[pLog-svn] r6192 - in plog/branches/lifetype-1.2/plugins/badbehavior: . bad-behavior
pwestbro at devel.lifetype.net
pwestbro at devel.lifetype.net
Fri Feb 29 01:49:44 EST 2008
Author: pwestbro
Date: 2008-02-29 01:49:43 -0500 (Fri, 29 Feb 2008)
New Revision: 6192
Modified:
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php
Log:
Checked in version 2.0.13 of bad behavior
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php 2008-02-28 10:54:49 UTC (rev 6191)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php 2008-02-29 06:49:43 UTC (rev 6192)
@@ -1,113 +1,113 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_blacklist($package) {
-
- // Blacklisted user agents
- // These user agent strings occur at the beginning of the line.
- $bb2_spambots_0 = array(
- "<sc", // XSS exploit attempts
- "8484 Boston Project", // video poker/porn spam
- "adwords", // referrer spam
- "autoemailspider", // spam harvester
- "blogsearchbot-martin", // from honeypot
- "Digger", // spam harvester
- "ecollector", // spam harvester
- "EmailCollector", // spam harvester
- "Email Extractor", // spam harvester
- "Email Siphon", // spam harvester
- "EmailSiphon", // spam harvester
- "grub crawler", // misc comment/email spam
- "HttpProxy", // misc comment/email spam
- "Internet Explorer", // XMLRPC exploits seen
- "Jakarta Commons", // custommised spambots
- "Java 1.", // definitely a spammer
- "Java/1.", // definitely a spammer
- "libwww-perl", // spambot scripts
- "LWP", // spambot scripts
- "Microsoft URL", // spam harvester
- "Missigua", // spam harvester
- "MJ12bot", // crawls MUCH too fast
- "Movable Type", // customised spambots
- "Mozilla ", // malicious software
- "Mozilla/4.0(", // from honeypot
- "Mozilla/4.0+(", // suspicious harvester
- "MSIE", // malicious software
- "NutchCVS", // unidentified robots
- "Nutscrape/", // misc comment spam
- "OmniExplorer", // spam harvester
- "psycheclone", // spam harvester
- "PussyCat ", // misc comment spam
- "PycURL", // misc comment spam
- "Shockwave Flash", // spam harvester
- "TrackBack/", // trackback spam
- "user", // suspicious harvester
- "User Agent: ", // spam harvester
- "User-Agent: ", // spam harvester
- "Wordpress", // malicious software
- "\"", // malicious software
- );
-
- // These user agent strings occur anywhere within the line.
- $bb2_spambots = array(
- "\r", // A really dumb bot
- "; Widows ", // misc comment/email spam
- "a href=", // referrer spam
- "Bad Behavior Test", // Add this to your user-agent to test BB
- "compatible ; MSIE", // misc comment/email spam
- "compatible-", // misc comment/email spam
- "DTS Agent", // misc comment/email spam
- "Gecko/25", // revisit this in 500 years
- "grub-client", // search engine ignores robots.txt
- "hanzoweb", // very badly behaved crawler
- "Indy Library", // misc comment/email spam
- "larbin at unspecified", // stealth harvesters
- "Murzillo compatible", // comment spam bot
- ".NET CLR 1)", // free poker, etc.
- "POE-Component-Client", // free poker, etc.
- "Turing Machine", // www.anonymizer.com abuse
- "WebaltBot", // spam harvester
- "WISEbot", // spam harvester
- "WISEnutbot", // spam harvester
- "Windows NT 4.0;)", // wikispam bot
- "Windows NT 5.0;)", // wikispam bot
- "Windows NT 5.1;)", // wikispam bot
- "Windows XP 5", // spam harvester
- "\\\\)", // spam harvester
- );
-
- // These are regular expression matches.
- $bb2_spambots_regex = array(
- "/^[A-Z]{10}$/", // misc email spam
- "/^Mozilla...[05]$/i", // fake user agent/email spam
- "/[bcdfghjklmnpqrstvwxz ]{8,}/",
-// "/(;\){1,2}$/", // misc spammers/harvesters
-// "/MSIE.*Windows XP/", // misc comment spam
- );
-
- // Do not edit below this line.
-
- $ua = $package['headers_mixed']['User-Agent'];
-
- foreach ($bb2_spambots_0 as $spambot) {
- $pos = stripos($ua, $spambot);
- if ($pos !== FALSE && $pos == 0) {
- return "17f4e8c8";
- }
- }
-
- foreach ($bb2_spambots as $spambot) {
- if (stripos($ua, $spambot) !== FALSE) {
- return "17f4e8c8";
- }
- }
-
- foreach ($bb2_spambots_regex as $spambot) {
- if (preg_match($spambot, $ua)) {
- return "17f4e8c8";
- }
- }
-
- return FALSE;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+function bb2_blacklist($package) {
+
+ // Blacklisted user agents
+ // These user agent strings occur at the beginning of the line.
+ $bb2_spambots_0 = array(
+ "<sc", // XSS exploit attempts
+ "8484 Boston Project", // video poker/porn spam
+ "adwords", // referrer spam
+ "autoemailspider", // spam harvester
+ "blogsearchbot-martin", // from honeypot
+ "Digger", // spam harvester
+ "ecollector", // spam harvester
+ "EmailCollector", // spam harvester
+ "Email Extractor", // spam harvester
+ "Email Siphon", // spam harvester
+ "EmailSiphon", // spam harvester
+ "grub crawler", // misc comment/email spam
+ "HttpProxy", // misc comment/email spam
+ "Internet Explorer", // XMLRPC exploits seen
+ "Jakarta Commons", // custommised spambots
+ "Java 1.", // definitely a spammer
+ "Java/1.", // definitely a spammer
+ "libwww-perl", // spambot scripts
+ "LWP", // spambot scripts
+ "Microsoft URL", // spam harvester
+ "Missigua", // spam harvester
+ "MJ12bot", // crawls MUCH too fast
+ "Movable Type", // customised spambots
+ "Mozilla ", // malicious software
+ "Mozilla/4.0(", // from honeypot
+ "Mozilla/4.0+(", // suspicious harvester
+ "MSIE", // malicious software
+ "NutchCVS", // unidentified robots
+ "Nutscrape/", // misc comment spam
+ "OmniExplorer", // spam harvester
+ "psycheclone", // spam harvester
+ "PussyCat ", // misc comment spam
+ "PycURL", // misc comment spam
+ "Shockwave Flash", // spam harvester
+ "TrackBack/", // trackback spam
+ "user", // suspicious harvester
+ "User Agent: ", // spam harvester
+ "User-Agent: ", // spam harvester
+ "Wordpress", // malicious software
+ "\"", // malicious software
+ );
+
+ // These user agent strings occur anywhere within the line.
+ $bb2_spambots = array(
+ "\r", // A really dumb bot
+ "; Widows ", // misc comment/email spam
+ "a href=", // referrer spam
+ "Bad Behavior Test", // Add this to your user-agent to test BB
+ "compatible ; MSIE", // misc comment/email spam
+ "compatible-", // misc comment/email spam
+ "DTS Agent", // misc comment/email spam
+ "Gecko/25", // revisit this in 500 years
+ "grub-client", // search engine ignores robots.txt
+ "hanzoweb", // very badly behaved crawler
+ "Indy Library", // misc comment/email spam
+ "larbin at unspecified", // stealth harvesters
+ "Murzillo compatible", // comment spam bot
+ ".NET CLR 1)", // free poker, etc.
+ "POE-Component-Client", // free poker, etc.
+ "Turing Machine", // www.anonymizer.com abuse
+ "WebaltBot", // spam harvester
+ "WISEbot", // spam harvester
+ "WISEnutbot", // spam harvester
+ "Windows NT 4.0;)", // wikispam bot
+ "Windows NT 5.0;)", // wikispam bot
+ "Windows NT 5.1;)", // wikispam bot
+ "Windows XP 5", // spam harvester
+ "\\\\)", // spam harvester
+ );
+
+ // These are regular expression matches.
+ $bb2_spambots_regex = array(
+ "/^[A-Z]{10}$/", // misc email spam
+ "/^Mozilla...[05]$/i", // fake user agent/email spam
+ "/[bcdfghjklmnpqrstvwxz ]{8,}/",
+// "/(;\){1,2}$/", // misc spammers/harvesters
+// "/MSIE.*Windows XP/", // misc comment spam
+ );
+
+ // Do not edit below this line.
+
+ $ua = $package['headers_mixed']['User-Agent'];
+
+ foreach ($bb2_spambots_0 as $spambot) {
+ $pos = strpos($ua, $spambot);
+ if ($pos !== FALSE && $pos == 0) {
+ return "17f4e8c8";
+ }
+ }
+
+ foreach ($bb2_spambots as $spambot) {
+ if (strpos($ua, $spambot) !== FALSE) {
+ return "17f4e8c8";
+ }
+ }
+
+ foreach ($bb2_spambots_regex as $spambot) {
+ if (preg_match($spambot, $ua)) {
+ return "17f4e8c8";
+ }
+ }
+
+ return FALSE;
+}
+
+?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php 2008-02-28 10:54:49 UTC (rev 6191)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php 2008-02-29 06:49:43 UTC (rev 6192)
@@ -1,24 +1,25 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be MSIE
-
-function bb2_msie($package)
-{
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
-
- // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
- if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
- return "a1084bad";
- }
-
- // MSIE does NOT send Connection: TE
- if (preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
- return "2b90f772";
- }
-
- return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be MSIE
+
+function bb2_msie($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+
+ // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
+ if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
+ return "a1084bad";
+ }
+
+ // MSIE does NOT send Connection: TE but Akamai does
+ // Bypass this test when Akamai detected
+ if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
+ return "2b90f772";
+ }
+
+ return false;
+}
+
+?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php 2008-02-28 10:54:49 UTC (rev 6191)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php 2008-02-29 06:49:43 UTC (rev 6192)
@@ -1,3 +1,3 @@
-<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.0.11");
-?>
+<?php if (!defined('BB2_CWD')) die("I said no cheating!");
+define('BB2_VERSION', "2.0.13");
+?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php 2008-02-28 10:54:49 UTC (rev 6191)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php 2008-02-29 06:49:43 UTC (rev 6192)
@@ -1,56 +1,58 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_whitelist($package)
-{
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
- // are 100% CERTAIN that you should.
-
- // IP address ranges use the CIDR format.
-
- // Includes four examples of whitelisting by IP address and netblock.
- $bb2_whitelist_ip_ranges = array(
- "10.0.0.0/8",
- "172.16.0.0/12",
- "192.168.0.0/16",
-// "127.0.0.1",
- );
-
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
- // are 100% CERTAIN that you should.
-
- // You should not whitelist search engines by user agent. Use the IP
- // netblock for the search engine instead. See http://whois.arin.net/
- // to locate the netblocks for an IP.
-
- // User agents are matched by exact match only.
-
- // Includes one example of whitelisting by user agent.
- // All are commented out.
- $bb2_whitelist_user_agents = array(
- // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
- );
-
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
- // Do not edit below this line
-
- if (!empty($bb2_whitelist_ip_ranges)) {
- foreach ($bb2_whitelist_ip_ranges as $range) {
- if (match_cidr($package['ip'], $range)) return true;
- }
- }
- if (!empty($bb2_whitelist_user_agents)) {
- foreach ($bb2_whitelist_user_agents as $user_agent) {
- if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
- }
- }
- return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+function bb2_whitelist($package)
+{
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
+ // are 100% CERTAIN that you should.
+
+ // IP address ranges use the CIDR format.
+
+ // Includes four examples of whitelisting by IP address and netblock.
+ $bb2_whitelist_ip_ranges = array(
+ "64.191.203.34/32", // Digg whitelisted as of 2.0.12
+ "208.67.217.130/32", // Digg whitelisted as of 2.0.12
+ "10.0.0.0/8",
+ "172.16.0.0/12",
+ "192.168.0.0/16",
+// "127.0.0.1",
+ );
+
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
+ // are 100% CERTAIN that you should.
+
+ // You should not whitelist search engines by user agent. Use the IP
+ // netblock for the search engine instead. See http://whois.arin.net/
+ // to locate the netblocks for an IP.
+
+ // User agents are matched by exact match only.
+
+ // Includes one example of whitelisting by user agent.
+ // All are commented out.
+ $bb2_whitelist_user_agents = array(
+ // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
+ );
+
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+
+ // Do not edit below this line
+
+ if (!empty($bb2_whitelist_ip_ranges)) {
+ foreach ($bb2_whitelist_ip_ranges as $range) {
+ if (match_cidr($package['ip'], $range)) return true;
+ }
+ }
+ if (!empty($bb2_whitelist_user_agents)) {
+ foreach ($bb2_whitelist_user_agents as $user_agent) {
+ if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
+ }
+ }
+ return false;
+}
+
+?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php 2008-02-28 10:54:49 UTC (rev 6191)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php 2008-02-29 06:49:43 UTC (rev 6192)
@@ -20,7 +20,7 @@
$this->desc = "Bad Behavior for LifeType";
$this->author = "The Lifetype Project";
$this->db =& Db::getDb();
- $this->version = "20071205";
+ $this->version = "20080228";
$config =& Config::getConfig();
$prefix = Db::getPrefix();
More information about the pLog-svn
mailing list