[pLog-svn] r6192 - in plog/branches/lifetype-1.2/plugins/badbehavior: . bad-behavior
Paul Westbrook
paul at westbrooks.org
Fri Feb 29 01:56:45 EST 2008
Hello,
As development for LifeType 2.0 takes highe priority, will this plugin,
or the LifeType 1.2 version of it, move back to the main plugin subversion
branch? This would allow quick patches to the plugin to be done, with out
having to spin a whole LifeType release.
--Paul
On 2/28/08, pwestbro at devel.lifetype.net <pwestbro at devel.lifetype.net> wrote:
>
> Author: pwestbro
> Date: 2008-02-29 01:49:43 -0500 (Fri, 29 Feb 2008)
> New Revision: 6192
>
> Modified:
> plog/branches/lifetype-1.2
> /plugins/badbehavior/bad-behavior/blacklist.inc.php
> plog/branches/lifetype-1.2
> /plugins/badbehavior/bad-behavior/msie.inc.php
> plog/branches/lifetype-1.2
> /plugins/badbehavior/bad-behavior/version.inc.php
> plog/branches/lifetype-1.2
> /plugins/badbehavior/bad-behavior/whitelist.inc.php
> plog/branches/lifetype-1.2
> /plugins/badbehavior/pluginbadbehavior.class.php
> Log:
> Checked in version 2.0.13 of bad behavior
>
>
> Modified: plog/branches/lifetype-1.2
> /plugins/badbehavior/bad-behavior/blacklist.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
> 2008-02-28 10:54:49 UTC (rev 6191)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
> 2008-02-29 06:49:43 UTC (rev 6192)
> @@ -1,113 +1,113 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -function bb2_blacklist($package) {
> -
> - // Blacklisted user agents
> - // These user agent strings occur at the beginning of the line.
> - $bb2_spambots_0 = array(
> - "<sc", // XSS exploit attempts
> - "8484 Boston Project", // video poker/porn spam
> - "adwords", // referrer spam
> - "autoemailspider", // spam harvester
> - "blogsearchbot-martin", // from honeypot
> - "Digger", // spam harvester
> - "ecollector", // spam harvester
> - "EmailCollector", // spam harvester
> - "Email Extractor", // spam harvester
> - "Email Siphon", // spam harvester
> - "EmailSiphon", // spam harvester
> - "grub crawler", // misc comment/email spam
> - "HttpProxy", // misc comment/email spam
> - "Internet Explorer", // XMLRPC exploits seen
> - "Jakarta Commons", // custommised spambots
> - "Java 1.", // definitely a spammer
> - "Java/1.", // definitely a spammer
> - "libwww-perl", // spambot scripts
> - "LWP", // spambot scripts
> - "Microsoft URL", // spam harvester
> - "Missigua", // spam harvester
> - "MJ12bot", // crawls MUCH too fast
> - "Movable Type", // customised spambots
> - "Mozilla ", // malicious software
> - "Mozilla/4.0(", // from honeypot
> - "Mozilla/4.0+(", // suspicious harvester
> - "MSIE", // malicious software
> - "NutchCVS", // unidentified robots
> - "Nutscrape/", // misc comment spam
> - "OmniExplorer", // spam harvester
> - "psycheclone", // spam harvester
> - "PussyCat ", // misc comment spam
> - "PycURL", // misc comment spam
> - "Shockwave Flash", // spam harvester
> - "TrackBack/", // trackback spam
> - "user", // suspicious harvester
> - "User Agent: ", // spam harvester
> - "User-Agent: ", // spam harvester
> - "Wordpress", // malicious software
> - "\"", // malicious software
> - );
> -
> - // These user agent strings occur anywhere within the line.
> - $bb2_spambots = array(
> - "\r", // A really dumb bot
> - "; Widows ", // misc comment/email spam
> - "a href=", // referrer spam
> - "Bad Behavior Test", // Add this to your user-agent to
> test BB
> - "compatible ; MSIE", // misc comment/email spam
> - "compatible-", // misc comment/email spam
> - "DTS Agent", // misc comment/email spam
> - "Gecko/25", // revisit this in 500 years
> - "grub-client", // search engine ignores
> robots.txt
> - "hanzoweb", // very badly behaved crawler
> - "Indy Library", // misc comment/email spam
> - "larbin at unspecified", // stealth harvesters
> - "Murzillo compatible", // comment spam bot
> - ".NET CLR 1)", // free poker, etc.
> - "POE-Component-Client", // free poker, etc.
> - "Turing Machine", // www.anonymizer.com abuse
> - "WebaltBot", // spam harvester
> - "WISEbot", // spam harvester
> - "WISEnutbot", // spam harvester
> - "Windows NT 4.0;)", // wikispam bot
> - "Windows NT 5.0;)", // wikispam bot
> - "Windows NT 5.1;)", // wikispam bot
> - "Windows XP 5", // spam harvester
> - "\\\\)", // spam harvester
> - );
> -
> - // These are regular expression matches.
> - $bb2_spambots_regex = array(
> - "/^[A-Z]{10}$/", // misc email spam
> - "/^Mozilla...[05]$/i", // fake user agent/email spam
> - "/[bcdfghjklmnpqrstvwxz ]{8,}/",
> -// "/(;\){1,2}$/", // misc spammers/harvesters
> -// "/MSIE.*Windows XP/", // misc comment spam
> - );
> -
> - // Do not edit below this line.
> -
> - $ua = $package['headers_mixed']['User-Agent'];
> -
> - foreach ($bb2_spambots_0 as $spambot) {
> - $pos = stripos($ua, $spambot);
> - if ($pos !== FALSE && $pos == 0) {
> - return "17f4e8c8";
> - }
> - }
> -
> - foreach ($bb2_spambots as $spambot) {
> - if (stripos($ua, $spambot) !== FALSE) {
> - return "17f4e8c8";
> - }
> - }
> -
> - foreach ($bb2_spambots_regex as $spambot) {
> - if (preg_match($spambot, $ua)) {
> - return "17f4e8c8";
> - }
> - }
> -
> - return FALSE;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +function bb2_blacklist($package) {
> +
> + // Blacklisted user agents
> + // These user agent strings occur at the beginning of the line.
> + $bb2_spambots_0 = array(
> + "<sc", // XSS exploit attempts
> + "8484 Boston Project", // video poker/porn spam
> + "adwords", // referrer spam
> + "autoemailspider", // spam harvester
> + "blogsearchbot-martin", // from honeypot
> + "Digger", // spam harvester
> + "ecollector", // spam harvester
> + "EmailCollector", // spam harvester
> + "Email Extractor", // spam harvester
> + "Email Siphon", // spam harvester
> + "EmailSiphon", // spam harvester
> + "grub crawler", // misc comment/email spam
> + "HttpProxy", // misc comment/email spam
> + "Internet Explorer", // XMLRPC exploits seen
> + "Jakarta Commons", // custommised spambots
> + "Java 1.", // definitely a spammer
> + "Java/1.", // definitely a spammer
> + "libwww-perl", // spambot scripts
> + "LWP", // spambot scripts
> + "Microsoft URL", // spam harvester
> + "Missigua", // spam harvester
> + "MJ12bot", // crawls MUCH too fast
> + "Movable Type", // customised spambots
> + "Mozilla ", // malicious software
> + "Mozilla/4.0(", // from honeypot
> + "Mozilla/4.0+(", // suspicious harvester
> + "MSIE", // malicious software
> + "NutchCVS", // unidentified robots
> + "Nutscrape/", // misc comment spam
> + "OmniExplorer", // spam harvester
> + "psycheclone", // spam harvester
> + "PussyCat ", // misc comment spam
> + "PycURL", // misc comment spam
> + "Shockwave Flash", // spam harvester
> + "TrackBack/", // trackback spam
> + "user", // suspicious harvester
> + "User Agent: ", // spam harvester
> + "User-Agent: ", // spam harvester
> + "Wordpress", // malicious software
> + "\"", // malicious software
> + );
> +
> + // These user agent strings occur anywhere within the line.
> + $bb2_spambots = array(
> + "\r", // A really dumb bot
> + "; Widows ", // misc comment/email spam
> + "a href=", // referrer spam
> + "Bad Behavior Test", // Add this to your user-agent to
> test BB
> + "compatible ; MSIE", // misc comment/email spam
> + "compatible-", // misc comment/email spam
> + "DTS Agent", // misc comment/email spam
> + "Gecko/25", // revisit this in 500 years
> + "grub-client", // search engine ignores
> robots.txt
> + "hanzoweb", // very badly behaved crawler
> + "Indy Library", // misc comment/email spam
> + "larbin at unspecified", // stealth harvesters
> + "Murzillo compatible", // comment spam bot
> + ".NET CLR 1)", // free poker, etc.
> + "POE-Component-Client", // free poker, etc.
> + "Turing Machine", // www.anonymizer.com abuse
> + "WebaltBot", // spam harvester
> + "WISEbot", // spam harvester
> + "WISEnutbot", // spam harvester
> + "Windows NT 4.0;)", // wikispam bot
> + "Windows NT 5.0;)", // wikispam bot
> + "Windows NT 5.1;)", // wikispam bot
> + "Windows XP 5", // spam harvester
> + "\\\\)", // spam harvester
> + );
> +
> + // These are regular expression matches.
> + $bb2_spambots_regex = array(
> + "/^[A-Z]{10}$/", // misc email spam
> + "/^Mozilla...[05]$/i", // fake user agent/email spam
> + "/[bcdfghjklmnpqrstvwxz ]{8,}/",
> +// "/(;\){1,2}$/", // misc spammers/harvesters
> +// "/MSIE.*Windows XP/", // misc comment spam
> + );
> +
> + // Do not edit below this line.
> +
> + $ua = $package['headers_mixed']['User-Agent'];
> +
> + foreach ($bb2_spambots_0 as $spambot) {
> + $pos = strpos($ua, $spambot);
> + if ($pos !== FALSE && $pos == 0) {
> + return "17f4e8c8";
> + }
> + }
> +
> + foreach ($bb2_spambots as $spambot) {
> + if (strpos($ua, $spambot) !== FALSE) {
> + return "17f4e8c8";
> + }
> + }
> +
> + foreach ($bb2_spambots_regex as $spambot) {
> + if (preg_match($spambot, $ua)) {
> + return "17f4e8c8";
> + }
> + }
> +
> + return FALSE;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2
> /plugins/badbehavior/bad-behavior/msie.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php 2008-02-28
> 10:54:49 UTC (rev 6191)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php 2008-02-29
> 06:49:43 UTC (rev 6192)
> @@ -1,24 +1,25 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Analyze user agents claiming to be MSIE
> -
> -function bb2_msie($package)
> -{
> - if (!array_key_exists('Accept', $package['headers_mixed'])) {
> - return "17566707";
> - }
> -
> - // MSIE does NOT send "Windows ME" or "Windows XP" in the user
> agent
> - if (strpos($package['headers_mixed']['User-Agent'], "Windows ME")
> !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP")
> !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000")
> !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !==
> FALSE) {
> - return "a1084bad";
> - }
> -
> - // MSIE does NOT send Connection: TE
> - if (preg_match('/\bTE\b/i',
> $package['headers_mixed']['Connection'])) {
> - return "2b90f772";
> - }
> -
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Analyze user agents claiming to be MSIE
> +
> +function bb2_msie($package)
> +{
> + if (!array_key_exists('Accept', $package['headers_mixed'])) {
> + return "17566707";
> + }
> +
> + // MSIE does NOT send "Windows ME" or "Windows XP" in the user
> agent
> + if (strpos($package['headers_mixed']['User-Agent'], "Windows ME")
> !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP")
> !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000")
> !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !==
> FALSE) {
> + return "a1084bad";
> + }
> +
> + // MSIE does NOT send Connection: TE but Akamai does
> + // Bypass this test when Akamai detected
> + if (!array_key_exists('Akamai-Origin-Hop',
> $package['headers_mixed']) && preg_match('/\bTE\b/i',
> $package['headers_mixed']['Connection'])) {
> + return "2b90f772";
> + }
> +
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2
> /plugins/badbehavior/bad-behavior/version.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
> 2008-02-28 10:54:49 UTC (rev 6191)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
> 2008-02-29 06:49:43 UTC (rev 6192)
> @@ -1,3 +1,3 @@
> -<?php if (!defined('BB2_CWD')) die("I said no cheating!");
> -define('BB2_VERSION', "2.0.11");
> -?>
> +<?php if (!defined('BB2_CWD')) die("I said no cheating!");
> +define('BB2_VERSION', "2.0.13");
> +?>
>
> Modified: plog/branches/lifetype-1.2
> /plugins/badbehavior/bad-behavior/whitelist.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
> 2008-02-28 10:54:49 UTC (rev 6191)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
> 2008-02-29 06:49:43 UTC (rev 6192)
> @@ -1,56 +1,58 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -function bb2_whitelist($package)
> -{
> - // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> -
> - // Inappropriate whitelisting WILL expose you to spam, or cause
> Bad
> - // Behavior to stop functioning entirely! DO NOT WHITELIST unless
> you
> - // are 100% CERTAIN that you should.
> -
> - // IP address ranges use the CIDR format.
> -
> - // Includes four examples of whitelisting by IP address and
> netblock.
> - $bb2_whitelist_ip_ranges = array(
> - "10.0.0.0/8",
> - "172.16.0.0/12",
> - "192.168.0.0/16",
> -// "127.0.0.1",
> - );
> -
> - // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> -
> - // Inappropriate whitelisting WILL expose you to spam, or cause
> Bad
> - // Behavior to stop functioning entirely! DO NOT WHITELIST unless
> you
> - // are 100% CERTAIN that you should.
> -
> - // You should not whitelist search engines by user agent. Use the
> IP
> - // netblock for the search engine instead. See
> http://whois.arin.net/
> - // to locate the netblocks for an IP.
> -
> - // User agents are matched by exact match only.
> -
> - // Includes one example of whitelisting by user agent.
> - // All are commented out.
> - $bb2_whitelist_user_agents = array(
> - // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
> It's me, let me in",
> - );
> -
> - // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> -
> - // Do not edit below this line
> -
> - if (!empty($bb2_whitelist_ip_ranges)) {
> - foreach ($bb2_whitelist_ip_ranges as $range) {
> - if (match_cidr($package['ip'], $range)) return
> true;
> - }
> - }
> - if (!empty($bb2_whitelist_user_agents)) {
> - foreach ($bb2_whitelist_user_agents as $user_agent) {
> - if
> (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
> - }
> - }
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +function bb2_whitelist($package)
> +{
> + // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> +
> + // Inappropriate whitelisting WILL expose you to spam, or cause
> Bad
> + // Behavior to stop functioning entirely! DO NOT WHITELIST unless
> you
> + // are 100% CERTAIN that you should.
> +
> + // IP address ranges use the CIDR format.
> +
> + // Includes four examples of whitelisting by IP address and
> netblock.
> + $bb2_whitelist_ip_ranges = array(
> + "64.191.203.34/32", // Digg whitelisted as of 2.0.12
> + "208.67.217.130/32", // Digg whitelisted as of 2.0.12
> + "10.0.0.0/8",
> + "172.16.0.0/12",
> + "192.168.0.0/16",
> +// "127.0.0.1",
> + );
> +
> + // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> +
> + // Inappropriate whitelisting WILL expose you to spam, or cause
> Bad
> + // Behavior to stop functioning entirely! DO NOT WHITELIST unless
> you
> + // are 100% CERTAIN that you should.
> +
> + // You should not whitelist search engines by user agent. Use the
> IP
> + // netblock for the search engine instead. See
> http://whois.arin.net/
> + // to locate the netblocks for an IP.
> +
> + // User agents are matched by exact match only.
> +
> + // Includes one example of whitelisting by user agent.
> + // All are commented out.
> + $bb2_whitelist_user_agents = array(
> + // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
> It's me, let me in",
> + );
> +
> + // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> +
> + // Do not edit below this line
> +
> + if (!empty($bb2_whitelist_ip_ranges)) {
> + foreach ($bb2_whitelist_ip_ranges as $range) {
> + if (match_cidr($package['ip'], $range)) return
> true;
> + }
> + }
> + if (!empty($bb2_whitelist_user_agents)) {
> + foreach ($bb2_whitelist_user_agents as $user_agent) {
> + if
> (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
> + }
> + }
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2
> /plugins/badbehavior/pluginbadbehavior.class.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php 2008-02-28
> 10:54:49 UTC (rev 6191)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php 2008-02-29
> 06:49:43 UTC (rev 6192)
> @@ -20,7 +20,7 @@
> $this->desc = "Bad Behavior for LifeType";
> $this->author = "The Lifetype Project";
> $this->db =& Db::getDb();
> - $this->version = "20071205";
> + $this->version = "20080228";
>
> $config =& Config::getConfig();
> $prefix = Db::getPrefix();
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://limedaley.com/pipermail/plog-svn/attachments/20080228/ec6bf3d9/attachment-0001.htm
More information about the pLog-svn
mailing list