[pLog-svn] r6192 - in plog/branches/lifetype-1.2/plugins/badbehavior: . bad-behavior

pwestbro at devel.lifetype.net pwestbro at devel.lifetype.net
Fri Feb 29 01:49:44 EST 2008


Author: pwestbro
Date: 2008-02-29 01:49:43 -0500 (Fri, 29 Feb 2008)
New Revision: 6192

Modified:
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php
Log:
Checked in version 2.0.13 of bad behavior


Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php	2008-02-28 10:54:49 UTC (rev 6191)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php	2008-02-29 06:49:43 UTC (rev 6192)
@@ -1,113 +1,113 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_blacklist($package) {
-
-	// Blacklisted user agents
-	// These user agent strings occur at the beginning of the line.
-	$bb2_spambots_0 = array(
-		"<sc",			// XSS exploit attempts
-		"8484 Boston Project",	// video poker/porn spam
-		"adwords",		// referrer spam
-		"autoemailspider",	// spam harvester
-		"blogsearchbot-martin",	// from honeypot
-		"Digger",		// spam harvester
-		"ecollector",		// spam harvester
-		"EmailCollector",	// spam harvester
-		"Email Extractor",	// spam harvester
-		"Email Siphon",		// spam harvester
-		"EmailSiphon",		// spam harvester
-		"grub crawler",		// misc comment/email spam
-		"HttpProxy",		// misc comment/email spam
-		"Internet Explorer",	// XMLRPC exploits seen
-		"Jakarta Commons",	// custommised spambots
-		"Java 1.",		// definitely a spammer
-		"Java/1.",		// definitely a spammer
-		"libwww-perl",		// spambot scripts
-		"LWP",			// spambot scripts
-		"Microsoft URL",	// spam harvester
-		"Missigua",		// spam harvester
-		"MJ12bot",		// crawls MUCH too fast
-		"Movable Type",		// customised spambots
-		"Mozilla ",		// malicious software
-		"Mozilla/4.0(",		// from honeypot
-		"Mozilla/4.0+(",	// suspicious harvester
-		"MSIE",			// malicious software
-		"NutchCVS",		// unidentified robots
-		"Nutscrape/",		// misc comment spam
-		"OmniExplorer",		// spam harvester
-		"psycheclone",		// spam harvester
-		"PussyCat ",		// misc comment spam
-		"PycURL",		// misc comment spam
-		"Shockwave Flash",	// spam harvester
-		"TrackBack/",		// trackback spam
-		"user",			// suspicious harvester
-		"User Agent: ",		// spam harvester
-		"User-Agent: ",		// spam harvester
-		"Wordpress",		// malicious software
-		"\"",			// malicious software
-	);
-
-	// These user agent strings occur anywhere within the line.
-	$bb2_spambots = array(
-		"\r",			// A really dumb bot
-		"; Widows ",		// misc comment/email spam
-		"a href=",		// referrer spam
-		"Bad Behavior Test",	// Add this to your user-agent to test BB
-		"compatible ; MSIE",	// misc comment/email spam
-		"compatible-",		// misc comment/email spam
-		"DTS Agent",		// misc comment/email spam
-		"Gecko/25",		// revisit this in 500 years
-		"grub-client",		// search engine ignores robots.txt
-		"hanzoweb",		// very badly behaved crawler
-		"Indy Library",		// misc comment/email spam
-		"larbin at unspecified",	// stealth harvesters
-		"Murzillo compatible",	// comment spam bot
-		".NET CLR 1)",		// free poker, etc.
-		"POE-Component-Client",	// free poker, etc.
-		"Turing Machine",	// www.anonymizer.com abuse
-		"WebaltBot",		// spam harvester
-		"WISEbot",		// spam harvester
-		"WISEnutbot",		// spam harvester
-		"Windows NT 4.0;)",	// wikispam bot
-		"Windows NT 5.0;)",	// wikispam bot
-		"Windows NT 5.1;)",	// wikispam bot
-		"Windows XP 5",		// spam harvester
-		"\\\\)",		// spam harvester
-	);
-
-	// These are regular expression matches.
-	$bb2_spambots_regex = array(
-		"/^[A-Z]{10}$/",	// misc email spam
-		"/^Mozilla...[05]$/i",	// fake user agent/email spam
-		"/[bcdfghjklmnpqrstvwxz ]{8,}/",
-//		"/(;\){1,2}$/",		// misc spammers/harvesters
-//		"/MSIE.*Windows XP/",	// misc comment spam
-	);
-
-	// Do not edit below this line.
-
-	$ua = $package['headers_mixed']['User-Agent'];
-
-	foreach ($bb2_spambots_0 as $spambot) {
-		$pos = stripos($ua, $spambot);
-		if ($pos !== FALSE && $pos == 0) {
-			return "17f4e8c8";
-		}
-	}
-
-	foreach ($bb2_spambots as $spambot) {
-		if (stripos($ua, $spambot) !== FALSE) {
-			return "17f4e8c8";
-		}
-	}
-
-	foreach ($bb2_spambots_regex as $spambot) {
-		if (preg_match($spambot, $ua)) {
-			return "17f4e8c8";
-		}
-	}
-
-	return FALSE;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+function bb2_blacklist($package) {
+
+	// Blacklisted user agents
+	// These user agent strings occur at the beginning of the line.
+	$bb2_spambots_0 = array(
+		"<sc",			// XSS exploit attempts
+		"8484 Boston Project",	// video poker/porn spam
+		"adwords",		// referrer spam
+		"autoemailspider",	// spam harvester
+		"blogsearchbot-martin",	// from honeypot
+		"Digger",		// spam harvester
+		"ecollector",		// spam harvester
+		"EmailCollector",	// spam harvester
+		"Email Extractor",	// spam harvester
+		"Email Siphon",		// spam harvester
+		"EmailSiphon",		// spam harvester
+		"grub crawler",		// misc comment/email spam
+		"HttpProxy",		// misc comment/email spam
+		"Internet Explorer",	// XMLRPC exploits seen
+		"Jakarta Commons",	// custommised spambots
+		"Java 1.",		// definitely a spammer
+		"Java/1.",		// definitely a spammer
+		"libwww-perl",		// spambot scripts
+		"LWP",			// spambot scripts
+		"Microsoft URL",	// spam harvester
+		"Missigua",		// spam harvester
+		"MJ12bot",		// crawls MUCH too fast
+		"Movable Type",		// customised spambots
+		"Mozilla ",		// malicious software
+		"Mozilla/4.0(",		// from honeypot
+		"Mozilla/4.0+(",	// suspicious harvester
+		"MSIE",			// malicious software
+		"NutchCVS",		// unidentified robots
+		"Nutscrape/",		// misc comment spam
+		"OmniExplorer",		// spam harvester
+		"psycheclone",		// spam harvester
+		"PussyCat ",		// misc comment spam
+		"PycURL",		// misc comment spam
+		"Shockwave Flash",	// spam harvester
+		"TrackBack/",		// trackback spam
+		"user",			// suspicious harvester
+		"User Agent: ",		// spam harvester
+		"User-Agent: ",		// spam harvester
+		"Wordpress",		// malicious software
+		"\"",			// malicious software
+	);
+
+	// These user agent strings occur anywhere within the line.
+	$bb2_spambots = array(
+		"\r",			// A really dumb bot
+		"; Widows ",		// misc comment/email spam
+		"a href=",		// referrer spam
+		"Bad Behavior Test",	// Add this to your user-agent to test BB
+		"compatible ; MSIE",	// misc comment/email spam
+		"compatible-",		// misc comment/email spam
+		"DTS Agent",		// misc comment/email spam
+		"Gecko/25",		// revisit this in 500 years
+		"grub-client",		// search engine ignores robots.txt
+		"hanzoweb",		// very badly behaved crawler
+		"Indy Library",		// misc comment/email spam
+		"larbin at unspecified",	// stealth harvesters
+		"Murzillo compatible",	// comment spam bot
+		".NET CLR 1)",		// free poker, etc.
+		"POE-Component-Client",	// free poker, etc.
+		"Turing Machine",	// www.anonymizer.com abuse
+		"WebaltBot",		// spam harvester
+		"WISEbot",		// spam harvester
+		"WISEnutbot",		// spam harvester
+		"Windows NT 4.0;)",	// wikispam bot
+		"Windows NT 5.0;)",	// wikispam bot
+		"Windows NT 5.1;)",	// wikispam bot
+		"Windows XP 5",		// spam harvester
+		"\\\\)",		// spam harvester
+	);
+
+	// These are regular expression matches.
+	$bb2_spambots_regex = array(
+		"/^[A-Z]{10}$/",	// misc email spam
+		"/^Mozilla...[05]$/i",	// fake user agent/email spam
+		"/[bcdfghjklmnpqrstvwxz ]{8,}/",
+//		"/(;\){1,2}$/",		// misc spammers/harvesters
+//		"/MSIE.*Windows XP/",	// misc comment spam
+	);
+
+	// Do not edit below this line.
+
+	$ua = $package['headers_mixed']['User-Agent'];
+
+	foreach ($bb2_spambots_0 as $spambot) {
+		$pos = strpos($ua, $spambot);
+		if ($pos !== FALSE && $pos == 0) {
+			return "17f4e8c8";
+		}
+	}
+
+	foreach ($bb2_spambots as $spambot) {
+		if (strpos($ua, $spambot) !== FALSE) {
+			return "17f4e8c8";
+		}
+	}
+
+	foreach ($bb2_spambots_regex as $spambot) {
+		if (preg_match($spambot, $ua)) {
+			return "17f4e8c8";
+		}
+	}
+
+	return FALSE;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php	2008-02-28 10:54:49 UTC (rev 6191)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php	2008-02-29 06:49:43 UTC (rev 6192)
@@ -1,24 +1,25 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be MSIE
-
-function bb2_msie($package)
-{
-	if (!array_key_exists('Accept', $package['headers_mixed'])) {
-		return "17566707";
-	}
-
-	// MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
-	if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
-		return "a1084bad";
-	}
-
-	// MSIE does NOT send Connection: TE
-	if (preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
-		return "2b90f772";
-	}
-
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be MSIE
+
+function bb2_msie($package)
+{
+	if (!array_key_exists('Accept', $package['headers_mixed'])) {
+		return "17566707";
+	}
+
+	// MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
+	if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
+		return "a1084bad";
+	}
+
+	// MSIE does NOT send Connection: TE but Akamai does
+	// Bypass this test when Akamai detected
+	if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
+		return "2b90f772";
+	}
+
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php	2008-02-28 10:54:49 UTC (rev 6191)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php	2008-02-29 06:49:43 UTC (rev 6192)
@@ -1,3 +1,3 @@
-<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.0.11");
-?>
+<?php if (!defined('BB2_CWD')) die("I said no cheating!");
+define('BB2_VERSION', "2.0.13");
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php	2008-02-28 10:54:49 UTC (rev 6191)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php	2008-02-29 06:49:43 UTC (rev 6192)
@@ -1,56 +1,58 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_whitelist($package)
-{
-	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
-	// Inappropriate whitelisting WILL expose you to spam, or cause Bad
-	// Behavior to stop functioning entirely!  DO NOT WHITELIST unless you
-	// are 100% CERTAIN that you should.
-
-	// IP address ranges use the CIDR format.
-
-	// Includes four examples of whitelisting by IP address and netblock.
-	$bb2_whitelist_ip_ranges = array(
-		"10.0.0.0/8",
-		"172.16.0.0/12",
-		"192.168.0.0/16",
-//		"127.0.0.1",
-	);
-
-	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
-	// Inappropriate whitelisting WILL expose you to spam, or cause Bad
-	// Behavior to stop functioning entirely!  DO NOT WHITELIST unless you
-	// are 100% CERTAIN that you should.
-
-	// You should not whitelist search engines by user agent. Use the IP
-	// netblock for the search engine instead. See http://whois.arin.net/
-	// to locate the netblocks for an IP.
-
-	// User agents are matched by exact match only.
-
-	// Includes one example of whitelisting by user agent.
-	// All are commented out.
-	$bb2_whitelist_user_agents = array(
-	//	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
-	);
-
-	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
-	// Do not edit below this line
-
-	if (!empty($bb2_whitelist_ip_ranges)) {
-		foreach ($bb2_whitelist_ip_ranges as $range) {
-			if (match_cidr($package['ip'], $range)) return true;
-		}
-	}
-	if (!empty($bb2_whitelist_user_agents)) {
-		foreach ($bb2_whitelist_user_agents as $user_agent) {
-			if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
-		}
-	}
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+function bb2_whitelist($package)
+{
+	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+
+	// Inappropriate whitelisting WILL expose you to spam, or cause Bad
+	// Behavior to stop functioning entirely!  DO NOT WHITELIST unless you
+	// are 100% CERTAIN that you should.
+
+	// IP address ranges use the CIDR format.
+
+	// Includes four examples of whitelisting by IP address and netblock.
+	$bb2_whitelist_ip_ranges = array(
+		"64.191.203.34/32",	// Digg whitelisted as of 2.0.12
+		"208.67.217.130/32",	// Digg whitelisted as of 2.0.12
+		"10.0.0.0/8",
+		"172.16.0.0/12",
+		"192.168.0.0/16",
+//		"127.0.0.1",
+	);
+
+	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+
+	// Inappropriate whitelisting WILL expose you to spam, or cause Bad
+	// Behavior to stop functioning entirely!  DO NOT WHITELIST unless you
+	// are 100% CERTAIN that you should.
+
+	// You should not whitelist search engines by user agent. Use the IP
+	// netblock for the search engine instead. See http://whois.arin.net/
+	// to locate the netblocks for an IP.
+
+	// User agents are matched by exact match only.
+
+	// Includes one example of whitelisting by user agent.
+	// All are commented out.
+	$bb2_whitelist_user_agents = array(
+	//	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
+	);
+
+	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+
+	// Do not edit below this line
+
+	if (!empty($bb2_whitelist_ip_ranges)) {
+		foreach ($bb2_whitelist_ip_ranges as $range) {
+			if (match_cidr($package['ip'], $range)) return true;
+		}
+	}
+	if (!empty($bb2_whitelist_user_agents)) {
+		foreach ($bb2_whitelist_user_agents as $user_agent) {
+			if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
+		}
+	}
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php	2008-02-28 10:54:49 UTC (rev 6191)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php	2008-02-29 06:49:43 UTC (rev 6192)
@@ -20,7 +20,7 @@
 			$this->desc = "Bad Behavior for LifeType";
 			$this->author = "The Lifetype Project";
 			$this->db =& Db::getDb();
-            $this->version = "20071205";
+            		$this->version = "20080228";
 		
 			$config =& Config::getConfig();
 			$prefix = Db::getPrefix();



More information about the pLog-svn mailing list