[pLog-svn] r6696 - plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior
Jon Daley
plogworld at jon.limedaley.com
Wed Jul 16 17:59:10 EDT 2008
Did you mean to remove our customizations? And did they change
their files to not have DOS carriage returns, or did you do that? If they
did it, that is okay, but if was you, we should probably fix it, so each
release doesn't modify every file.
On Wed, 16 Jul 2008, reto at devel.lifetype.net wrote:
> Author: reto
> Date: 2008-07-16 17:16:00 -0400 (Wed, 16 Jul 2008)
> New Revision: 6696
>
> Removed:
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/admin.inc.php
> Modified:
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
> plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
> Log:
> Update to 2.0.20
> - admin.inc.php is no longer within the bad-behavior folder, it was put one level higher because it's the admin front-end for wp.
>
> Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/admin.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/admin.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/admin.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,96 +0,0 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -/* This techncially belongs a level up, with the WordPress code. It'll be moved soon. */
> -
> -function bb2_admin_pages() {
> - if (function_exists('current_user_can')) {
> - // The new 2.x way
> - if (current_user_can('manage_options')) {
> - $bb2_is_admin = true;
> - }
> - } else {
> - // The old 1.x way
> - global $user_ID;
> - if (user_can_edit_user($user_ID, 0)) {
> - $bb2_is_admin = true;
> - }
> - }
> -
> - if ($bb2_is_admin) {
> - add_options_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_options', 'bb2_options');
> - }
> -}
> -
> -function bb2_options()
> -{
> - $settings = bb2_read_settings();
> -
> - if ($_POST) {
> - if ($_POST['display_stats']) {
> - $settings['display_stats'] = true;
> - } else {
> - $settings['display_stats'] = false;
> - }
> - if ($_POST['strict']) {
> - $settings['strict'] = true;
> - } else {
> - $settings['strict'] = false;
> - }
> - if ($_POST['verbose']) {
> - $settings['verbose'] = true;
> - } else {
> - $settings['verbose'] = false;
> - }
> - if ($_POST['logging']) {
> - if ($_POST['logging'] == 'verbose') {
> - $settings['verbose'] = true;
> - $settings['logging'] = true;
> - } else if ($_POST['logging'] == 'normal') {
> - $settings['verbose'] = false;
> - $settings['logging'] = true;
> - } else {
> - $settings['verbose'] = false;
> - $settings['logging'] = false;
> - }
> - } else {
> - $settings['verbose'] = false;
> - $settings['logging'] = false;
> - }
> - bb2_write_settings($settings);
> -?>
> - <div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
> -<?php
> - }
> -?>
> - <div class="wrap">
> - <h2><?php _e("Bad Behavior"); ?></h2>
> - <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
> - <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
> - <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
> -
> - <fieldset class="options">
> - <legend><?php _e('Statistics'); ?></legend>
> - <?php bb2_insert_stats(true); ?>
> - <p><label><input type="checkbox" name="display_stats" value="true" <?php if ($settings['display_stats']) { ?>checked="checked" <?php } ?>/> <?php _e('Display statistics in blog footer'); ?></label></p>
> - </fieldset>
> -
> - <fieldset class="options">
> - <legend><?php _e('Logging'); ?></legend>
> - <p><label><input type="radio" name="logging" value="verbose" <?php if ($settings['verbose'] && $settings['logging']) { ?>checked="checked" <?php } ?>/> <?php _e('Verbose HTTP request logging'); ?></label></p>
> - <p><label><input type="radio" name="logging" value="normal" <?php if ($settings['logging'] && !$settings['verbose']) { ?>checked="checked" <?php } ?>/> <?php _e('Normal HTTP request logging (recommended)'); ?></label></p>
> - <p><label><input type="radio" name="logging" value="false" <?php if (!$settings['logging']) { ?>checked="checked" <?php } ?>/> <?php _e('Do not log HTTP requests (not recommended)'); ?></label></p>
> - </fieldset>
> -
> - <fieldset class="options">
> - <legend><?php _e('Strict Mode'); ?></legend>
> - <p><label><input type="checkbox" name="strict" value="true" <?php if ($settings['strict']) { ?>checked="checked" <?php } ?>/> <?php _e('Strict checking (blocks more spam but may block some people)'); ?></label></p>
> - </fieldset>
> -
> - <p class="submit"><input type="submit" name="submit" value="<?php _e('Update »'); ?>" /></p>
> - </form>
> - </div>
> -<?php
> -}
> -
> -add_action('admin_menu', 'bb2_admin_pages');
> -
> -?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,49 +1,49 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Functions called when a request has been denied
> -// This part can be gawd-awful slow, doesn't matter :)
> -
> -require_once(BB2_CORE . "/responses.inc.php");
> -
> -function bb2_display_denial($settings, $key, $previous_key = false)
> -{
> - if (!$previous_key) $previous_key = $key;
> - if ($key == "e87553e1") {
> - // FIXME: lookup the real key
> - }
> - // Create support key
> - $ip = explode(".", $_SERVER['REMOTE_ADDR']);
> - $ip_hex = "";
> - foreach ($ip as $octet) {
> - $ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
> - }
> - $support_key = implode("-", str_split("$ip_hex$key", 4));
> -
> - // Get response data
> - $response = bb2_get_response($previous_key);
> - header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
> - header("Status: " . $response['response'] . " Bad Behavior");
> -?>
> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
> -<html xmlns="http://www.w3.org/1999/xhtml">
> -<head>
> -<title>HTTP Error <?php echo $response['response']; ?></title>
> -</head>
> -<body>
> -<h1>Error <?php echo $response['response']; ?></h1>
> -<p>We're sorry, but we could not fulfill your request for
> -<?php echo htmlspecialchars($_SERVER['REQUEST_URI']) ?> on this server.</p>
> -<p><?php echo $response['explanation']; ?></p>
> -<p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
> -<p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
> -<p>If you are unable to fix the problem yourself, please contact <a href="mailto:<?php echo htmlspecialchars(str_replace("@", "+nospam at nospam.", bb2_email())); ?>"><?php echo htmlspecialchars(str_replace("@", " at ", bb2_email())); ?></a> and be sure to provide the technical support key shown above.</p>
> -<?php
> -}
> -
> -function bb2_log_denial($settings, $package, $key, $previous_key=false)
> -{
> - if (!$settings['logging']) return;
> - bb2_db_query(bb2_insert($settings, $package, $key));
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Functions called when a request has been denied
> +// This part can be gawd-awful slow, doesn't matter :)
> +
> +require_once(BB2_CORE . "/responses.inc.php");
> +
> +function bb2_display_denial($settings, $key, $previous_key = false)
> +{
> + if (!$previous_key) $previous_key = $key;
> + if ($key == "e87553e1") {
> + // FIXME: lookup the real key
> + }
> + // Create support key
> + $ip = explode(".", $_SERVER['REMOTE_ADDR']);
> + $ip_hex = "";
> + foreach ($ip as $octet) {
> + $ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
> + }
> + $support_key = implode("-", str_split("$ip_hex$key", 4));
> +
> + // Get response data
> + $response = bb2_get_response($previous_key);
> + header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
> + header("Status: " . $response['response'] . " Bad Behavior");
> +?>
> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
> +<html xmlns="http://www.w3.org/1999/xhtml">
> +<head>
> +<title>HTTP Error <?php echo $response['response']; ?></title>
> +</head>
> +<body>
> +<h1>Error <?php echo $response['response']; ?></h1>
> +<p>We're sorry, but we could not fulfill your request for
> +<?php echo htmlspecialchars($_SERVER['REQUEST_URI']) ?> on this server.</p>
> +<p><?php echo $response['explanation']; ?></p>
> +<p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
> +<p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
> +<p>If you are unable to fix the problem yourself, please contact <a href="mailto:<?php echo htmlspecialchars(str_replace("@", "+nospam at nospam.", bb2_email())); ?>"><?php echo htmlspecialchars(str_replace("@", " at ", bb2_email())); ?></a> and be sure to provide the technical support key shown above.</p>
> +<?php
> +}
> +
> +function bb2_log_denial($settings, $package, $key, $previous_key=false)
> +{
> + if (!$settings['logging']) return;
> + bb2_db_query(bb2_insert($settings, $package, $key));
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,37 +1,37 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Look up address on various blackhole lists.
> -// These cannot be used for GET requests under any circumstances!
> -function bb2_blackhole($package) {
> - // Only conservative lists
> - $bb2_blackhole_lists = array(
> - "sbl-xbl.spamhaus.org", // All around nasties
> -// "dnsbl.sorbs.net", // Old useless data.
> -// "list.dsbl.org", // Old useless data.
> -// "dnsbl.ioerror.us", // Bad Behavior Blackhole
> - );
> -
> - // Things that shouldn't be blocked, from aggregate lists
> - $bb2_blackhole_exceptions = array(
> - "sbl-xbl.spamhaus.org" => array("127.0.0.4"), // CBL is problematic
> - "dnsbl.sorbs.net" => array("127.0.0.10",), // Dynamic IPs only
> - "list.dsbl.org" => array(),
> - "dnsbl.ioerror.us" => array(),
> - );
> -
> - // Check the blackhole lists
> - $ip = $package['ip'];
> - $find = implode('.', array_reverse(explode('.', $ip)));
> - foreach ($bb2_blackhole_lists as $dnsbl) {
> - $result = gethostbynamel($find . "." . $dnsbl . ".");
> - if (!empty($result)) {
> - // Got a match and it isn't on the exception list
> - $result = @array_diff($result, $bb2_blackhole_exceptions[$dnsbl]);
> - if (!empty($result)) {
> - return '136673cd';
> - }
> - }
> - }
> - return false;
> -}
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Look up address on various blackhole lists.
> +// These cannot be used for GET requests under any circumstances!
> +function bb2_blackhole($package) {
> + // Only conservative lists
> + $bb2_blackhole_lists = array(
> + "sbl-xbl.spamhaus.org", // All around nasties
> +// "dnsbl.sorbs.net", // Old useless data.
> +// "list.dsbl.org", // Old useless data.
> +// "dnsbl.ioerror.us", // Bad Behavior Blackhole
> + );
> +
> + // Things that shouldn't be blocked, from aggregate lists
> + $bb2_blackhole_exceptions = array(
> + "sbl-xbl.spamhaus.org" => array("127.0.0.4"), // CBL is problematic
> + "dnsbl.sorbs.net" => array("127.0.0.10",), // Dynamic IPs only
> + "list.dsbl.org" => array(),
> + "dnsbl.ioerror.us" => array(),
> + );
> +
> + // Check the blackhole lists
> + $ip = $package['ip'];
> + $find = implode('.', array_reverse(explode('.', $ip)));
> + foreach ($bb2_blackhole_lists as $dnsbl) {
> + $result = gethostbynamel($find . "." . $dnsbl . ".");
> + if (!empty($result)) {
> + // Got a match and it isn't on the exception list
> + $result = @array_diff($result, $bb2_blackhole_exceptions[$dnsbl]);
> + if (!empty($result)) {
> + return '136673cd';
> + }
> + }
> + }
> + return false;
> +}
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,114 +1,115 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -function bb2_blacklist($package) {
> -
> - // Blacklisted user agents
> - // These user agent strings occur at the beginning of the line.
> - $bb2_spambots_0 = array(
> - "<sc", // XSS exploit attempts
> - "8484 Boston Project", // video poker/porn spam
> - "adwords", // referrer spam
> - "autoemailspider", // spam harvester
> - "blogsearchbot-martin", // from honeypot
> - "Digger", // spam harvester
> - "ecollector", // spam harvester
> - "EmailCollector", // spam harvester
> - "Email Extractor", // spam harvester
> - "Email Siphon", // spam harvester
> - "EmailSiphon", // spam harvester
> - "grub crawler", // misc comment/email spam
> - "HttpProxy", // misc comment/email spam
> - "Internet Explorer", // XMLRPC exploits seen
> - "Jakarta Commons", // custommised spambots
> - "Java 1.", // definitely a spammer
> - "Java/1.", // definitely a spammer
> - "libwww-perl", // spambot scripts
> - "LWP", // spambot scripts
> - "Microsoft URL", // spam harvester
> - "Missigua", // spam harvester
> - "MJ12bot", // crawls MUCH too fast
> - "Movable Type", // customised spambots
> - "Mozilla ", // malicious software
> - "Mozilla/4.0(", // from honeypot
> - "Mozilla/4.0+(", // suspicious harvester
> - "MSIE", // malicious software
> - "NutchCVS", // unidentified robots
> - "Nutscrape/", // misc comment spam
> - "OmniExplorer", // spam harvester
> - "psycheclone", // spam harvester
> - "PussyCat ", // misc comment spam
> - "PycURL", // misc comment spam
> -// "Shockwave Flash", // spam harvester
> -// WP 2.5 now has Flash; FIXME
> - "TrackBack/", // trackback spam
> - "user", // suspicious harvester
> - "User Agent: ", // spam harvester
> - "User-Agent: ", // spam harvester
> - "Wordpress", // malicious software
> - "\"", // malicious software
> - );
> -
> - // These user agent strings occur anywhere within the line.
> - $bb2_spambots = array(
> - "\r", // A really dumb bot
> - "; Widows ", // misc comment/email spam
> - "a href=", // referrer spam
> - "Bad Behavior Test", // Add this to your user-agent to test BB
> - "compatible ; MSIE", // misc comment/email spam
> - "compatible-", // misc comment/email spam
> - "DTS Agent", // misc comment/email spam
> - "Gecko/25", // revisit this in 500 years
> - "grub-client", // search engine ignores robots.txt
> - "hanzoweb", // very badly behaved crawler
> - "Indy Library", // misc comment/email spam
> - "larbin at unspecified", // stealth harvesters
> - "Murzillo compatible", // comment spam bot
> - ".NET CLR 1)", // free poker, etc.
> - "POE-Component-Client", // free poker, etc.
> - "Turing Machine", // www.anonymizer.com abuse
> - "WebaltBot", // spam harvester
> - "WISEbot", // spam harvester
> - "WISEnutbot", // spam harvester
> - "Windows NT 4.0;)", // wikispam bot
> - "Windows NT 5.0;)", // wikispam bot
> - "Windows NT 5.1;)", // wikispam bot
> - "Windows XP 5", // spam harvester
> - "\\\\)", // spam harvester
> - );
> -
> - // These are regular expression matches.
> - $bb2_spambots_regex = array(
> - "/^[A-Z]{10}$/", // misc email spam
> - "/^Mozilla...[05]$/i", // fake user agent/email spam
> - "/[bcdfghjklmnpqrstvwxz ]{8,}/",
> -// "/(;\){1,2}$/", // misc spammers/harvesters
> -// "/MSIE.*Windows XP/", // misc comment spam
> - );
> -
> - // Do not edit below this line.
> -
> - $ua = $package['headers_mixed']['User-Agent'];
> -
> - foreach ($bb2_spambots_0 as $spambot) {
> - $pos = strpos($ua, $spambot);
> - if ($pos !== FALSE && $pos == 0) {
> - return "17f4e8c8";
> - }
> - }
> -
> - foreach ($bb2_spambots as $spambot) {
> - if (strpos($ua, $spambot) !== FALSE) {
> - return "17f4e8c8";
> - }
> - }
> -
> - foreach ($bb2_spambots_regex as $spambot) {
> - if (preg_match($spambot, $ua)) {
> - return "17f4e8c8";
> - }
> - }
> -
> - return FALSE;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +function bb2_blacklist($package) {
> +
> + // Blacklisted user agents
> + // These user agent strings occur at the beginning of the line.
> + $bb2_spambots_0 = array(
> + "<sc", // XSS exploit attempts
> + "8484 Boston Project", // video poker/porn spam
> + "adwords", // referrer spam
> + "autoemailspider", // spam harvester
> + "blogsearchbot-martin", // from honeypot
> + "Digger", // spam harvester
> + "ecollector", // spam harvester
> + "EmailCollector", // spam harvester
> + "Email Extractor", // spam harvester
> + "Email Siphon", // spam harvester
> + "EmailSiphon", // spam harvester
> + "grub crawler", // misc comment/email spam
> + "HttpProxy", // misc comment/email spam
> + "Internet Explorer", // XMLRPC exploits seen
> + "Jakarta Commons", // custommised spambots
> + "Java 1.", // definitely a spammer
> + "Java/1.", // definitely a spammer
> + "libwww-perl", // spambot scripts
> + "LWP", // spambot scripts
> + "Microsoft URL", // spam harvester
> + "Missigua", // spam harvester
> + "MJ12bot", // crawls MUCH too fast
> + "Movable Type", // customised spambots
> + "Mozilla ", // malicious software
> + "Mozilla/4.0(", // from honeypot
> + "Mozilla/4.0+(", // suspicious harvester
> + "MSIE", // malicious software
> + "NutchCVS", // unidentified robots
> + "Nutscrape/", // misc comment spam
> + "OmniExplorer", // spam harvester
> + "psycheclone", // spam harvester
> + "PussyCat ", // misc comment spam
> + "PycURL", // misc comment spam
> +// "Shockwave Flash", // spam harvester
> +// WP 2.5 now has Flash; FIXME
> + "TrackBack/", // trackback spam
> + "user", // suspicious harvester
> + "User Agent: ", // spam harvester
> + "User-Agent: ", // spam harvester
> + "Winnie Poh", // Automated Coppermine hacks
> + "Wordpress", // malicious software
> + "\"", // malicious software
> + );
> +
> + // These user agent strings occur anywhere within the line.
> + $bb2_spambots = array(
> + "\r", // A really dumb bot
> + "; Widows ", // misc comment/email spam
> + "a href=", // referrer spam
> + "Bad Behavior Test", // Add this to your user-agent to test BB
> + "compatible ; MSIE", // misc comment/email spam
> + "compatible-", // misc comment/email spam
> + "DTS Agent", // misc comment/email spam
> + "Gecko/25", // revisit this in 500 years
> + "grub-client", // search engine ignores robots.txt
> + "hanzoweb", // very badly behaved crawler
> + "Indy Library", // misc comment/email spam
> + "larbin at unspecified", // stealth harvesters
> + "Murzillo compatible", // comment spam bot
> + ".NET CLR 1)", // free poker, etc.
> + "POE-Component-Client", // free poker, etc.
> + "Turing Machine", // www.anonymizer.com abuse
> + "WebaltBot", // spam harvester
> + "WISEbot", // spam harvester
> + "WISEnutbot", // spam harvester
> + "Windows NT 4.0;)", // wikispam bot
> + "Windows NT 5.0;)", // wikispam bot
> + "Windows NT 5.1;)", // wikispam bot
> + "Windows XP 5", // spam harvester
> + "\\\\)", // spam harvester
> + );
> +
> + // These are regular expression matches.
> + $bb2_spambots_regex = array(
> + "/^[A-Z]{10}$/", // misc email spam
> + "/^Mozilla...[05]$/i", // fake user agent/email spam
> + "/[bcdfghjklmnpqrstvwxz ]{8,}/",
> +// "/(;\){1,2}$/", // misc spammers/harvesters
> +// "/MSIE.*Windows XP/", // misc comment spam
> + );
> +
> + // Do not edit below this line.
> +
> + $ua = $package['headers_mixed']['User-Agent'];
> +
> + foreach ($bb2_spambots_0 as $spambot) {
> + $pos = strpos($ua, $spambot);
> + if ($pos !== FALSE && $pos == 0) {
> + return "17f4e8c8";
> + }
> + }
> +
> + foreach ($bb2_spambots as $spambot) {
> + if (strpos($ua, $spambot) !== FALSE) {
> + return "17f4e8c8";
> + }
> + }
> +
> + foreach ($bb2_spambots_regex as $spambot) {
> + if (preg_match($spambot, $ua)) {
> + return "17f4e8c8";
> + }
> + }
> +
> + return FALSE;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,120 +1,126 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Enforce adherence to protocol version claimed by user-agent.
> -
> -function bb2_protocol($settings, $package)
> -{
> - // Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
> - // Always run this test; we should never see Expect:
> - if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
> - return "a0105122";
> - }
> -
> - // Is it claiming to be HTTP/1.1? Then it shouldn't do HTTP/1.0 things
> - // Blocks some common corporate proxy servers in strict mode
> - if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) {
> - if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) {
> - return "41feed15";
> - }
> - }
> - return false;
> -}
> -
> -function bb2_misc_headers($settings, $package)
> -{
> - $ua = $package['headers_mixed']['User-Agent'];
> -
> - if (!strcmp($package['request_method'], "POST") && empty($ua)) {
> - return "f9f2b8b9";
> - }
> -
> - // Broken spambots send URLs with various invalid characters
> - // Some broken browsers send the #vector in the referer field :(
> - // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
> - if (strpos($package['request_uri'], "#") !== FALSE) {
> - return "dfd9b1ad";
> - }
> -
> - // Range: field exists and begins with 0
> - // Real user-agents do not start ranges at 0
> - // NOTE: this blocks the whois.sc bot. No big loss.
> - // Exceptions: MT (not fixable); LJ (refuses to fix; may be
> - // blocked again in the future)
> - if (array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
> - if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10)) {
> - return "7ad04a8a";
> - }
> - }
> -
> - // Content-Range is a response header, not a request header
> - if (array_key_exists('Content-Range', $package['headers_mixed'])) {
> - return '7d12528e';
> - }
> -
> - // Lowercase via is used by open proxies/referrer spammers
> - // Exceptions: Clearswift uses lowercase via (refuses to fix;
> - // may be blocked again in the future)
> - if (array_key_exists('via', $package['headers']) &&
> - !strstr($package['headers']['via'],'Clearswift Web Policy Engine')) {
> - return "9c9e4979";
> - }
> -
> - // pinappleproxy is used by referrer spammers
> - if (array_key_exists('Via', $package['headers_mixed'])) {
> - if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) {
> - return "939a6fbb";
> - }
> - }
> -
> - // TE: if present must have Connection: TE
> - // RFC 2616 14.39
> - // Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft
> - // to obtain a hotfix.
> - if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed'])) {
> - if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection'])) {
> - return "582ec5e4";
> - }
> - }
> -
> - if (array_key_exists('Connection', $package['headers_mixed'])) {
> - // Connection: keep-alive and close are mutually exclusive
> - if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection'])) {
> - return "a52f0448";
> - }
> - // Close shouldn't appear twice
> - if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection'])) {
> - return "a52f0448";
> - }
> - // Keey-Alive shouldn't appear twice either
> - if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
> - return "a52f0448";
> - }
> - }
> -
> -
> - // Headers which are not seen from normal user agents; only malicious bots
> - if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed'])) {
> - return "b9cc1d86";
> - }
> - if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
> - return "b7830251";
> - }
> -
> - if (array_key_exists('Referer', $package['headers_mixed'])) {
> - // Referer, if it exists, must not be blank
> - if (empty($package['headers_mixed'])) {
> - return "69920ee5";
> - }
> -
> - // Referer, if it exists, must contain a :
> - // While a relative URL is technically valid in Referer, all known
> - // legit user-agents send an absolute URL
> - if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
> - return "45b35e30";
> - }
> - }
> -
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Enforce adherence to protocol version claimed by user-agent.
> +
> +function bb2_protocol($settings, $package)
> +{
> + // Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
> + // Always run this test; we should never see Expect:
> + if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
> + return "a0105122";
> + }
> +
> + // Is it claiming to be HTTP/1.1? Then it shouldn't do HTTP/1.0 things
> + // Blocks some common corporate proxy servers in strict mode
> + if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) {
> + if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) {
> + return "41feed15";
> + }
> + }
> + return false;
> +}
> +
> +function bb2_misc_headers($settings, $package)
> +{
> + $ua = $package['headers_mixed']['User-Agent'];
> +
> + if (!strcmp($package['request_method'], "POST") && empty($ua)) {
> + return "f9f2b8b9";
> + }
> +
> + // Broken spambots send URLs with various invalid characters
> + // Some broken browsers send the #vector in the referer field :(
> + // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
> + if (strpos($package['request_uri'], "#") !== FALSE) {
> + return "dfd9b1ad";
> + }
> +
> + // Range: field exists and begins with 0
> + // Real user-agents do not start ranges at 0
> + // NOTE: this blocks the whois.sc bot. No big loss.
> + // Exceptions: MT (not fixable); LJ (refuses to fix; may be
> + // blocked again in the future)
> + if (array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
> + if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10)) {
> + return "7ad04a8a";
> + }
> + }
> +
> + // Content-Range is a response header, not a request header
> + if (array_key_exists('Content-Range', $package['headers_mixed'])) {
> + return '7d12528e';
> + }
> +
> + // Lowercase via is used by open proxies/referrer spammers
> + // Exceptions: Clearswift uses lowercase via (refuses to fix;
> + // may be blocked again in the future)
> + if (array_key_exists('via', $package['headers']) &&
> + strpos($package['headers']['via'],'Clearswift') === FALSE) {
> + return "9c9e4979";
> + }
> +
> + // pinappleproxy is used by referrer spammers
> + if (array_key_exists('Via', $package['headers_mixed'])) {
> + if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) {
> + return "939a6fbb";
> + }
> + }
> +
> + // TE: if present must have Connection: TE
> + // RFC 2616 14.39
> + // Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft
> + // to obtain a hotfix.
> + if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed'])) {
> + if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection'])) {
> + return "582ec5e4";
> + }
> + }
> +
> + if (array_key_exists('Connection', $package['headers_mixed'])) {
> + // Connection: keep-alive and close are mutually exclusive
> + if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection'])) {
> + return "a52f0448";
> + }
> + // Close shouldn't appear twice
> + if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection'])) {
> + return "a52f0448";
> + }
> + // Keey-Alive shouldn't appear twice either
> + if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
> + return "a52f0448";
> + }
> + }
> +
> +
> + // Headers which are not seen from normal user agents; only malicious bots
> + if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed'])) {
> + return "b9cc1d86";
> + }
> + // Proxy-Connection does not exist and should never be seen in the wild
> + if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
> + return "b7830251";
> + }
> +
> + if (array_key_exists('Referer', $package['headers_mixed'])) {
> + // Referer, if it exists, must not be blank
> + if (empty($package['headers_mixed'])) {
> + return "69920ee5";
> + }
> +
> + // Referer, if it exists, must contain a :
> + // While a relative URL is technically valid in Referer, all known
> + // legit user-agents send an absolute URL
> + if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
> + return "45b35e30";
> + }
> + }
> +
> + // "uk" is not a language (ISO 639) nor a country (ISO 3166)
> + if (preg_match('/\buk\b/', $package['headers_mixed']['Accept-Language'])) {
> + return "35ea7ffa";
> + }
> +
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,203 +1,203 @@
> -<?php if (!defined('BB2_CWD')) die("I said no cheating!");
> -
> -// Bad Behavior entry point is start_bad_behavior().
> -// If you're reading this, you are probably lost.
> -// Go read the bad-behavior-generic.php file.
> -
> -define('BB2_CORE', dirname(__FILE__));
> -define('BB2_COOKIE', 'bb2_screener_');
> -
> -require_once(BB2_CORE . "/functions.inc.php");
> -
> -// Our log table structure
> -function bb2_table_structure($name)
> -{
> - // It's not paranoia if they really are out to get you.
> - $name_escaped = bb2_db_escape($name);
> - return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
> - `id` INT(11) NOT NULL auto_increment,
> - `ip` TEXT NOT NULL,
> - `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
> - `request_method` TEXT NOT NULL,
> - `request_uri` TEXT NOT NULL,
> - `server_protocol` TEXT NOT NULL,
> - `http_headers` TEXT NOT NULL,
> - `user_agent` TEXT NOT NULL,
> - `request_entity` TEXT NOT NULL,
> - `key` TEXT NOT NULL,
> - INDEX (`ip`(15)),
> - INDEX (`user_agent`(10)),
> - PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
> -}
> -
> -// Insert a new record
> -function bb2_insert($settings, $package, $key)
> -{
> - $ip = bb2_db_escape($package['ip']);
> - $date = bb2_db_date();
> - $request_method = bb2_db_escape($package['request_method']);
> - $request_uri = bb2_db_escape($package['request_uri']);
> - $server_protocol = bb2_db_escape($package['server_protocol']);
> - $user_agent = bb2_db_escape($package['user_agent']);
> - $headers = "$request_method $request_uri $server_protocol\n";
> - foreach ($package['headers'] as $h => $v) {
> - $headers .= bb2_db_escape("$h: $v\n");
> - }
> - $request_entity = "";
> - if (!strcasecmp($request_method, "POST")) {
> - foreach ($package['request_entity'] as $h => $v) {
> - $request_entity .= bb2_db_escape("$h: $v\n");
> - }
> - }
> - return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
> - (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
> - ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
> -}
> -
> -// Kill 'em all!
> -function bb2_banned($settings, $package, $key, $previous_key=false)
> -{
> - // Some spambots hit too hard. Slow them down a bit.
> - sleep(2);
> -
> - require_once(BB2_CORE . "/banned.inc.php");
> - bb2_display_denial($settings, $key, $previous_key);
> - bb2_log_denial($settings, $package, $key, $previous_key);
> - if (is_callable('bb2_banned_callback')) {
> - bb2_banned_callback($settings, $package, $key);
> - }
> - // Penalize the spammers some more
> - require_once(BB2_CORE . "/housekeeping.inc.php");
> - bb2_housekeeping($settings, $package);
> - die();
> -}
> -
> -function bb2_approved($settings, $package)
> -{
> - // Dirk wanted this
> - if (is_callable('bb2_approved_callback')) {
> - bb2_approved_callback($settings, $package);
> - }
> -
> - // Decide what to log on approved requests.
> - if (($settings['verbose'] && $settings['logging']) || empty($package['user_agent'])) {
> - bb2_db_query(bb2_insert($settings, $package, "00000000"));
> - }
> -}
> -
> -// Check the results of a particular test; see below for usage
> -// Returns FALSE if test passed (yes this is backwards)
> -function bb2_test($settings, $package, $result)
> -{
> - if ($result !== FALSE)
> - {
> - bb2_banned($settings, $package, $result);
> - return TRUE;
> - }
> - return FALSE;
> -}
> -
> -
> -// Let God sort 'em out!
> -function bb2_start($settings)
> -{
> - // Gather up all the information we need, first of all.
> - $headers = bb2_load_headers();
> - // Postprocess the headers to mixed-case
> - // FIXME: get the world to stop using PHP as CGI
> - $headers_mixed = array();
> - foreach ($headers as $h => $v) {
> - $headers_mixed[uc_all($h)] = $v;
> - }
> -
> - // We use these frequently. Keep a copy close at hand.
> - $ip = $_SERVER['REMOTE_ADDR'];
> - $request_method = $_SERVER['REQUEST_METHOD'];
> - $request_uri = $_SERVER['REQUEST_URI'];
> - $server_protocol = $_SERVER['SERVER_PROTOCOL'];
> - $user_agent = $_SERVER['HTTP_USER_AGENT'];
> -
> - // Reconstruct the HTTP entity, if present.
> - $request_entity = array();
> - if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
> - foreach ($_POST as $h => $v) {
> - $request_entity[$h] = $v;
> - }
> - }
> -
> - $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
> -
> - // Please proceed to the security checkpoint and have your
> - // identification and boarding pass ready.
> -
> - // First check the whitelist
> - require_once(BB2_CORE . "/whitelist.inc.php");
> - if (!bb2_whitelist($package)) {
> - // Now check the blacklist
> - require_once(BB2_CORE . "/blacklist.inc.php");
> - bb2_test($settings, $package, bb2_blacklist($package));
> -
> - // Check for common stuff
> - require_once(BB2_CORE . "/common_tests.inc.php");
> - bb2_test($settings, $package, bb2_protocol($settings, $package));
> - bb2_test($settings, $package, bb2_misc_headers($settings, $package));
> -
> - // Specific checks
> - $ua = $headers_mixed['User-Agent'];
> - // MSIE checks
> - if (stripos($ua, "MSIE") !== FALSE) {
> - $package['is_browser'] = true;
> - if (stripos($ua, "Opera") !== FALSE) {
> - require_once(BB2_CORE . "/opera.inc.php");
> - bb2_test($settings, $package, bb2_opera($package));
> - } else {
> - require_once(BB2_CORE . "/msie.inc.php");
> - bb2_test($settings, $package, bb2_msie($package));
> - }
> - } elseif (stripos($ua, "Konqueror") !== FALSE) {
> - $package['is_browser'] = true;
> - require_once(BB2_CORE . "/konqueror.inc.php");
> - bb2_test($settings, $package, bb2_konqueror($package));
> - } elseif (stripos($ua, "Opera") !== FALSE) {
> - $package['is_browser'] = true;
> - require_once(BB2_CORE . "/opera.inc.php");
> - bb2_test($settings, $package, bb2_opera($package));
> - } elseif (stripos($ua, "Safari") !== FALSE) {
> - $package['is_browser'] = true;
> - require_once(BB2_CORE . "/safari.inc.php");
> - bb2_test($settings, $package, bb2_safari($package));
> - } elseif (stripos($ua, "Lynx") !== FALSE) {
> - $package['is_browser'] = true;
> - require_once(BB2_CORE . "/lynx.inc.php");
> - bb2_test($settings, $package, bb2_lynx($package));
> - } elseif (stripos($ua, "MovableType") !== FALSE) {
> - require_once(BB2_CORE . "/movabletype.inc.php");
> - bb2_test($settings, $package, bb2_movabletype($package));
> - } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
> - require_once(BB2_CORE . "/msnbot.inc.php");
> - bb2_test($settings, $package, bb2_msnbot($package));
> - } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE) {
> - require_once(BB2_CORE . "/google.inc.php");
> - bb2_test($settings, $package, bb2_google($package));
> - } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
> - $package['is_browser'] = true;
> - require_once(BB2_CORE . "/mozilla.inc.php");
> - bb2_test($settings, $package, bb2_mozilla($package));
> - }
> -
> - // More intensive screening applies to POST requests
> - if (!strcasecmp('POST', $package['request_method'])) {
> - require_once(BB2_CORE . "/post.inc.php");
> - bb2_test($settings, $package, bb2_post($settings, $package));
> - }
> - }
> -
> - // Last chance screening.
> - require_once(BB2_CORE . "/screener.inc.php");
> - bb2_screener($settings, $package);
> -
> - // And that's about it.
> - bb2_approved($settings, $package);
> - return true;
> -}
> -?>
> +<?php if (!defined('BB2_CWD')) die("I said no cheating!");
> +
> +// Bad Behavior entry point is start_bad_behavior().
> +// If you're reading this, you are probably lost.
> +// Go read the bad-behavior-generic.php file.
> +
> +define('BB2_CORE', dirname(__FILE__));
> +define('BB2_COOKIE', 'bb2_screener_');
> +
> +require_once(BB2_CORE . "/functions.inc.php");
> +
> +// Our log table structure
> +function bb2_table_structure($name)
> +{
> + // It's not paranoia if they really are out to get you.
> + $name_escaped = bb2_db_escape($name);
> + return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
> + `id` INT(11) NOT NULL auto_increment,
> + `ip` TEXT NOT NULL,
> + `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
> + `request_method` TEXT NOT NULL,
> + `request_uri` TEXT NOT NULL,
> + `server_protocol` TEXT NOT NULL,
> + `http_headers` TEXT NOT NULL,
> + `user_agent` TEXT NOT NULL,
> + `request_entity` TEXT NOT NULL,
> + `key` TEXT NOT NULL,
> + INDEX (`ip`(15)),
> + INDEX (`user_agent`(10)),
> + PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
> +}
> +
> +// Insert a new record
> +function bb2_insert($settings, $package, $key)
> +{
> + $ip = bb2_db_escape($package['ip']);
> + $date = bb2_db_date();
> + $request_method = bb2_db_escape($package['request_method']);
> + $request_uri = bb2_db_escape($package['request_uri']);
> + $server_protocol = bb2_db_escape($package['server_protocol']);
> + $user_agent = bb2_db_escape($package['user_agent']);
> + $headers = "$request_method $request_uri $server_protocol\n";
> + foreach ($package['headers'] as $h => $v) {
> + $headers .= bb2_db_escape("$h: $v\n");
> + }
> + $request_entity = "";
> + if (!strcasecmp($request_method, "POST")) {
> + foreach ($package['request_entity'] as $h => $v) {
> + $request_entity .= bb2_db_escape("$h: $v\n");
> + }
> + }
> + return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
> + (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
> + ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
> +}
> +
> +// Kill 'em all!
> +function bb2_banned($settings, $package, $key, $previous_key=false)
> +{
> + // Some spambots hit too hard. Slow them down a bit.
> + sleep(2);
> +
> + require_once(BB2_CORE . "/banned.inc.php");
> + bb2_display_denial($settings, $key, $previous_key);
> + bb2_log_denial($settings, $package, $key, $previous_key);
> + if (is_callable('bb2_banned_callback')) {
> + bb2_banned_callback($settings, $package, $key);
> + }
> + // Penalize the spammers some more
> + require_once(BB2_CORE . "/housekeeping.inc.php");
> + bb2_housekeeping($settings, $package);
> + die();
> +}
> +
> +function bb2_approved($settings, $package)
> +{
> + // Dirk wanted this
> + if (is_callable('bb2_approved_callback')) {
> + bb2_approved_callback($settings, $package);
> + }
> +
> + // Decide what to log on approved requests.
> + if (($settings['verbose'] && $settings['logging']) || empty($package['user_agent'])) {
> + bb2_db_query(bb2_insert($settings, $package, "00000000"));
> + }
> +}
> +
> +// Check the results of a particular test; see below for usage
> +// Returns FALSE if test passed (yes this is backwards)
> +function bb2_test($settings, $package, $result)
> +{
> + if ($result !== FALSE)
> + {
> + bb2_banned($settings, $package, $result);
> + return TRUE;
> + }
> + return FALSE;
> +}
> +
> +
> +// Let God sort 'em out!
> +function bb2_start($settings)
> +{
> + // Gather up all the information we need, first of all.
> + $headers = bb2_load_headers();
> + // Postprocess the headers to mixed-case
> + // FIXME: get the world to stop using PHP as CGI
> + $headers_mixed = array();
> + foreach ($headers as $h => $v) {
> + $headers_mixed[uc_all($h)] = $v;
> + }
> +
> + // We use these frequently. Keep a copy close at hand.
> + $ip = $_SERVER['REMOTE_ADDR'];
> + $request_method = $_SERVER['REQUEST_METHOD'];
> + $request_uri = $_SERVER['REQUEST_URI'];
> + $server_protocol = $_SERVER['SERVER_PROTOCOL'];
> + $user_agent = $_SERVER['HTTP_USER_AGENT'];
> +
> + // Reconstruct the HTTP entity, if present.
> + $request_entity = array();
> + if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
> + foreach ($_POST as $h => $v) {
> + $request_entity[$h] = $v;
> + }
> + }
> +
> + $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
> +
> + // Please proceed to the security checkpoint and have your
> + // identification and boarding pass ready.
> +
> + // First check the whitelist
> + require_once(BB2_CORE . "/whitelist.inc.php");
> + if (!bb2_whitelist($package)) {
> + // Now check the blacklist
> + require_once(BB2_CORE . "/blacklist.inc.php");
> + bb2_test($settings, $package, bb2_blacklist($package));
> +
> + // Check for common stuff
> + require_once(BB2_CORE . "/common_tests.inc.php");
> + bb2_test($settings, $package, bb2_protocol($settings, $package));
> + bb2_test($settings, $package, bb2_misc_headers($settings, $package));
> +
> + // Specific checks
> + $ua = $headers_mixed['User-Agent'];
> + // MSIE checks
> + if (stripos($ua, "MSIE") !== FALSE) {
> + $package['is_browser'] = true;
> + if (stripos($ua, "Opera") !== FALSE) {
> + require_once(BB2_CORE . "/opera.inc.php");
> + bb2_test($settings, $package, bb2_opera($package));
> + } else {
> + require_once(BB2_CORE . "/msie.inc.php");
> + bb2_test($settings, $package, bb2_msie($package));
> + }
> + } elseif (stripos($ua, "Konqueror") !== FALSE) {
> + $package['is_browser'] = true;
> + require_once(BB2_CORE . "/konqueror.inc.php");
> + bb2_test($settings, $package, bb2_konqueror($package));
> + } elseif (stripos($ua, "Opera") !== FALSE) {
> + $package['is_browser'] = true;
> + require_once(BB2_CORE . "/opera.inc.php");
> + bb2_test($settings, $package, bb2_opera($package));
> + } elseif (stripos($ua, "Safari") !== FALSE) {
> + $package['is_browser'] = true;
> + require_once(BB2_CORE . "/safari.inc.php");
> + bb2_test($settings, $package, bb2_safari($package));
> + } elseif (stripos($ua, "Lynx") !== FALSE) {
> + $package['is_browser'] = true;
> + require_once(BB2_CORE . "/lynx.inc.php");
> + bb2_test($settings, $package, bb2_lynx($package));
> + } elseif (stripos($ua, "MovableType") !== FALSE) {
> + require_once(BB2_CORE . "/movabletype.inc.php");
> + bb2_test($settings, $package, bb2_movabletype($package));
> + } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
> + require_once(BB2_CORE . "/msnbot.inc.php");
> + bb2_test($settings, $package, bb2_msnbot($package));
> + } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE) {
> + require_once(BB2_CORE . "/google.inc.php");
> + bb2_test($settings, $package, bb2_google($package));
> + } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
> + $package['is_browser'] = true;
> + require_once(BB2_CORE . "/mozilla.inc.php");
> + bb2_test($settings, $package, bb2_mozilla($package));
> + }
> +
> + // More intensive screening applies to POST requests
> + if (!strcasecmp('POST', $package['request_method'])) {
> + require_once(BB2_CORE . "/post.inc.php");
> + bb2_test($settings, $package, bb2_post($settings, $package));
> + }
> + }
> +
> + // Last chance screening.
> + require_once(BB2_CORE . "/screener.inc.php");
> + bb2_screener($settings, $package);
> +
> + // And that's about it.
> + bb2_approved($settings, $package);
> + return true;
> +}
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,70 +1,70 @@
> -<?php if (!defined('BB2_CORE')) die("I said no cheating!");
> -
> -// Miscellaneous helper functions.
> -
> -// stripos() needed because stripos is only present on PHP 5
> -if (!function_exists('stripos')) {
> - function stripos($haystack,$needle,$offset = 0) {
> - return(strpos(strtolower($haystack),strtolower($needle),$offset));
> - }
> -}
> -
> -// str_split() needed because str_split is only present on PHP 5
> -if (!function_exists('str_split')) {
> - function str_split($string, $split_length=1)
> - {
> - if ($split_length < 1) {
> - return false;
> - }
> -
> - for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length) {
> - $chunks[] = substr($string, $pos, $split_length);
> - }
> - return $chunks;
> - }
> -}
> -
> -// Convert a string to mixed-case on word boundaries.
> -function uc_all($string) {
> - $temp = preg_split('/(\W)/', str_replace("_", "-", $string), -1, PREG_SPLIT_DELIM_CAPTURE);
> - foreach ($temp as $key=>$word) {
> - $temp[$key] = ucfirst(strtolower($word));
> - }
> - return join ('', $temp);
> -}
> -
> -// Determine if an IP address resides in a CIDR netblock or netblocks.
> -function match_cidr($addr, $cidr) {
> - $output = false;
> -
> - if (is_array($cidr)) {
> - foreach ($cidr as $cidrlet) {
> - if (match_cidr($addr, $cidrlet)) {
> - $output = true;
> - }
> - }
> - } else {
> - list($ip, $mask) = explode('/', $cidr);
> - if (!$mask) $mask = 32;
> - $mask = pow(2,32) - pow(2, (32 - $mask));
> - $output = ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
> - }
> - return $output;
> -}
> -
> -// Obtain all the HTTP headers.
> -// NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
> -// headers. Run PHP as Apache 2.0 module if possible for best results.
> -function bb2_load_headers() {
> - if (!is_callable('getallheaders')) {
> - $headers = array();
> - foreach ($_SERVER as $h => $v)
> - if (ereg('HTTP_(.+)', $h, $hp))
> - $headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
> - } else {
> - $headers = getallheaders();
> - }
> - return $headers;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die("I said no cheating!");
> +
> +// Miscellaneous helper functions.
> +
> +// stripos() needed because stripos is only present on PHP 5
> +if (!function_exists('stripos')) {
> + function stripos($haystack,$needle,$offset = 0) {
> + return(strpos(strtolower($haystack),strtolower($needle),$offset));
> + }
> +}
> +
> +// str_split() needed because str_split is only present on PHP 5
> +if (!function_exists('str_split')) {
> + function str_split($string, $split_length=1)
> + {
> + if ($split_length < 1) {
> + return false;
> + }
> +
> + for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length) {
> + $chunks[] = substr($string, $pos, $split_length);
> + }
> + return $chunks;
> + }
> +}
> +
> +// Convert a string to mixed-case on word boundaries.
> +function uc_all($string) {
> + $temp = preg_split('/(\W)/', str_replace("_", "-", $string), -1, PREG_SPLIT_DELIM_CAPTURE);
> + foreach ($temp as $key=>$word) {
> + $temp[$key] = ucfirst(strtolower($word));
> + }
> + return join ('', $temp);
> +}
> +
> +// Determine if an IP address resides in a CIDR netblock or netblocks.
> +function match_cidr($addr, $cidr) {
> + $output = false;
> +
> + if (is_array($cidr)) {
> + foreach ($cidr as $cidrlet) {
> + if (match_cidr($addr, $cidrlet)) {
> + $output = true;
> + }
> + }
> + } else {
> + list($ip, $mask) = explode('/', $cidr);
> + if (!$mask) $mask = 32;
> + $mask = pow(2,32) - pow(2, (32 - $mask));
> + $output = ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
> + }
> + return $output;
> +}
> +
> +// Obtain all the HTTP headers.
> +// NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
> +// headers. Run PHP as Apache 2.0 module if possible for best results.
> +function bb2_load_headers() {
> + if (!is_callable('getallheaders')) {
> + $headers = array();
> + foreach ($_SERVER as $h => $v)
> + if (ereg('HTTP_(.+)', $h, $hp))
> + $headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
> + } else {
> + $headers = getallheaders();
> + }
> + return $headers;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,13 +1,13 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Analyze user agents claiming to be Googlebot
> -
> -function bb2_google($package)
> -{
> - if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE) {
> - return "f1182195";
> - }
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Analyze user agents claiming to be Googlebot
> +
> +function bb2_google($package)
> +{
> + if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE) {
> + return "f1182195";
> + }
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,16 +1,16 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -function bb2_housekeeping($settings, $package)
> -{
> - // FIXME Yes, the interval's hard coded (again) for now.
> - $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
> - bb2_db_query($query);
> -
> - // Waste a bunch more of the spammer's time, sometimes.
> - if (rand(1,1000) == 1) {
> - $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
> - bb2_db_query($query);
> - }
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +function bb2_housekeeping($settings, $package)
> +{
> + // FIXME Yes, the interval's hard coded (again) for now.
> + $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
> + bb2_db_query($query);
> +
> + // Waste a bunch more of the spammer's time, sometimes.
> + if (rand(1,1000) == 1) {
> + $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
> + bb2_db_query($query);
> + }
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,17 +1,17 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Analyze user agents claiming to be Konqueror
> -
> -function bb2_konqueror($package)
> -{
> - // CafeKelsa is a dev project at Yahoo which indexes job listings for
> - // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
> - if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
> - if (!array_key_exists('Accept', $package['headers_mixed'])) {
> - return "17566707";
> - }
> - }
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Analyze user agents claiming to be Konqueror
> +
> +function bb2_konqueror($package)
> +{
> + // CafeKelsa is a dev project at Yahoo which indexes job listings for
> + // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
> + if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
> + if (!array_key_exists('Accept', $package['headers_mixed'])) {
> + return "17566707";
> + }
> + }
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,13 +1,13 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Analyze user agents claiming to be Lynx
> -
> -function bb2_lynx($package)
> -{
> - if (!array_key_exists('Accept', $package['headers_mixed'])) {
> - return "17566707";
> - }
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Analyze user agents claiming to be Lynx
> +
> +function bb2_lynx($package)
> +{
> + if (!array_key_exists('Accept', $package['headers_mixed'])) {
> + return "17566707";
> + }
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,14 +1,14 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -function bb2_movabletype($package)
> -{
> - // Is it a trackback?
> - if (strcasecmp($package['request_method'], "POST")) {
> - if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
> - return "7d12528e";
> - }
> - }
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +function bb2_movabletype($package)
> +{
> + // Is it a trackback?
> + if (strcasecmp($package['request_method'], "POST")) {
> + if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
> + return "7d12528e";
> + }
> + }
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,19 +1,19 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Analyze user agents claiming to be Mozilla
> -
> -function bb2_mozilla($package)
> -{
> - // First off, workaround for Google Desktop, until they fix it FIXME
> - // Google Desktop fixed it, but apparently some old versions are
> - // still out there. :(
> - // Always check accept header for Mozilla user agents
> - if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
> - if (!array_key_exists('Accept', $package['headers_mixed'])) {
> - return "17566707";
> - }
> - }
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Analyze user agents claiming to be Mozilla
> +
> +function bb2_mozilla($package)
> +{
> + // First off, workaround for Google Desktop, until they fix it FIXME
> + // Google Desktop fixed it, but apparently some old versions are
> + // still out there. :(
> + // Always check accept header for Mozilla user agents
> + if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
> + if (!array_key_exists('Accept', $package['headers_mixed'])) {
> + return "17566707";
> + }
> + }
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,25 +1,25 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Analyze user agents claiming to be MSIE
> -
> -function bb2_msie($package)
> -{
> - if (!array_key_exists('Accept', $package['headers_mixed'])) {
> - return "17566707";
> - }
> -
> - // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
> - if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
> - return "a1084bad";
> - }
> -
> - // MSIE does NOT send Connection: TE but Akamai does
> - // Bypass this test when Akamai detected
> - if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
> - return "2b90f772";
> - }
> -
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Analyze user agents claiming to be MSIE
> +
> +function bb2_msie($package)
> +{
> + if (!array_key_exists('Accept', $package['headers_mixed'])) {
> + return "17566707";
> + }
> +
> + // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
> + if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
> + return "a1084bad";
> + }
> +
> + // MSIE does NOT send Connection: TE but Akamai does
> + // Bypass this test when Akamai detected
> + if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
> + return "2b90f772";
> + }
> +
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,13 +1,13 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Analyze user agents claiming to be msnbot
> -
> -function bb2_msnbot($package)
> -{
> - if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
> - return "e4de0453";
> - }
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Analyze user agents claiming to be msnbot
> +
> +function bb2_msnbot($package)
> +{
> + if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
> + return "e4de0453";
> + }
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,13 +1,13 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Analyze user agents claiming to be Opera
> -
> -function bb2_opera($package)
> -{
> - if (!array_key_exists('Accept', $package['headers_mixed'])) {
> - return "17566707";
> - }
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Analyze user agents claiming to be Opera
> +
> +function bb2_opera($package)
> +{
> + if (!array_key_exists('Accept', $package['headers_mixed'])) {
> + return "17566707";
> + }
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,75 +1,75 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// All tests which apply specifically to POST requests
> -function bb2_post($settings, $package)
> -{
> - // Check blackhole lists for known spam/malicious activity
> - // LifeType mod by pwestbro: dns blacklist checks can be done in the
> - // dnsantispam plugin.
> - // require_once(BB2_CORE . "/blackhole.inc.php");
> - // bb2_test($settings, $package, bb2_blackhole($package));
> -
> - // MovableType needs specialized screening
> - if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
> - if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
> - return "7d12528e";
> - }
> - }
> -
> - // Trackbacks need special screening
> - $request_entity = $package['request_entity'];
> - if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
> - require_once(BB2_CORE . "/trackback.inc.php");
> - return bb2_trackback($package);
> - }
> -
> - // Catch a few completely broken spambots
> - foreach ($request_entity as $key => $value) {
> - $pos = strpos($key, " document.write");
> - if ($pos !== FAlSE) {
> - return "dfd9b1ad";
> - }
> - }
> -
> - // Screen by cookie/JavaScript form add
> - if (isset($_COOKIE[BB2_COOKIE])) {
> - $screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);
> - }
> - if (isset($_POST[BB2_COOKIE])) {
> - $screener2 = explode(" ", $_POST[BB2_COOKIE]);
> - }
> - $screener = max($screener1[0], $screener2[0]);
> -
> - if ($screener > 0) {
> - // Posting too fast? 5 sec
> - // FIXME: even 5 sec is too intrusive
> - // if ($screener + 5 > time())
> - // return "408d7e72";
> - // Posting too slow? 48 hr
> - // LifeType mod by jondaley: since pages can be cached, the cookie might not be updated
> - // and this can get tripped incorrectly
> - // if ($screener + 172800 < time())
> - // return "b40c8ddc";
> -
> - // Screen by IP address
> - $ip = ip2long($package['ip']);
> - $ip_screener = ip2long($screener[1]);
> -// FIXME: This is b0rked, but why?
> -// if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
> -// return "c1fa729b";
> -
> - if ($package['headers_mixed']['X-Forwarded-For']) {
> - $ip = $package['headers_mixed']['X-Forwarded-For'];
> - }
> - // Screen for user agent changes
> - // User connected previously with blank user agent
> -// $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
> - // Damnit, too many ways for this to fail :(
> -// if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
> -// return "799165c2";
> - }
> -
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// All tests which apply specifically to POST requests
> +function bb2_post($settings, $package)
> +{
> + // Check blackhole lists for known spam/malicious activity
> + require_once(BB2_CORE . "/blackhole.inc.php");
> + bb2_test($settings, $package, bb2_blackhole($package));
> +
> + // MovableType needs specialized screening
> + if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
> + if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
> + return "7d12528e";
> + }
> + }
> +
> + // Trackbacks need special screening
> + $request_entity = $package['request_entity'];
> + if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
> + require_once(BB2_CORE . "/trackback.inc.php");
> + return bb2_trackback($package);
> + }
> +
> + // Catch a few completely broken spambots
> + foreach ($request_entity as $key => $value) {
> + $pos = strpos($key, " document.write");
> + if ($pos !== FAlSE) {
> + return "dfd9b1ad";
> + }
> + }
> +
> + // Screen by cookie/JavaScript form add
> + if (isset($_COOKIE[BB2_COOKIE])) {
> + $screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);
> + } else {
> + $screener1 = array(0);
> + }
> + if (isset($_POST[BB2_COOKIE])) {
> + $screener2 = explode(" ", $_POST[BB2_COOKIE]);
> + } else {
> + $screener2 = array(0);
> + }
> + $screener = max($screener1[0], $screener2[0]);
> +
> + if ($screener > 0) {
> + // Posting too fast? 5 sec
> + // FIXME: even 5 sec is too intrusive
> + // if ($screener + 5 > time())
> + // return "408d7e72";
> + // Posting too slow? 48 hr
> + if ($screener + 172800 < time())
> + return "b40c8ddc";
> +
> + // Screen by IP address
> + $ip = ip2long($package['ip']);
> + $ip_screener = ip2long($screener[1]);
> +// FIXME: This is b0rked, but why?
> +// if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
> +// return "c1fa729b";
> +
> + if ($package['headers_mixed']['X-Forwarded-For']) {
> + $ip = $package['headers_mixed']['X-Forwarded-For'];
> + }
> + // Screen for user agent changes
> + // User connected previously with blank user agent
> +// $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
> + // Damnit, too many ways for this to fail :(
> +// if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
> +// return "799165c2";
> + }
> +
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,44 +1,45 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Defines the responses which Bad Behavior might return.
> -
> -function bb2_get_response($key) {
> - $bb2_responses = array(
> - '00000000' => array('response' => 200, 'explanation' => '', 'log' => ''),
> - '136673cd' => array('response' => 403, 'explanation' => 'Your Internet Protocol address is listed on a blacklist of addresses involved in malicious or illegal activity. See the listing below for more details on specific blacklists and removal procedures.', 'log' => 'IP address found on external blacklist'),
> - '17566707' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
> - '17f4e8c8' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent was found on blacklist'),
> - '21f11d3f' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a mobile Web device, but you do not actually appear to be a mobile Web device.', 'log' => 'User-Agent claimed to be AvantGo, claim appears false'),
> - '2b90f772' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. If you are using the Opera browser, then Opera must appear in your user agent.', 'log' => 'Connection: TE present, not supported by MSIE'),
> - '408d7e72' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST comes too quickly after GET'),
> - '41feed15' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server. Bypass the proxy server and connect directly, or contact your proxy server administrator.', 'log' => 'Header \'Pragma\' without \'Cache-Control\' prohibited for HTTP/1.1 requests'),
> - '45b35e30' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' is corrupt'),
> - '57796684' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
> - '582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
> - '69920ee5' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
> - '799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
> - '7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
> - '7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
> - '7d12528e' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Prohibited header \'Range\' or \'Content-Range\' in POST request'),
> - '939a6fbb' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Banned proxy server in use'),
> - '9c9e4979' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'via\' present'),
> - 'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
> - 'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
> - 'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
> - 'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
> - 'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
> - 'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
> - 'c1fa729b' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Use of rotating proxy servers detected'),
> - 'd60b87c7' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Trackback received via proxy server'),
> - 'dfd9b1ad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Request contained a malicious JavaScript or SQL injection attack'),
> - 'e4de0453' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be msnbot, claim appears to be false'),
> - 'e87553e1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'I know you and I don\'t like you, dirty spammer.'),
> - 'f0dcb3fd' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Web browser attempted to send a trackback'),
> - 'f1182195' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Googlebot, claim appears to be false.'),
> - 'f9f2b8b9' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'A User-Agent is required but none was provided.'),
> - );
> -
> - if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
> - return array('00000000');
> -}
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Defines the responses which Bad Behavior might return.
> +
> +function bb2_get_response($key) {
> + $bb2_responses = array(
> + '00000000' => array('response' => 200, 'explanation' => '', 'log' => 'Permitted'),
> + '136673cd' => array('response' => 403, 'explanation' => 'Your Internet Protocol address is listed on a blacklist of addresses involved in malicious or illegal activity. See the listing below for more details on specific blacklists and removal procedures.', 'log' => 'IP address found on external blacklist'),
> + '17566707' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
> + '17f4e8c8' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent was found on blacklist'),
> + '21f11d3f' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a mobile Web device, but you do not actually appear to be a mobile Web device.', 'log' => 'User-Agent claimed to be AvantGo, claim appears false'),
> + '2b90f772' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. If you are using the Opera browser, then Opera must appear in your user agent.', 'log' => 'Connection: TE present, not supported by MSIE'),
> + '35ea7ffa' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Check your browser\'s language and locale settings.', 'log' => 'Invalid language specified'),
> + '408d7e72' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST comes too quickly after GET'),
> + '41feed15' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server. Bypass the proxy server and connect directly, or contact your proxy server administrator.', 'log' => 'Header \'Pragma\' without \'Cache-Control\' prohibited for HTTP/1.1 requests'),
> + '45b35e30' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' is corrupt'),
> + '57796684' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
> + '582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
> + '69920ee5' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
> + '799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
> + '7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
> + '7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
> + '7d12528e' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Prohibited header \'Range\' or \'Content-Range\' in POST request'),
> + '939a6fbb' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Banned proxy server in use'),
> + '9c9e4979' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'via\' present'),
> + 'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
> + 'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
> + 'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
> + 'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
> + 'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
> + 'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
> + 'c1fa729b' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Use of rotating proxy servers detected'),
> + 'd60b87c7' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Trackback received via proxy server'),
> + 'dfd9b1ad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Request contained a malicious JavaScript or SQL injection attack'),
> + 'e4de0453' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be msnbot, claim appears to be false'),
> + 'e87553e1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'I know you and I don\'t like you, dirty spammer.'),
> + 'f0dcb3fd' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Web browser attempted to send a trackback'),
> + 'f1182195' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Googlebot, claim appears to be false.'),
> + 'f9f2b8b9' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'A User-Agent is required but none was provided.'),
> + );
> +
> + if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
> + return array('00000000');
> +}
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,13 +1,13 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Analyze user agents claiming to be Safari
> -
> -function bb2_safari($package)
> -{
> - if (!array_key_exists('Accept', $package['headers_mixed'])) {
> - return "17566707";
> - }
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Analyze user agents claiming to be Safari
> +
> +function bb2_safari($package)
> +{
> + if (!array_key_exists('Accept', $package['headers_mixed'])) {
> + return "17566707";
> + }
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,63 +1,63 @@
> -<?php if (!defined('BB2_CWD')) die("I said no cheating!");
> -
> -// Bad Behavior browser screener
> -
> -function bb2_screener_cookie($settings, $package, $cookie_name, $cookie_value)
> -{
> - // FIXME: Set the real cookie
> - setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
> -}
> -
> -function bb2_screener_javascript($settings, $package, $cookie_name, $cookie_value)
> -{
> - global $bb2_javascript;
> -
> - // FIXME: do something
> - $bb2_javascript = "<script type=\"text/javascript\">
> -<!--
> -function bb2_addLoadEvent(func) {
> - var oldonload = window.onload;
> - if (typeof window.onload != 'function') {
> - window.onload = func;
> - } else {
> - window.onload = function() {
> - oldonload();
> - func();
> - }
> - }
> -}
> -
> -bb2_addLoadEvent(function() {
> - for ( i=0; i < document.forms.length; i++ ) {
> - if (document.forms[i].method == 'post') {
> - var myElement = document.createElement('input');
> - myElement.setAttribute('type', 'hidden');
> - myElement.name = '$cookie_name';
> - myElement.value = '$cookie_value';
> - document.forms[i].appendChild(myElement);
> - }
> - }
> -});
> -// --></script>
> - ";
> -}
> -
> -function bb2_screener($settings, $package)
> -{
> - $cookie_name = BB2_COOKIE;
> -
> - // Set up a simple cookie
> - $screener = array(time(), $package['ip']);
> - if (isset($package['headers_mixed']['X-Forwarded-For'])) {
> - array_push($screener, $package['headers_mixed']['X-Forwarded-For']);
> - }
> - if (isset($package['headers_mixed']['Client-Ip'])) {
> - array_push($screener, $package['headers_mixed']['Client-Ip']);
> - }
> -
> - $cookie_value = implode(" ", $screener);
> -
> - bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
> - bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
> -}
> -?>
> +<?php if (!defined('BB2_CWD')) die("I said no cheating!");
> +
> +// Bad Behavior browser screener
> +
> +function bb2_screener_cookie($settings, $package, $cookie_name, $cookie_value)
> +{
> + // FIXME: Set the real cookie
> + setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
> +}
> +
> +function bb2_screener_javascript($settings, $package, $cookie_name, $cookie_value)
> +{
> + global $bb2_javascript;
> +
> + // FIXME: do something
> + $bb2_javascript = "<script type=\"text/javascript\">
> +<!--
> +function bb2_addLoadEvent(func) {
> + var oldonload = window.onload;
> + if (typeof window.onload != 'function') {
> + window.onload = func;
> + } else {
> + window.onload = function() {
> + oldonload();
> + func();
> + }
> + }
> +}
> +
> +bb2_addLoadEvent(function() {
> + for ( i=0; i < document.forms.length; i++ ) {
> + if (document.forms[i].method == 'post') {
> + var myElement = document.createElement('input');
> + myElement.setAttribute('type', 'hidden');
> + myElement.name = '$cookie_name';
> + myElement.value = '$cookie_value';
> + document.forms[i].appendChild(myElement);
> + }
> + }
> +});
> +// --></script>
> + ";
> +}
> +
> +function bb2_screener($settings, $package)
> +{
> + $cookie_name = BB2_COOKIE;
> +
> + // Set up a simple cookie
> + $screener = array(time(), $package['ip']);
> + if (isset($package['headers_mixed']['X-Forwarded-For'])) {
> + array_push($screener, $package['headers_mixed']['X-Forwarded-For']);
> + }
> + if (isset($package['headers_mixed']['Client-Ip'])) {
> + array_push($screener, $package['headers_mixed']['Client-Ip']);
> + }
> +
> + $cookie_value = implode(" ", $screener);
> +
> + bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
> + bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
> +}
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,18 +1,18 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -// Specialized screening for trackbacks
> -function bb2_trackback($package)
> -{
> - // Web browsers don't send trackbacks
> - if ($package['is_browser']) {
> - return 'f0dcb3fd';
> - }
> -
> - // Proxy servers don't send trackbacks either
> - if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
> - return 'd60b87c7';
> - }
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +// Specialized screening for trackbacks
> +function bb2_trackback($package)
> +{
> + // Web browsers don't send trackbacks
> + if ($package['is_browser']) {
> + return 'f0dcb3fd';
> + }
> +
> + // Proxy servers don't send trackbacks either
> + if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
> + return 'd60b87c7';
> + }
> + return false;
> +}
> +
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,3 +1,3 @@
> -<?php if (!defined('BB2_CWD')) die("I said no cheating!");
> -define('BB2_VERSION', "2.0.16");
> -?>
> +<?php if (!defined('BB2_CWD')) die("I said no cheating!");
> +define('BB2_VERSION', "2.0.20");
> +?>
>
> Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
> ===================================================================
> --- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php 2008-07-15 21:48:44 UTC (rev 6695)
> +++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php 2008-07-16 21:16:00 UTC (rev 6696)
> @@ -1,58 +1,58 @@
> -<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> -
> -function bb2_whitelist($package)
> -{
> - // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> -
> - // Inappropriate whitelisting WILL expose you to spam, or cause Bad
> - // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
> - // are 100% CERTAIN that you should.
> -
> - // IP address ranges use the CIDR format.
> -
> - // Includes four examples of whitelisting by IP address and netblock.
> - $bb2_whitelist_ip_ranges = array(
> - "64.191.203.34", // Digg whitelisted as of 2.0.12
> - "208.67.217.130", // Digg whitelisted as of 2.0.12
> - "10.0.0.0/8",
> - "172.16.0.0/12",
> - "192.168.0.0/16",
> -// "127.0.0.1",
> - );
> -
> - // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> -
> - // Inappropriate whitelisting WILL expose you to spam, or cause Bad
> - // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
> - // are 100% CERTAIN that you should.
> -
> - // You should not whitelist search engines by user agent. Use the IP
> - // netblock for the search engine instead. See http://whois.arin.net/
> - // to locate the netblocks for an IP.
> -
> - // User agents are matched by exact match only.
> -
> - // Includes one example of whitelisting by user agent.
> - // All are commented out.
> - $bb2_whitelist_user_agents = array(
> - // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
> - );
> -
> - // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> -
> - // Do not edit below this line
> -
> - if (!empty($bb2_whitelist_ip_ranges)) {
> - foreach ($bb2_whitelist_ip_ranges as $range) {
> - if (match_cidr($package['ip'], $range)) return true;
> - }
> - }
> - if (!empty($bb2_whitelist_user_agents)) {
> - foreach ($bb2_whitelist_user_agents as $user_agent) {
> - if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
> - }
> - }
> - return false;
> -}
> -
> -?>
> +<?php if (!defined('BB2_CORE')) die('I said no cheating!');
> +
> +function bb2_whitelist($package)
> +{
> + // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> +
> + // Inappropriate whitelisting WILL expose you to spam, or cause Bad
> + // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
> + // are 100% CERTAIN that you should.
> +
> + // IP address ranges use the CIDR format.
> +
> + // Includes four examples of whitelisting by IP address and netblock.
> + $bb2_whitelist_ip_ranges = array(
> + "64.191.203.34", // Digg whitelisted as of 2.0.12
> + "208.67.217.130", // Digg whitelisted as of 2.0.12
> + "10.0.0.0/8",
> + "172.16.0.0/12",
> + "192.168.0.0/16",
> +// "127.0.0.1",
> + );
> +
> + // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> +
> + // Inappropriate whitelisting WILL expose you to spam, or cause Bad
> + // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
> + // are 100% CERTAIN that you should.
> +
> + // You should not whitelist search engines by user agent. Use the IP
> + // netblock for the search engine instead. See http://whois.arin.net/
> + // to locate the netblocks for an IP.
> +
> + // User agents are matched by exact match only.
> +
> + // Includes one example of whitelisting by user agent.
> + // All are commented out.
> + $bb2_whitelist_user_agents = array(
> + // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
> + );
> +
> + // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
> +
> + // Do not edit below this line
> +
> + if (!empty($bb2_whitelist_ip_ranges)) {
> + foreach ($bb2_whitelist_ip_ranges as $range) {
> + if (match_cidr($package['ip'], $range)) return true;
> + }
> + }
> + if (!empty($bb2_whitelist_user_agents)) {
> + foreach ($bb2_whitelist_user_agents as $user_agent) {
> + if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
> + }
> + }
> + return false;
> +}
> +
> +?>
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
--
Jon Daley
http://jon.limedaley.com
~~
Why are you limiting God to the first floor of your life?
-- Rob Graham
More information about the pLog-svn
mailing list