[pLog-svn] r6192 - inplog/branches/lifetype-1.2/plugins/badbehavior: . bad-behavior
Mark Wu
markplace at gmail.com
Fri Feb 29 02:02:16 EST 2008
Hi Paul:
I think it is okay. Bcasue I always merge the 1.2 branch to trunk in a
certain period . These changes will apply to 2.0-dev very soon.
Regards, Mark
_____
From: plog-svn-bounces at devel.lifetype.net
[mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Paul Westbrook
Sent: Friday, February 29, 2008 2:57 PM
To: LifeType Developer List
Subject: Re: [pLog-svn] r6192 -
inplog/branches/lifetype-1.2/plugins/badbehavior: . bad-behavior
Hello,
As development for LifeType 2.0 takes highe priority, will this plugin,
or the LifeType 1.2 version of it, move back to the main plugin subversion
branch? This would allow quick patches to the plugin to be done, with out
having to spin a whole LifeType release.
--Paul
On 2/28/08, pwestbro at devel.lifetype.net <pwestbro at devel.lifetype.net> wrote:
Author: pwestbro
Date: 2008-02-29 01:49:43 -0500 (Fri, 29 Feb 2008)
New Revision: 6192
Modified:
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.ph
p
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.ph
p
plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php
Log:
Checked in version 2.0.13 of bad behavior
Modified:
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.ph
p
===================================================================
---
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.ph
p 2008-02-28 10:54:49 UTC (rev 6191)
+++
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.ph
p 2008-02-29 06:49:43 UTC (rev 6192)
@@ -1,113 +1,113 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_blacklist($package) {
-
- // Blacklisted user agents
- // These user agent strings occur at the beginning of the line.
- $bb2_spambots_0 = array(
- "<sc", // XSS exploit attempts
- "8484 Boston Project", // video poker/porn spam
- "adwords", // referrer spam
- "autoemailspider", // spam harvester
- "blogsearchbot-martin", // from honeypot
- "Digger", // spam harvester
- "ecollector", // spam harvester
- "EmailCollector", // spam harvester
- "Email Extractor", // spam harvester
- "Email Siphon", // spam harvester
- "EmailSiphon", // spam harvester
- "grub crawler", // misc comment/email spam
- "HttpProxy", // misc comment/email spam
- "Internet Explorer", // XMLRPC exploits seen
- "Jakarta Commons", // custommised spambots
- "Java 1.", // definitely a spammer
- "Java/1.", // definitely a spammer
- "libwww-perl", // spambot scripts
- "LWP", // spambot scripts
- "Microsoft URL", // spam harvester
- "Missigua", // spam harvester
- "MJ12bot", // crawls MUCH too fast
- "Movable Type", // customised spambots
- "Mozilla ", // malicious software
- "Mozilla/4.0(", // from honeypot
- "Mozilla/4.0+(", // suspicious harvester
- "MSIE", // malicious software
- "NutchCVS", // unidentified robots
- "Nutscrape/", // misc comment spam
- "OmniExplorer", // spam harvester
- "psycheclone", // spam harvester
- "PussyCat ", // misc comment spam
- "PycURL", // misc comment spam
- "Shockwave Flash", // spam harvester
- "TrackBack/", // trackback spam
- "user", // suspicious harvester
- "User Agent: ", // spam harvester
- "User-Agent: ", // spam harvester
- "Wordpress", // malicious software
- "\"", // malicious software
- );
-
- // These user agent strings occur anywhere within the line.
- $bb2_spambots = array(
- "\r", // A really dumb bot
- "; Widows ", // misc comment/email spam
- "a href=", // referrer spam
- "Bad Behavior Test", // Add this to your user-agent to
test BB
- "compatible ; MSIE", // misc comment/email spam
- "compatible-", // misc comment/email spam
- "DTS Agent", // misc comment/email spam
- "Gecko/25", // revisit this in 500 years
- "grub-client", // search engine ignores robots.txt
- "hanzoweb", // very badly behaved crawler
- "Indy Library", // misc comment/email spam
- "larbin at unspecified", // stealth harvesters
- "Murzillo compatible", // comment spam bot
- ".NET CLR 1)", // free poker, etc.
- "POE-Component-Client", // free poker, etc.
- "Turing Machine", // www.anonymizer.com abuse
- "WebaltBot", // spam harvester
- "WISEbot", // spam harvester
- "WISEnutbot", // spam harvester
- "Windows NT 4.0;)", // wikispam bot
- "Windows NT 5.0;)", // wikispam bot
- "Windows NT 5.1;)", // wikispam bot
- "Windows XP 5", // spam harvester
- "\\\\)", // spam harvester
- );
-
- // These are regular expression matches.
- $bb2_spambots_regex = array(
- "/^[A-Z]{10}$/", // misc email spam
- "/^Mozilla...[05]$/i", // fake user agent/email spam
- "/[bcdfghjklmnpqrstvwxz ]{8,}/",
-// "/(;\){1,2}$/", // misc spammers/harvesters
-// "/MSIE.*Windows XP/", // misc comment spam
- );
-
- // Do not edit below this line.
-
- $ua = $package['headers_mixed']['User-Agent'];
-
- foreach ($bb2_spambots_0 as $spambot) {
- $pos = stripos($ua, $spambot);
- if ($pos !== FALSE && $pos == 0) {
- return "17f4e8c8";
- }
- }
-
- foreach ($bb2_spambots as $spambot) {
- if (stripos($ua, $spambot) !== FALSE) {
- return "17f4e8c8";
- }
- }
-
- foreach ($bb2_spambots_regex as $spambot) {
- if (preg_match($spambot, $ua)) {
- return "17f4e8c8";
- }
- }
-
- return FALSE;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+function bb2_blacklist($package) {
+
+ // Blacklisted user agents
+ // These user agent strings occur at the beginning of the line.
+ $bb2_spambots_0 = array(
+ "<sc", // XSS exploit attempts
+ "8484 Boston Project", // video poker/porn spam
+ "adwords", // referrer spam
+ "autoemailspider", // spam harvester
+ "blogsearchbot-martin", // from honeypot
+ "Digger", // spam harvester
+ "ecollector", // spam harvester
+ "EmailCollector", // spam harvester
+ "Email Extractor", // spam harvester
+ "Email Siphon", // spam harvester
+ "EmailSiphon", // spam harvester
+ "grub crawler", // misc comment/email spam
+ "HttpProxy", // misc comment/email spam
+ "Internet Explorer", // XMLRPC exploits seen
+ "Jakarta Commons", // custommised spambots
+ "Java 1.", // definitely a spammer
+ "Java/1.", // definitely a spammer
+ "libwww-perl", // spambot scripts
+ "LWP", // spambot scripts
+ "Microsoft URL", // spam harvester
+ "Missigua", // spam harvester
+ "MJ12bot", // crawls MUCH too fast
+ "Movable Type", // customised spambots
+ "Mozilla ", // malicious software
+ "Mozilla/4.0(", // from honeypot
+ "Mozilla/4.0+(", // suspicious harvester
+ "MSIE", // malicious software
+ "NutchCVS", // unidentified robots
+ "Nutscrape/", // misc comment spam
+ "OmniExplorer", // spam harvester
+ "psycheclone", // spam harvester
+ "PussyCat ", // misc comment spam
+ "PycURL", // misc comment spam
+ "Shockwave Flash", // spam harvester
+ "TrackBack/", // trackback spam
+ "user", // suspicious harvester
+ "User Agent: ", // spam harvester
+ "User-Agent: ", // spam harvester
+ "Wordpress", // malicious software
+ "\"", // malicious software
+ );
+
+ // These user agent strings occur anywhere within the line.
+ $bb2_spambots = array(
+ "\r", // A really dumb bot
+ "; Widows ", // misc comment/email spam
+ "a href=", // referrer spam
+ "Bad Behavior Test", // Add this to your user-agent to
test BB
+ "compatible ; MSIE", // misc comment/email spam
+ "compatible-", // misc comment/email spam
+ "DTS Agent", // misc comment/email spam
+ "Gecko/25", // revisit this in 500 years
+ "grub-client", // search engine ignores robots.txt
+ "hanzoweb", // very badly behaved crawler
+ "Indy Library", // misc comment/email spam
+ "larbin at unspecified", // stealth harvesters
+ "Murzillo compatible", // comment spam bot
+ ".NET CLR 1)", // free poker, etc.
+ "POE-Component-Client", // free poker, etc.
+ "Turing Machine", // www.anonymizer.com abuse
+ "WebaltBot", // spam harvester
+ "WISEbot", // spam harvester
+ "WISEnutbot", // spam harvester
+ "Windows NT 4.0;)", // wikispam bot
+ "Windows NT 5.0;)", // wikispam bot
+ "Windows NT 5.1;)", // wikispam bot
+ "Windows XP 5", // spam harvester
+ "\\\\)", // spam harvester
+ );
+
+ // These are regular expression matches.
+ $bb2_spambots_regex = array(
+ "/^[A-Z]{10}$/", // misc email spam
+ "/^Mozilla...[05]$/i", // fake user agent/email spam
+ "/[bcdfghjklmnpqrstvwxz ]{8,}/",
+// "/(;\){1,2}$/", // misc spammers/harvesters
+// "/MSIE.*Windows XP/", // misc comment spam
+ );
+
+ // Do not edit below this line.
+
+ $ua = $package['headers_mixed']['User-Agent'];
+
+ foreach ($bb2_spambots_0 as $spambot) {
+ $pos = strpos($ua, $spambot);
+ if ($pos !== FALSE && $pos == 0) {
+ return "17f4e8c8";
+ }
+ }
+
+ foreach ($bb2_spambots as $spambot) {
+ if (strpos($ua, $spambot) !== FALSE) {
+ return "17f4e8c8";
+ }
+ }
+
+ foreach ($bb2_spambots_regex as $spambot) {
+ if (preg_match($spambot, $ua)) {
+ return "17f4e8c8";
+ }
+ }
+
+ return FALSE;
+}
+
+?>
Modified:
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
2008-02-28 10:54:49 UTC (rev 6191)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
2008-02-29 06:49:43 UTC (rev 6192)
@@ -1,24 +1,25 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be MSIE
-
-function bb2_msie($package)
-{
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
-
- // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
- if (strpos($package['headers_mixed']['User-Agent'], "Windows ME")
!== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP")
!== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000")
!== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !==
FALSE) {
- return "a1084bad";
- }
-
- // MSIE does NOT send Connection: TE
- if (preg_match('/\bTE\b/i',
$package['headers_mixed']['Connection'])) {
- return "2b90f772";
- }
-
- return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be MSIE
+
+function bb2_msie($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+
+ // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
+ if (strpos($package['headers_mixed']['User-Agent'], "Windows ME")
!== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP")
!== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000")
!== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !==
FALSE) {
+ return "a1084bad";
+ }
+
+ // MSIE does NOT send Connection: TE but Akamai does
+ // Bypass this test when Akamai detected
+ if (!array_key_exists('Akamai-Origin-Hop',
$package['headers_mixed']) && preg_match('/\bTE\b/i',
$package['headers_mixed']['Connection'])) {
+ return "2b90f772";
+ }
+
+ return false;
+}
+
+?>
Modified:
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
===================================================================
---
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
2008-02-28 10:54:49 UTC (rev 6191)
+++
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
2008-02-29 06:49:43 UTC (rev 6192)
@@ -1,3 +1,3 @@
-<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.0.11");
-?>
+<?php if (!defined('BB2_CWD')) die("I said no cheating!");
+define('BB2_VERSION', "2.0.13");
+?>
Modified:
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.ph
p
===================================================================
---
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.ph
p 2008-02-28 10:54:49 UTC (rev 6191)
+++
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.ph
p 2008-02-29 06:49:43 UTC (rev 6192)
@@ -1,56 +1,58 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_whitelist($package)
-{
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless
you
- // are 100% CERTAIN that you should.
-
- // IP address ranges use the CIDR format.
-
- // Includes four examples of whitelisting by IP address and
netblock.
- $bb2_whitelist_ip_ranges = array(
- "10.0.0.0/8",
- "172.16.0.0/12",
- "192.168.0.0/16",
-// "127.0.0.1",
- );
-
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless
you
- // are 100% CERTAIN that you should.
-
- // You should not whitelist search engines by user agent. Use the IP
- // netblock for the search engine instead. See
http://whois.arin.net/
- // to locate the netblocks for an IP.
-
- // User agents are matched by exact match only.
-
- // Includes one example of whitelisting by user agent.
- // All are commented out.
- $bb2_whitelist_user_agents = array(
- // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
It's me, let me in",
- );
-
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
- // Do not edit below this line
-
- if (!empty($bb2_whitelist_ip_ranges)) {
- foreach ($bb2_whitelist_ip_ranges as $range) {
- if (match_cidr($package['ip'], $range)) return true;
- }
- }
- if (!empty($bb2_whitelist_user_agents)) {
- foreach ($bb2_whitelist_user_agents as $user_agent) {
- if (!strcmp($package['headers_mixed']['User-Agent'],
$user_agent)) return true;
- }
- }
- return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+function bb2_whitelist($package)
+{
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless
you
+ // are 100% CERTAIN that you should.
+
+ // IP address ranges use the CIDR format.
+
+ // Includes four examples of whitelisting by IP address and
netblock.
+ $bb2_whitelist_ip_ranges = array(
+ "64.191.203.34/32", // Digg whitelisted as of 2.0.12
+ "208.67.217.130/32", // Digg whitelisted as of 2.0.12
+ "10.0.0.0/8",
+ "172.16.0.0/12",
+ "192.168.0.0/16",
+// "127.0.0.1",
+ );
+
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless
you
+ // are 100% CERTAIN that you should.
+
+ // You should not whitelist search engines by user agent. Use the IP
+ // netblock for the search engine instead. See
http://whois.arin.net/
+ // to locate the netblocks for an IP.
+
+ // User agents are matched by exact match only.
+
+ // Includes one example of whitelisting by user agent.
+ // All are commented out.
+ $bb2_whitelist_user_agents = array(
+ // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
It's me, let me in",
+ );
+
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+
+ // Do not edit below this line
+
+ if (!empty($bb2_whitelist_ip_ranges)) {
+ foreach ($bb2_whitelist_ip_ranges as $range) {
+ if (match_cidr($package['ip'], $range)) return true;
+ }
+ }
+ if (!empty($bb2_whitelist_user_agents)) {
+ foreach ($bb2_whitelist_user_agents as $user_agent) {
+ if (!strcmp($package['headers_mixed']['User-Agent'],
$user_agent)) return true;
+ }
+ }
+ return false;
+}
+
+?>
Modified:
plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php
===================================================================
---
plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php
2008-02-28 10:54:49 UTC (rev 6191)
+++
plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php
2008-02-29 06:49:43 UTC (rev 6192)
@@ -20,7 +20,7 @@
$this->desc = "Bad Behavior for LifeType";
$this->author = "The Lifetype Project";
$this->db =& Db::getDb();
- $this->version = "20071205";
+ $this->version = "20080228";
$config =& Config::getConfig();
$prefix = Db::getPrefix();
_______________________________________________
pLog-svn mailing list
pLog-svn at devel.lifetype.net
http://limedaley.com/mailman/listinfo/plog-svn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://limedaley.com/pipermail/plog-svn/attachments/20080229/067674f0/attachment-0001.htm
More information about the pLog-svn
mailing list