURL",		// misc comment spam
>>>> 		"Shockwave Flash",	// spam harvester
>>>> 		"User Agent: ",		// spam harvester
>>>> 		"User-Agent: ",		// spam harvester
>>>> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> common_tests.inc.php
>>>> ===================================================================
>>>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> common_tests.inc.php 2007-01-05 18:32:33 UTC (rev 4520)
>>>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> common_tests.inc.php 2007-01-08 17:46:00 UTC (rev 4521)
>>>> @@ -29,15 +29,18 @@
>>>> 	}
>>>>
>>>> 	// Broken spambots send URLs with various invalid characters
>>>> -	if (strpos($package['request_uri'], "#") !== FALSE || strpos 
>>>> ($package['headers_mixed']['Referer'], "#") !== FALSE) {
>>>> +	// Some broken browsers send the #vector in the referer field :(
>>>> +	// if (strpos($package['request_uri'], "#") !== FALSE || strpos 
>>>> ($package['headers_mixed']['Referer'], "#") !== FALSE) {
>>>> +	if (strpos($package['request_uri'], "#") !== FALSE) {
>>>> 		return "dfd9b1ad";
>>>> 	}
>>>>
>>>> 	// Range: field exists and begins with 0
>>>> 	// Real user-agents do not start ranges at 0
>>>> 	// NOTE: this blocks the whois.sc bot. No big loss.
>>>> +	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
>>>> +	// blocked again in the future)
>>>> 	if (array_key_exists('Range', $package['headers_mixed']) &&  
>>>> strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
>>>> -            // LifeType mod: jondaley: LiveJournal uses  
>>>> URI::Fetch for OpenID checking
>>>> 		if (strncmp($ua, "MovableType", 11) && strncmp($ua,  
>>>> "URI::Fetch", 10)) {
>>>> 			return "7ad04a8a";
>>>> 		}
>>>> @@ -49,7 +52,10 @@
>>>> 	}
>>>>
>>>> 	// Lowercase via is used by open proxies/referrer spammers
>>>> -	if (array_key_exists('via', $package['headers'])) {
>>>> +	// Exceptions: Clearswift uses lowercase via (refuses to fix;
>>>> +	// may be blocked again in the future)
>>>> +	if (array_key_exists('via', $package['headers']) &&
>>>> +		!strstr($package['headers']['via'],'Clearswift Web Policy  
>>>> Engine')) {
>>>> 		return "9c9e4979";
>>>> 	}
>>>> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> post.inc.php
>>>> ===================================================================
>>>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> post.inc.php 2007-01-05 18:32:33 UTC (rev 4520)
>>>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> post.inc.php 2007-01-08 17:46:00 UTC (rev 4521)
>>>> @@ -42,10 +42,9 @@
>>>>
>>>> 	if ($screener > 0) {
>>>> 		// Posting too fast? 5 sec
>>>> -        // LifeType mod by jondaley: catch 1 second posts
>>>> 		// FIXME: even 5 sec is too intrusive
>>>> -        if ($screener + 1 > time())
>>>> -			return "408d7e72";
>>>> +		// if ($screener + 5 > time())
>>>> +		//	return "408d7e72";
>>>> 		// Posting too slow? 48 hr
>>>>        // LifeType mod by jondaley: since pages can be cached,
>>>>        // the cookie might not be updated
>>>> @@ -64,10 +63,10 @@
>>>>
>>>> 		// Screen for user agent changes
>>>> 		// User connected previously with blank user agent
>>>> -		$q = bb2_db_query("SELECT `ip` FROM " . $settings 
>>>> ['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip`  
>>>> = '" . $screener[1] . "') AND `user_agent` != '" . $package 
>>>> ['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() .  
>>>> "', INTERVAL 5 MINUTE)");
>>>> +//		$q = bb2_db_query("SELECT `ip` FROM " . $settings 
>>>> ['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip`  
>>>> = '" . $screener[1] . "') AND `user_agent` != '" . $package 
>>>> ['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() .  
>>>> "', INTERVAL 5 MINUTE)");
>>>> 		// Damnit, too many ways for this to fail :(
>>>> -		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
>>>> -			return "799165c2";
>>>> +//		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
>>>> +//			return "799165c2";
>>>> 	}
>>>>
>>>> 	return false;
>>>> Modified: plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> version.inc.php
>>>> ===================================================================
>>>> --- plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> version.inc.php 2007-01-05 18:32:33 UTC (rev 4520)
>>>> +++ plugins/branches/lifetype-1.1/badbehavior/bad-behavior/ 
>>>> version.inc.php 2007-01-08 17:46:00 UTC (rev 4521)
>>>> @@ -1,3 +1,3 @@
>>>> <?php if (!defined('BB2_CWD')) die("I said no cheating!");
>>>> -define('BB2_VERSION', "2.0.8");
>>>> +define('BB2_VERSION', "2.0.9");
>>>> ?>
>>>> _______________________________________________
>>>> pLog-svn mailing list
>>>> pLog-svn at devel.lifetype.net
>>>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>>> -- 
>>> Jon Daley
>>> http://jon.limedaley.com/
>>> What good is it for a man to gain the whole world, yet forfeit  
>>> his soul?
>>> -- Jesus Christ
>>> _______________________________________________
>>> pLog-svn mailing list
>>> pLog-svn at devel.lifetype.net
>>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>>
>> --
>> Paul Westbrook
>> paul at westbrooks.org
>> <http://www.westbrooks.org>
>>
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
> -- 
> Jon Daley
> http://jon.limedaley.com/
>
> If you don't know the truth, you will believe anything.
> -- Eric Simmons
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn

--
Paul Westbrook
paul at westbrooks.org
<http://www.westbrooks.org>

More information about the pLog-svn mailing list