[pLog-svn] r6570 - plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior

jondaley at devel.lifetype.net jondaley at devel.lifetype.net
Wed Jun 18 13:23:17 EDT 2008


Author: jondaley
Date: 2008-06-18 13:23:17 -0400 (Wed, 18 Jun 2008)
New Revision: 6570

Modified:
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/admin.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
Log:
spacing change - if we use the line ends bad-behavior does, it will be easy to merge later

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/admin.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/admin.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/admin.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,75 +1,75 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_admin_pages() {
-	if (function_exists('current_user_can')) {
-		// The new 2.x way
-		if (current_user_can('manage_options')) {
-			$bb2_is_admin = true;
-		}
-	} else {
-		// The old 1.x way
-		global $user_ID;
-		if (user_can_edit_user($user_ID, 0)) {
-			$bb2_is_admin = true;
-		}
-	}
-
-	if ($bb2_is_admin) {
-		add_options_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_options', 'bb2_options');
-	}
-}
-
-function bb2_options()
-{
-	$settings = bb2_read_settings();
-
-	if ($_POST) {
-		if ($_POST['display_stats']) {
-			$settings['display_stats'] = true;
-		} else {
-			$settings['display_stats'] = false;
-		}
-		if ($_POST['strict']) {
-			$settings['strict'] = true;
-		} else {
-			$settings['strict'] = false;
-		}
-		if ($_POST['verbose']) {
-			$settings['verbose'] = true;
-		} else {
-			$settings['verbose'] = false;
-		}
-		bb2_write_settings($settings);
-?>
-	<div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
-<?php
-	}
-?>
-	<div class="wrap">
-	<h2><?php _e("Bad Behavior"); ?></h2>
-	<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
-	<p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
-	<p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
-
-	<fieldset class="options">
-	<legend><?php _e('Statistics'); ?></legend>
-	<?php bb2_insert_stats(true); ?>
-	<p><label><input type="checkbox" name="display_stats" value="true" <?php if ($settings['display_stats']) { ?>checked="checked" <?php } ?>/> <?php _e('Display statistics in blog footer'); ?></label></p>
-	</fieldset>
-
-	<fieldset class="options">
-	<legend><?php _e('Logging'); ?></legend>
-	<p><label><input type="checkbox" name="verbose" value="true" <?php if ($settings['verbose']) { ?>checked="checked" <?php } ?>/> <?php _e('Verbose HTTP request logging'); ?></label></p>
-	<legend><?php _e('Strict Mode'); ?></legend>
-	<p><label><input type="checkbox" name="strict" value="true" <?php if ($settings['strict']) { ?>checked="checked" <?php } ?>/> <?php _e('Strict checking (blocks more spam but may block some people)'); ?></label></p>
-	</fieldset>
-
-	<p class="submit"><input type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
-	</form>
-	</div>
-<?php
-}
-
-add_action('admin_menu', 'bb2_admin_pages');
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+function bb2_admin_pages() {
+	if (function_exists('current_user_can')) {
+		// The new 2.x way
+		if (current_user_can('manage_options')) {
+			$bb2_is_admin = true;
+		}
+	} else {
+		// The old 1.x way
+		global $user_ID;
+		if (user_can_edit_user($user_ID, 0)) {
+			$bb2_is_admin = true;
+		}
+	}
+
+	if ($bb2_is_admin) {
+		add_options_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_options', 'bb2_options');
+	}
+}
+
+function bb2_options()
+{
+	$settings = bb2_read_settings();
+
+	if ($_POST) {
+		if ($_POST['display_stats']) {
+			$settings['display_stats'] = true;
+		} else {
+			$settings['display_stats'] = false;
+		}
+		if ($_POST['strict']) {
+			$settings['strict'] = true;
+		} else {
+			$settings['strict'] = false;
+		}
+		if ($_POST['verbose']) {
+			$settings['verbose'] = true;
+		} else {
+			$settings['verbose'] = false;
+		}
+		bb2_write_settings($settings);
+?>
+	<div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
+<?php
+	}
+?>
+	<div class="wrap">
+	<h2><?php _e("Bad Behavior"); ?></h2>
+	<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
+	<p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
+	<p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
+
+	<fieldset class="options">
+	<legend><?php _e('Statistics'); ?></legend>
+	<?php bb2_insert_stats(true); ?>
+	<p><label><input type="checkbox" name="display_stats" value="true" <?php if ($settings['display_stats']) { ?>checked="checked" <?php } ?>/> <?php _e('Display statistics in blog footer'); ?></label></p>
+	</fieldset>
+
+	<fieldset class="options">
+	<legend><?php _e('Logging'); ?></legend>
+	<p><label><input type="checkbox" name="verbose" value="true" <?php if ($settings['verbose']) { ?>checked="checked" <?php } ?>/> <?php _e('Verbose HTTP request logging'); ?></label></p>
+	<legend><?php _e('Strict Mode'); ?></legend>
+	<p><label><input type="checkbox" name="strict" value="true" <?php if ($settings['strict']) { ?>checked="checked" <?php } ?>/> <?php _e('Strict checking (blocks more spam but may block some people)'); ?></label></p>
+	</fieldset>
+
+	<p class="submit"><input type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
+	</form>
+	</div>
+<?php
+}
+
+add_action('admin_menu', 'bb2_admin_pages');
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,48 +1,48 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Functions called when a request has been denied
-// This part can be gawd-awful slow, doesn't matter :)
-
-require_once(BB2_CORE . "/responses.inc.php");
-
-function bb2_display_denial($settings, $key, $previous_key = false)
-{
-	if (!$previous_key) $previous_key = $key;
-	if ($key == "e87553e1") {
-		// FIXME: lookup the real key
-	}
-	// Create support key
-	$ip = explode(".", $_SERVER['REMOTE_ADDR']);
-	$ip_hex = "";
-	foreach ($ip as $octet) {
-		$ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
-	}
-	$support_key = implode("-", str_split("$ip_hex$key", 4));
-
-	// Get response data
-	$response = bb2_get_response($previous_key);
-	header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
-	header("Status: " . $response['response'] . " Bad Behavior");
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>HTTP Error <?php echo $response['response']; ?></title>
-</head>
-<body>
-<h1>Error <?php echo $response['response']; ?></h1>
-<p>We're sorry, but we could not fulfill your request for
-<?php echo htmlspecialchars($_SERVER['REQUEST_URI']) ?> on this server.</p>
-<p><?php echo $response['explanation']; ?></p>
-<p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
-<p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
-<p>If you are unable to fix the problem yourself, please contact <a href="mailto:<?php echo htmlspecialchars(str_replace("@", "+nospam at nospam.", bb2_email())); ?>"><?php echo htmlspecialchars(str_replace("@", " at ", bb2_email())); ?></a> and be sure to provide the technical support key shown above.</p>
-<?php
-}
-
-function bb2_log_denial($settings, $package, $key, $previous_key=false)
-{
-	bb2_db_query(bb2_insert($settings, $package, $key));
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Functions called when a request has been denied
+// This part can be gawd-awful slow, doesn't matter :)
+
+require_once(BB2_CORE . "/responses.inc.php");
+
+function bb2_display_denial($settings, $key, $previous_key = false)
+{
+	if (!$previous_key) $previous_key = $key;
+	if ($key == "e87553e1") {
+		// FIXME: lookup the real key
+	}
+	// Create support key
+	$ip = explode(".", $_SERVER['REMOTE_ADDR']);
+	$ip_hex = "";
+	foreach ($ip as $octet) {
+		$ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
+	}
+	$support_key = implode("-", str_split("$ip_hex$key", 4));
+
+	// Get response data
+	$response = bb2_get_response($previous_key);
+	header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
+	header("Status: " . $response['response'] . " Bad Behavior");
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>HTTP Error <?php echo $response['response']; ?></title>
+</head>
+<body>
+<h1>Error <?php echo $response['response']; ?></h1>
+<p>We're sorry, but we could not fulfill your request for
+<?php echo htmlspecialchars($_SERVER['REQUEST_URI']) ?> on this server.</p>
+<p><?php echo $response['explanation']; ?></p>
+<p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
+<p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
+<p>If you are unable to fix the problem yourself, please contact <a href="mailto:<?php echo htmlspecialchars(str_replace("@", "+nospam at nospam.", bb2_email())); ?>"><?php echo htmlspecialchars(str_replace("@", " at ", bb2_email())); ?></a> and be sure to provide the technical support key shown above.</p>
+<?php
+}
+
+function bb2_log_denial($settings, $package, $key, $previous_key=false)
+{
+	bb2_db_query(bb2_insert($settings, $package, $key));
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,37 +1,37 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Look up address on various blackhole lists.
-// These cannot be used for GET requests under any circumstances!
-function bb2_blackhole($package) {
-	// Only conservative lists
-	$bb2_blackhole_lists = array(
-		"sbl-xbl.spamhaus.org",	// All around nasties
-//		"dnsbl.sorbs.net",	// Old useless data.
-//		"list.dsbl.org",	// Old useless data.
-//		"dnsbl.ioerror.us",	// Bad Behavior Blackhole
-	);
-	
-	// Things that shouldn't be blocked, from aggregate lists
-	$bb2_blackhole_exceptions = array(
-		"sbl-xbl.spamhaus.org" => array("127.0.0.4"),	// CBL is problematic
-		"dnsbl.sorbs.net" => array("127.0.0.10",),	// Dynamic IPs only
-		"list.dsbl.org" => array(),
-		"dnsbl.ioerror.us" => array(),
-	);
-
-	// Check the blackhole lists
-	$ip = $package['ip'];
-	$find = implode('.', array_reverse(explode('.', $ip)));
-	foreach ($bb2_blackhole_lists as $dnsbl) {
-		$result = gethostbynamel($find . "." . $dnsbl . ".");
-		if (!empty($result)) {
-			// Got a match and it isn't on the exception list
-			$result = @array_diff($result, $bb2_blackhole_exceptions[$dnsbl]);
-			if (!empty($result)) {
-				return '136673cd';
-			}
-		}
-	}
-	return false;
-}
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Look up address on various blackhole lists.
+// These cannot be used for GET requests under any circumstances!
+function bb2_blackhole($package) {
+	// Only conservative lists
+	$bb2_blackhole_lists = array(
+		"sbl-xbl.spamhaus.org",	// All around nasties
+//		"dnsbl.sorbs.net",	// Old useless data.
+//		"list.dsbl.org",	// Old useless data.
+//		"dnsbl.ioerror.us",	// Bad Behavior Blackhole
+	);
+	
+	// Things that shouldn't be blocked, from aggregate lists
+	$bb2_blackhole_exceptions = array(
+		"sbl-xbl.spamhaus.org" => array("127.0.0.4"),	// CBL is problematic
+		"dnsbl.sorbs.net" => array("127.0.0.10",),	// Dynamic IPs only
+		"list.dsbl.org" => array(),
+		"dnsbl.ioerror.us" => array(),
+	);
+
+	// Check the blackhole lists
+	$ip = $package['ip'];
+	$find = implode('.', array_reverse(explode('.', $ip)));
+	foreach ($bb2_blackhole_lists as $dnsbl) {
+		$result = gethostbynamel($find . "." . $dnsbl . ".");
+		if (!empty($result)) {
+			// Got a match and it isn't on the exception list
+			$result = @array_diff($result, $bb2_blackhole_exceptions[$dnsbl]);
+			if (!empty($result)) {
+				return '136673cd';
+			}
+		}
+	}
+	return false;
+}
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,120 +1,120 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Enforce adherence to protocol version claimed by user-agent.
-
-function bb2_protocol($settings, $package)
-{
-	// Is it claiming to be HTTP/1.0?  Then it shouldn't do HTTP/1.1 things
-	// Always run this test; we should never see Expect:
-	if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
-		return "a0105122";
-	}
-
-	// Is it claiming to be HTTP/1.1?  Then it shouldn't do HTTP/1.0 things
-	// Blocks some common corporate proxy servers in strict mode
-	if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) {
-		if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) {
-			return "41feed15";
-		}
-	}
-	return false;
-}
-
-function bb2_misc_headers($settings, $package)
-{
-	$ua = $package['headers_mixed']['User-Agent'];
-
-	if (!strcmp($package['request_method'], "POST") && empty($ua)) {
-		return "f9f2b8b9";
-	}
-
-	// Broken spambots send URLs with various invalid characters
-	// Some broken browsers send the #vector in the referer field :(
-	// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
-	if (strpos($package['request_uri'], "#") !== FALSE) {
-		return "dfd9b1ad";
-	}
-
-	// Range: field exists and begins with 0
-	// Real user-agents do not start ranges at 0
-	// NOTE: this blocks the whois.sc bot. No big loss.
-	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
-	// blocked again in the future)
-	if (array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
-		if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10)) {
-			return "7ad04a8a";
-		}
-	}
-
-	// Content-Range is a response header, not a request header
-	if (array_key_exists('Content-Range', $package['headers_mixed'])) {
-		return '7d12528e';
-	}
-
-	// Lowercase via is used by open proxies/referrer spammers
-	// Exceptions: Clearswift uses lowercase via (refuses to fix;
-	// may be blocked again in the future)
-	if (array_key_exists('via', $package['headers']) &&
-		!strstr($package['headers']['via'],'Clearswift Web Policy Engine')) {
-		return "9c9e4979";
-	}
-
-	// pinappleproxy is used by referrer spammers
-	if (array_key_exists('Via', $package['headers_mixed'])) {
-		if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) {
-			return "939a6fbb";
-		}
-	}
-
-	// TE: if present must have Connection: TE
-	// RFC 2616 14.39
-	// Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft
-	// to obtain a hotfix.
-	if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed'])) {
-		if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection'])) {
-			return "582ec5e4";
-		}
-	}
-
-	if (array_key_exists('Connection', $package['headers_mixed'])) {
-		// Connection: keep-alive and close are mutually exclusive
-		if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection'])) {
-			return "a52f0448";
-		}
-		// Close shouldn't appear twice
-		if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection'])) {
-			return "a52f0448";
-		}
-		// Keey-Alive shouldn't appear twice either
-		if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
-			return "a52f0448";
-		}
-	}
-	
-
-	// Headers which are not seen from normal user agents; only malicious bots
-	if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed'])) {
-		return "b9cc1d86";
-	}
-	if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
-		return "b7830251";
-	}
-
-	if (array_key_exists('Referer', $package['headers_mixed'])) {
-		// Referer, if it exists, must not be blank
-		if (empty($package['headers_mixed'])) {
-			return "69920ee5";
-		}
-
-		// Referer, if it exists, must contain a :
-		// While a relative URL is technically valid in Referer, all known
-		// legit user-agents send an absolute URL
-		if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
-			return "45b35e30";
-		}
-	}
-	
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Enforce adherence to protocol version claimed by user-agent.
+
+function bb2_protocol($settings, $package)
+{
+	// Is it claiming to be HTTP/1.0?  Then it shouldn't do HTTP/1.1 things
+	// Always run this test; we should never see Expect:
+	if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
+		return "a0105122";
+	}
+
+	// Is it claiming to be HTTP/1.1?  Then it shouldn't do HTTP/1.0 things
+	// Blocks some common corporate proxy servers in strict mode
+	if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) {
+		if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) {
+			return "41feed15";
+		}
+	}
+	return false;
+}
+
+function bb2_misc_headers($settings, $package)
+{
+	$ua = $package['headers_mixed']['User-Agent'];
+
+	if (!strcmp($package['request_method'], "POST") && empty($ua)) {
+		return "f9f2b8b9";
+	}
+
+	// Broken spambots send URLs with various invalid characters
+	// Some broken browsers send the #vector in the referer field :(
+	// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
+	if (strpos($package['request_uri'], "#") !== FALSE) {
+		return "dfd9b1ad";
+	}
+
+	// Range: field exists and begins with 0
+	// Real user-agents do not start ranges at 0
+	// NOTE: this blocks the whois.sc bot. No big loss.
+	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
+	// blocked again in the future)
+	if (array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
+		if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10)) {
+			return "7ad04a8a";
+		}
+	}
+
+	// Content-Range is a response header, not a request header
+	if (array_key_exists('Content-Range', $package['headers_mixed'])) {
+		return '7d12528e';
+	}
+
+	// Lowercase via is used by open proxies/referrer spammers
+	// Exceptions: Clearswift uses lowercase via (refuses to fix;
+	// may be blocked again in the future)
+	if (array_key_exists('via', $package['headers']) &&
+		!strstr($package['headers']['via'],'Clearswift Web Policy Engine')) {
+		return "9c9e4979";
+	}
+
+	// pinappleproxy is used by referrer spammers
+	if (array_key_exists('Via', $package['headers_mixed'])) {
+		if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) {
+			return "939a6fbb";
+		}
+	}
+
+	// TE: if present must have Connection: TE
+	// RFC 2616 14.39
+	// Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft
+	// to obtain a hotfix.
+	if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed'])) {
+		if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection'])) {
+			return "582ec5e4";
+		}
+	}
+
+	if (array_key_exists('Connection', $package['headers_mixed'])) {
+		// Connection: keep-alive and close are mutually exclusive
+		if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection'])) {
+			return "a52f0448";
+		}
+		// Close shouldn't appear twice
+		if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection'])) {
+			return "a52f0448";
+		}
+		// Keey-Alive shouldn't appear twice either
+		if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
+			return "a52f0448";
+		}
+	}
+	
+
+	// Headers which are not seen from normal user agents; only malicious bots
+	if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed'])) {
+		return "b9cc1d86";
+	}
+	if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
+		return "b7830251";
+	}
+
+	if (array_key_exists('Referer', $package['headers_mixed'])) {
+		// Referer, if it exists, must not be blank
+		if (empty($package['headers_mixed'])) {
+			return "69920ee5";
+		}
+
+		// Referer, if it exists, must contain a :
+		// While a relative URL is technically valid in Referer, all known
+		// legit user-agents send an absolute URL
+		if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
+			return "45b35e30";
+		}
+	}
+	
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,203 +1,203 @@
-<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-
-// Bad Behavior entry point is start_bad_behavior().
-// If you're reading this, you are probably lost.
-// Go read the bad-behavior-generic.php file.
-
-define('BB2_CORE', dirname(__FILE__));
-define('BB2_COOKIE', 'bb2_screener_');
-
-require_once(BB2_CORE . "/functions.inc.php");
-
-// Our log table structure
-function bb2_table_structure($name)
-{
-	// It's not paranoia if they really are out to get you.
-	$name_escaped = bb2_db_escape($name);
-	return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
-		`id` INT(11) NOT NULL auto_increment,
-		`ip` TEXT NOT NULL,
-		`date` DATETIME NOT NULL default '0000-00-00 00:00:00',
-		`request_method` TEXT NOT NULL,
-		`request_uri` TEXT NOT NULL,
-		`server_protocol` TEXT NOT NULL,
-		`http_headers` TEXT NOT NULL,
-		`user_agent` TEXT NOT NULL,
-		`request_entity` TEXT NOT NULL,
-		`key` TEXT NOT NULL,
-		INDEX (`ip`(15)),
-		INDEX (`user_agent`(10)),
-		PRIMARY KEY (`id`) );";	// TODO: INDEX might need tuning
-}
-
-// Insert a new record
-function bb2_insert($settings, $package, $key)
-{
-	$ip = bb2_db_escape($package['ip']);
-	$date = bb2_db_date();
-	$request_method = bb2_db_escape($package['request_method']);
-	$request_uri = bb2_db_escape($package['request_uri']);
-	$server_protocol = bb2_db_escape($package['server_protocol']);
-	$user_agent = bb2_db_escape($package['user_agent']);
-	$headers = "$request_method $request_uri $server_protocol\n";
-	foreach ($package['headers'] as $h => $v) {
-		$headers .= bb2_db_escape("$h: $v\n");
-	}
-	$request_entity = "";
-	if (!strcasecmp($request_method, "POST")) {
-		foreach ($package['request_entity'] as $h => $v) {
-			$request_entity .= bb2_db_escape("$h: $v\n");
-		}
-	}
-	return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
-		(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
-		('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
-}
-
-// Kill 'em all!
-function bb2_banned($settings, $package, $key, $previous_key=false)
-{
-	// Some spambots hit too hard. Slow them down a bit.
-	sleep(2);
-
-	require_once(BB2_CORE . "/banned.inc.php");
-	bb2_display_denial($settings, $key, $previous_key);
-	bb2_log_denial($settings, $package, $key, $previous_key);
-	if (is_callable('bb2_banned_callback')) {
-		bb2_banned_callback($settings, $package, $key);
-	}
-	// Penalize the spammers some more
-	require_once(BB2_CORE . "/housekeeping.inc.php");
-	bb2_housekeeping($settings, $package);
-	die();
-}
-
-function bb2_approved($settings, $package)
-{
-	// Dirk wanted this
-	if (is_callable('bb2_approved_callback')) {
-		bb2_approved_callback($settings, $package);
-	}
-
-	// Decide what to log on approved requests.
-	if ($settings['verbose'] || empty($package['user_agent'])) {
-		bb2_db_query(bb2_insert($settings, $package, "00000000"));
-	}
-}
-
-// Check the results of a particular test; see below for usage
-// Returns FALSE if test passed (yes this is backwards)
-function bb2_test($settings, $package, $result)
-{
-	if ($result !== FALSE)
-	{
-		bb2_banned($settings, $package, $result);
-		return TRUE;
-	}
-	return FALSE;
-}
-
-
-// Let God sort 'em out!
-function bb2_start($settings)
-{
-	// Gather up all the information we need, first of all.
-	$headers = bb2_load_headers();
-	// Postprocess the headers to mixed-case
-	// FIXME: get the world to stop using PHP as CGI
-	$headers_mixed = array();
-	foreach ($headers as $h => $v) {
-		$headers_mixed[uc_all($h)] = $v;
-	}
-
-	// We use these frequently. Keep a copy close at hand.
-	$ip = $_SERVER['REMOTE_ADDR'];
-	$request_method = $_SERVER['REQUEST_METHOD'];
-	$request_uri = $_SERVER['REQUEST_URI'];
-	$server_protocol = $_SERVER['SERVER_PROTOCOL'];
-	$user_agent = $_SERVER['HTTP_USER_AGENT'];
-
-	// Reconstruct the HTTP entity, if present.
-	$request_entity = array();
-	if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
-		foreach ($_POST as $h => $v) {
-			$request_entity[$h] = $v;
-		}
-	}
-
-	$package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
-
-	// Please proceed to the security checkpoint and have your
-	// identification and boarding pass ready.
-
-	// First check the whitelist
-	require_once(BB2_CORE . "/whitelist.inc.php");
-	if (!bb2_whitelist($package)) {
-		// Now check the blacklist
-		require_once(BB2_CORE . "/blacklist.inc.php");
-		bb2_test($settings, $package, bb2_blacklist($package));
-
-		// Check for common stuff
-		require_once(BB2_CORE . "/common_tests.inc.php");
-		bb2_test($settings, $package, bb2_protocol($settings, $package));
-		bb2_test($settings, $package, bb2_misc_headers($settings, $package));
-
-		// Specific checks
-		$ua = $headers_mixed['User-Agent'];
-		// MSIE checks
-		if (stripos($ua, "MSIE") !== FALSE) {
-			$package['is_browser'] = true;
-			if (stripos($ua, "Opera") !== FALSE) {
-				require_once(BB2_CORE . "/opera.inc.php");
-				bb2_test($settings, $package, bb2_opera($package));
-			} else {
-				require_once(BB2_CORE . "/msie.inc.php");
-				bb2_test($settings, $package, bb2_msie($package));
-			}
-		} elseif (stripos($ua, "Konqueror") !== FALSE) {
-			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/konqueror.inc.php");
-			bb2_test($settings, $package, bb2_konqueror($package));
-		} elseif (stripos($ua, "Opera") !== FALSE) {
-			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/opera.inc.php");
-			bb2_test($settings, $package, bb2_opera($package));
-		} elseif (stripos($ua, "Safari") !== FALSE) {
-			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/safari.inc.php");
-			bb2_test($settings, $package, bb2_safari($package));
-		} elseif (stripos($ua, "Lynx") !== FALSE) {
-			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/lynx.inc.php");
-			bb2_test($settings, $package, bb2_lynx($package));
-		} elseif (stripos($ua, "MovableType") !== FALSE) {
-			require_once(BB2_CORE . "/movabletype.inc.php");
-			bb2_test($settings, $package, bb2_movabletype($package));
-		} elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
-			require_once(BB2_CORE . "/msnbot.inc.php");
-			bb2_test($settings, $package, bb2_msnbot($package));
-		} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE) {
-			require_once(BB2_CORE . "/google.inc.php");
-			bb2_test($settings, $package, bb2_google($package));
-		} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
-			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/mozilla.inc.php");
-			bb2_test($settings, $package, bb2_mozilla($package));
-		}
-
-		// More intensive screening applies to POST requests
-		if (!strcasecmp('POST', $package['request_method'])) {
-			require_once(BB2_CORE . "/post.inc.php");
-			bb2_test($settings, $package, bb2_post($settings, $package));
-		}
-	}
-
-	// Last chance screening.
-	require_once(BB2_CORE . "/screener.inc.php");
-	bb2_screener($settings, $package);
-
-	// And that's about it.
-	bb2_approved($settings, $package);
-	return true;
-}
-?>
+<?php if (!defined('BB2_CWD')) die("I said no cheating!");
+
+// Bad Behavior entry point is start_bad_behavior().
+// If you're reading this, you are probably lost.
+// Go read the bad-behavior-generic.php file.
+
+define('BB2_CORE', dirname(__FILE__));
+define('BB2_COOKIE', 'bb2_screener_');
+
+require_once(BB2_CORE . "/functions.inc.php");
+
+// Our log table structure
+function bb2_table_structure($name)
+{
+	// It's not paranoia if they really are out to get you.
+	$name_escaped = bb2_db_escape($name);
+	return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
+		`id` INT(11) NOT NULL auto_increment,
+		`ip` TEXT NOT NULL,
+		`date` DATETIME NOT NULL default '0000-00-00 00:00:00',
+		`request_method` TEXT NOT NULL,
+		`request_uri` TEXT NOT NULL,
+		`server_protocol` TEXT NOT NULL,
+		`http_headers` TEXT NOT NULL,
+		`user_agent` TEXT NOT NULL,
+		`request_entity` TEXT NOT NULL,
+		`key` TEXT NOT NULL,
+		INDEX (`ip`(15)),
+		INDEX (`user_agent`(10)),
+		PRIMARY KEY (`id`) );";	// TODO: INDEX might need tuning
+}
+
+// Insert a new record
+function bb2_insert($settings, $package, $key)
+{
+	$ip = bb2_db_escape($package['ip']);
+	$date = bb2_db_date();
+	$request_method = bb2_db_escape($package['request_method']);
+	$request_uri = bb2_db_escape($package['request_uri']);
+	$server_protocol = bb2_db_escape($package['server_protocol']);
+	$user_agent = bb2_db_escape($package['user_agent']);
+	$headers = "$request_method $request_uri $server_protocol\n";
+	foreach ($package['headers'] as $h => $v) {
+		$headers .= bb2_db_escape("$h: $v\n");
+	}
+	$request_entity = "";
+	if (!strcasecmp($request_method, "POST")) {
+		foreach ($package['request_entity'] as $h => $v) {
+			$request_entity .= bb2_db_escape("$h: $v\n");
+		}
+	}
+	return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
+		(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
+		('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
+}
+
+// Kill 'em all!
+function bb2_banned($settings, $package, $key, $previous_key=false)
+{
+	// Some spambots hit too hard. Slow them down a bit.
+	sleep(2);
+
+	require_once(BB2_CORE . "/banned.inc.php");
+	bb2_display_denial($settings, $key, $previous_key);
+	bb2_log_denial($settings, $package, $key, $previous_key);
+	if (is_callable('bb2_banned_callback')) {
+		bb2_banned_callback($settings, $package, $key);
+	}
+	// Penalize the spammers some more
+	require_once(BB2_CORE . "/housekeeping.inc.php");
+	bb2_housekeeping($settings, $package);
+	die();
+}
+
+function bb2_approved($settings, $package)
+{
+	// Dirk wanted this
+	if (is_callable('bb2_approved_callback')) {
+		bb2_approved_callback($settings, $package);
+	}
+
+	// Decide what to log on approved requests.
+	if ($settings['verbose'] || empty($package['user_agent'])) {
+		bb2_db_query(bb2_insert($settings, $package, "00000000"));
+	}
+}
+
+// Check the results of a particular test; see below for usage
+// Returns FALSE if test passed (yes this is backwards)
+function bb2_test($settings, $package, $result)
+{
+	if ($result !== FALSE)
+	{
+		bb2_banned($settings, $package, $result);
+		return TRUE;
+	}
+	return FALSE;
+}
+
+
+// Let God sort 'em out!
+function bb2_start($settings)
+{
+	// Gather up all the information we need, first of all.
+	$headers = bb2_load_headers();
+	// Postprocess the headers to mixed-case
+	// FIXME: get the world to stop using PHP as CGI
+	$headers_mixed = array();
+	foreach ($headers as $h => $v) {
+		$headers_mixed[uc_all($h)] = $v;
+	}
+
+	// We use these frequently. Keep a copy close at hand.
+	$ip = $_SERVER['REMOTE_ADDR'];
+	$request_method = $_SERVER['REQUEST_METHOD'];
+	$request_uri = $_SERVER['REQUEST_URI'];
+	$server_protocol = $_SERVER['SERVER_PROTOCOL'];
+	$user_agent = $_SERVER['HTTP_USER_AGENT'];
+
+	// Reconstruct the HTTP entity, if present.
+	$request_entity = array();
+	if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
+		foreach ($_POST as $h => $v) {
+			$request_entity[$h] = $v;
+		}
+	}
+
+	$package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
+
+	// Please proceed to the security checkpoint and have your
+	// identification and boarding pass ready.
+
+	// First check the whitelist
+	require_once(BB2_CORE . "/whitelist.inc.php");
+	if (!bb2_whitelist($package)) {
+		// Now check the blacklist
+		require_once(BB2_CORE . "/blacklist.inc.php");
+		bb2_test($settings, $package, bb2_blacklist($package));
+
+		// Check for common stuff
+		require_once(BB2_CORE . "/common_tests.inc.php");
+		bb2_test($settings, $package, bb2_protocol($settings, $package));
+		bb2_test($settings, $package, bb2_misc_headers($settings, $package));
+
+		// Specific checks
+		$ua = $headers_mixed['User-Agent'];
+		// MSIE checks
+		if (stripos($ua, "MSIE") !== FALSE) {
+			$package['is_browser'] = true;
+			if (stripos($ua, "Opera") !== FALSE) {
+				require_once(BB2_CORE . "/opera.inc.php");
+				bb2_test($settings, $package, bb2_opera($package));
+			} else {
+				require_once(BB2_CORE . "/msie.inc.php");
+				bb2_test($settings, $package, bb2_msie($package));
+			}
+		} elseif (stripos($ua, "Konqueror") !== FALSE) {
+			$package['is_browser'] = true;
+			require_once(BB2_CORE . "/konqueror.inc.php");
+			bb2_test($settings, $package, bb2_konqueror($package));
+		} elseif (stripos($ua, "Opera") !== FALSE) {
+			$package['is_browser'] = true;
+			require_once(BB2_CORE . "/opera.inc.php");
+			bb2_test($settings, $package, bb2_opera($package));
+		} elseif (stripos($ua, "Safari") !== FALSE) {
+			$package['is_browser'] = true;
+			require_once(BB2_CORE . "/safari.inc.php");
+			bb2_test($settings, $package, bb2_safari($package));
+		} elseif (stripos($ua, "Lynx") !== FALSE) {
+			$package['is_browser'] = true;
+			require_once(BB2_CORE . "/lynx.inc.php");
+			bb2_test($settings, $package, bb2_lynx($package));
+		} elseif (stripos($ua, "MovableType") !== FALSE) {
+			require_once(BB2_CORE . "/movabletype.inc.php");
+			bb2_test($settings, $package, bb2_movabletype($package));
+		} elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
+			require_once(BB2_CORE . "/msnbot.inc.php");
+			bb2_test($settings, $package, bb2_msnbot($package));
+		} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE) {
+			require_once(BB2_CORE . "/google.inc.php");
+			bb2_test($settings, $package, bb2_google($package));
+		} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
+			$package['is_browser'] = true;
+			require_once(BB2_CORE . "/mozilla.inc.php");
+			bb2_test($settings, $package, bb2_mozilla($package));
+		}
+
+		// More intensive screening applies to POST requests
+		if (!strcasecmp('POST', $package['request_method'])) {
+			require_once(BB2_CORE . "/post.inc.php");
+			bb2_test($settings, $package, bb2_post($settings, $package));
+		}
+	}
+
+	// Last chance screening.
+	require_once(BB2_CORE . "/screener.inc.php");
+	bb2_screener($settings, $package);
+
+	// And that's about it.
+	bb2_approved($settings, $package);
+	return true;
+}
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,70 +1,70 @@
-<?php if (!defined('BB2_CORE')) die("I said no cheating!");
-
-// Miscellaneous helper functions.
-
-// stripos() needed because stripos is only present on PHP 5
-if (!function_exists('stripos')) {
-	function stripos($haystack,$needle,$offset = 0) {
-		return(strpos(strtolower($haystack),strtolower($needle),$offset));
-	}
-}
-
-// str_split() needed because str_split is only present on PHP 5
-if (!function_exists('str_split')) {
-	function str_split($string, $split_length=1)
-	{
-		if ($split_length < 1) {
-			return false;
-		}
-
-		for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length) {
-			$chunks[] = substr($string, $pos, $split_length);
-		}
-		return $chunks;
-	}
-}
-
-// Convert a string to mixed-case on word boundaries.
-function uc_all($string) {
-	$temp = preg_split('/(\W)/', str_replace("_", "-", $string), -1, PREG_SPLIT_DELIM_CAPTURE);
-	foreach ($temp as $key=>$word) {
-		$temp[$key] = ucfirst(strtolower($word));
-	}
-	return join ('', $temp);
-}
-
-// Determine if an IP address resides in a CIDR netblock or netblocks.
-function match_cidr($addr, $cidr) {
-	$output = false;
-
-	if (is_array($cidr)) {
-		foreach ($cidr as $cidrlet) {
-			if (match_cidr($addr, $cidrlet)) {
-				$output = true;
-			}
-		}
-	} else {
-		list($ip, $mask) = explode('/', $cidr);
-		if (!$mask) $mask = 32;
-		$mask = pow(2,32) - pow(2, (32 - $mask));
-		$output = ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
-	}
-	return $output;
-}
-
-// Obtain all the HTTP headers.
-// NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
-// headers. Run PHP as Apache 2.0 module if possible for best results.
-function bb2_load_headers() {
-	if (!is_callable('getallheaders')) {
-		$headers = array();
-		foreach ($_SERVER as $h => $v)
-			if (ereg('HTTP_(.+)', $h, $hp))
-				$headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
-	} else {
-		$headers = getallheaders();
-	}
-	return $headers;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die("I said no cheating!");
+
+// Miscellaneous helper functions.
+
+// stripos() needed because stripos is only present on PHP 5
+if (!function_exists('stripos')) {
+	function stripos($haystack,$needle,$offset = 0) {
+		return(strpos(strtolower($haystack),strtolower($needle),$offset));
+	}
+}
+
+// str_split() needed because str_split is only present on PHP 5
+if (!function_exists('str_split')) {
+	function str_split($string, $split_length=1)
+	{
+		if ($split_length < 1) {
+			return false;
+		}
+
+		for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length) {
+			$chunks[] = substr($string, $pos, $split_length);
+		}
+		return $chunks;
+	}
+}
+
+// Convert a string to mixed-case on word boundaries.
+function uc_all($string) {
+	$temp = preg_split('/(\W)/', str_replace("_", "-", $string), -1, PREG_SPLIT_DELIM_CAPTURE);
+	foreach ($temp as $key=>$word) {
+		$temp[$key] = ucfirst(strtolower($word));
+	}
+	return join ('', $temp);
+}
+
+// Determine if an IP address resides in a CIDR netblock or netblocks.
+function match_cidr($addr, $cidr) {
+	$output = false;
+
+	if (is_array($cidr)) {
+		foreach ($cidr as $cidrlet) {
+			if (match_cidr($addr, $cidrlet)) {
+				$output = true;
+			}
+		}
+	} else {
+		list($ip, $mask) = explode('/', $cidr);
+		if (!$mask) $mask = 32;
+		$mask = pow(2,32) - pow(2, (32 - $mask));
+		$output = ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
+	}
+	return $output;
+}
+
+// Obtain all the HTTP headers.
+// NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
+// headers. Run PHP as Apache 2.0 module if possible for best results.
+function bb2_load_headers() {
+	if (!is_callable('getallheaders')) {
+		$headers = array();
+		foreach ($_SERVER as $h => $v)
+			if (ereg('HTTP_(.+)', $h, $hp))
+				$headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
+	} else {
+		$headers = getallheaders();
+	}
+	return $headers;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,13 +1,13 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Googlebot
-
-function bb2_google($package)
-{
-	if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE) {
-		return "f1182195";
-	}
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Googlebot
+
+function bb2_google($package)
+{
+	if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE) {
+		return "f1182195";
+	}
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,16 +1,16 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_housekeeping($settings, $package)
-{
-	// FIXME Yes, the interval's hard coded (again) for now.
-	$query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
-	bb2_db_query($query);
-
-	// Waste a bunch more of the spammer's time, sometimes.
-	if (rand(1,1000) == 1) {
-		$query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
-		bb2_db_query($query);
-	}
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+function bb2_housekeeping($settings, $package)
+{
+	// FIXME Yes, the interval's hard coded (again) for now.
+	$query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
+	bb2_db_query($query);
+
+	// Waste a bunch more of the spammer's time, sometimes.
+	if (rand(1,1000) == 1) {
+		$query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
+		bb2_db_query($query);
+	}
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,17 +1,17 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Konqueror
-
-function bb2_konqueror($package)
-{
-	// CafeKelsa is a dev project at Yahoo which indexes job listings for
-	// Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
-	if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
-		if (!array_key_exists('Accept', $package['headers_mixed'])) {
-			return "17566707";
-		}
-	}
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Konqueror
+
+function bb2_konqueror($package)
+{
+	// CafeKelsa is a dev project at Yahoo which indexes job listings for
+	// Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
+	if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
+		if (!array_key_exists('Accept', $package['headers_mixed'])) {
+			return "17566707";
+		}
+	}
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,13 +1,13 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Lynx
-
-function bb2_lynx($package)
-{
-	if (!array_key_exists('Accept', $package['headers_mixed'])) {
-		return "17566707";
-	}
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Lynx
+
+function bb2_lynx($package)
+{
+	if (!array_key_exists('Accept', $package['headers_mixed'])) {
+		return "17566707";
+	}
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,14 +1,14 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_movabletype($package)
-{
-	// Is it a trackback?
-	if (strcasecmp($package['request_method'], "POST")) {
-		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
-			return "7d12528e";
-		}
-	}
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+function bb2_movabletype($package)
+{
+	// Is it a trackback?
+	if (strcasecmp($package['request_method'], "POST")) {
+		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
+			return "7d12528e";
+		}
+	}
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,19 +1,19 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Mozilla
-
-function bb2_mozilla($package)
-{
-	// First off, workaround for Google Desktop, until they fix it FIXME
-	// Google Desktop fixed it, but apparently some old versions are
-	// still out there. :(
-	// Always check accept header for Mozilla user agents
-	if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE) {
-		if (!array_key_exists('Accept', $package['headers_mixed'])) {
-			return "17566707";
-		}
-	}
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Mozilla
+
+function bb2_mozilla($package)
+{
+	// First off, workaround for Google Desktop, until they fix it FIXME
+	// Google Desktop fixed it, but apparently some old versions are
+	// still out there. :(
+	// Always check accept header for Mozilla user agents
+	if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE) {
+		if (!array_key_exists('Accept', $package['headers_mixed'])) {
+			return "17566707";
+		}
+	}
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,13 +1,13 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be msnbot
-
-function bb2_msnbot($package)
-{
-	if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
-		return "e4de0453";
-	}
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be msnbot
+
+function bb2_msnbot($package)
+{
+	if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
+		return "e4de0453";
+	}
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,13 +1,13 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Opera
-
-function bb2_opera($package)
-{
-	if (!array_key_exists('Accept', $package['headers_mixed'])) {
-		return "17566707";
-	}
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Opera
+
+function bb2_opera($package)
+{
+	if (!array_key_exists('Accept', $package['headers_mixed'])) {
+		return "17566707";
+	}
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,75 +1,75 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// All tests which apply specifically to POST requests
-function bb2_post($settings, $package)
-{
-    // LifeType mod by pwestbro: dns blacklist checks can be done in the 
-    // dnsantispam plugin.
-
-	// Check blackhole lists for known spam/malicious activity
-	// require_once(BB2_CORE . "/blackhole.inc.php");
-	// bb2_test($settings, $package, bb2_blackhole($package));
-	// MovableType needs specialized screening
-	if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
-		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
-			return "7d12528e";
-		}
-	}
-
-	// Trackbacks need special screening
-	$request_entity = $package['request_entity'];
-	if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
-		require_once(BB2_CORE . "/trackback.inc.php");
-		return bb2_trackback($package);
-	}
-
-	// Catch a few completely broken spambots
-	foreach ($request_entity as $key => $value) {
-		$pos = strpos($key, "	document.write");
-		if ($pos !== FAlSE) {
-			return "dfd9b1ad";
-		}
-	}
-
-	// Screen by cookie/JavaScript form add
-	if (isset($_COOKIE[BB2_COOKIE])) {
-		$screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);
-	}
-	if (isset($_POST[BB2_COOKIE])) {
-		$screener2 = explode(" ", $_POST[BB2_COOKIE]);
-	}
-	$screener = max($screener1[0], $screener2[0]);
-
-	if ($screener > 0) {
-		// Posting too fast? 5 sec
-		// FIXME: even 5 sec is too intrusive
-		// if ($screener + 5 > time())
-		//	return "408d7e72";
-		// Posting too slow? 48 hr
-        // LifeType mod by jondaley: since pages can be cached, the cookie might not be updated
-        // and this can get tripped incorrectly
-		// if ($screener + 172800 < time())
-		//     return "b40c8ddc";
-
-		// Screen by IP address
-		$ip = ip2long($package['ip']);
-		$ip_screener = ip2long($screener[1]);
-//		FIXME: This is b0rked, but why?
-//		if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
-//			return "c1fa729b";
-
-		if ($package['headers_mixed']['X-Forwarded-For']) {
-			$ip = $package['headers_mixed']['X-Forwarded-For'];
-		}
-		// Screen for user agent changes
-		// User connected previously with blank user agent
-//		$q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
-		// Damnit, too many ways for this to fail :(
-//		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
-//			return "799165c2";
-	}
-
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// All tests which apply specifically to POST requests
+function bb2_post($settings, $package)
+{
+	// Check blackhole lists for known spam/malicious activity
+        // LifeType mod by pwestbro: dns blacklist checks can be done in the 
+        // dnsantispam plugin.
+        //	require_once(BB2_CORE . "/blackhole.inc.php");
+        //	bb2_test($settings, $package, bb2_blackhole($package));
+
+	// MovableType needs specialized screening
+	if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
+		if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
+			return "7d12528e";
+		}
+	}
+
+	// Trackbacks need special screening
+	$request_entity = $package['request_entity'];
+	if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
+		require_once(BB2_CORE . "/trackback.inc.php");
+		return bb2_trackback($package);
+	}
+
+	// Catch a few completely broken spambots
+	foreach ($request_entity as $key => $value) {
+		$pos = strpos($key, "	document.write");
+		if ($pos !== FAlSE) {
+			return "dfd9b1ad";
+		}
+	}
+
+	// Screen by cookie/JavaScript form add
+	if (isset($_COOKIE[BB2_COOKIE])) {
+		$screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);
+	}
+	if (isset($_POST[BB2_COOKIE])) {
+		$screener2 = explode(" ", $_POST[BB2_COOKIE]);
+	}
+	$screener = max($screener1[0], $screener2[0]);
+
+	if ($screener > 0) {
+		// Posting too fast? 5 sec
+		// FIXME: even 5 sec is too intrusive
+		// if ($screener + 5 > time())
+		//	return "408d7e72";
+		// Posting too slow? 48 hr
+            // LifeType mod by jondaley: since pages can be cached, the cookie might not be updated
+            // and this can get tripped incorrectly
+            // if ($screener + 172800 < time())
+            // return "b40c8ddc";
+
+		// Screen by IP address
+		$ip = ip2long($package['ip']);
+		$ip_screener = ip2long($screener[1]);
+//		FIXME: This is b0rked, but why?
+//		if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
+//			return "c1fa729b";
+
+		if ($package['headers_mixed']['X-Forwarded-For']) {
+			$ip = $package['headers_mixed']['X-Forwarded-For'];
+		}
+		// Screen for user agent changes
+		// User connected previously with blank user agent
+//		$q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
+		// Damnit, too many ways for this to fail :(
+//		if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
+//			return "799165c2";
+	}
+
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,44 +1,44 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Defines the responses which Bad Behavior might return.
-
-function bb2_get_response($key) {
-	$bb2_responses = array(
-		'00000000' => array('response' => 200, 'explanation' => '', 'log' => ''),
-		'136673cd' => array('response' => 403, 'explanation' => 'Your Internet Protocol address is listed on a blacklist of addresses involved in malicious or illegal activity. See the listing below for more details on specific blacklists and removal procedures.', 'log' => 'IP address found on external blacklist'),
-		'17566707' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
-		'17f4e8c8' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent was found on blacklist'),
-		'21f11d3f' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a mobile Web device, but you do not actually appear to be a mobile Web device.', 'log' => 'User-Agent claimed to be AvantGo, claim appears false'),
-		'2b90f772' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. If you are using the Opera browser, then Opera must appear in your user agent.', 'log' => 'Connection: TE present, not supported by MSIE'),
-		'408d7e72' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST comes too quickly after GET'),
-		'41feed15' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server. Bypass the proxy server and connect directly, or contact your proxy server administrator.', 'log' => 'Header \'Pragma\' without \'Cache-Control\' prohibited for HTTP/1.1 requests'),
-		'45b35e30' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' is corrupt'),
-		'57796684' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
-		'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
-		'69920ee5' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
-		'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
-		'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
-		'7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
-		'7d12528e' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Prohibited header \'Range\' or \'Content-Range\' in POST request'),
-		'939a6fbb' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Banned proxy server in use'),
-		'9c9e4979' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'via\' present'),
-		'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
-		'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
-		'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received.  This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
-		'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
-		'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
-		'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
-		'c1fa729b' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Use of rotating proxy servers detected'),
-		'd60b87c7' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Trackback received via proxy server'),
-		'dfd9b1ad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Request contained a malicious JavaScript or SQL injection attack'),
-		'e4de0453' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be msnbot, claim appears to be false'),
-		'e87553e1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'I know you and I don\'t like you, dirty spammer.'),
-		'f0dcb3fd' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Web browser attempted to send a trackback'),
-		'f1182195' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Googlebot, claim appears to be false.'),
-		'f9f2b8b9' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'A User-Agent is required but none was provided.'),
-	);
-
-	if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
-	return array('00000000');
-}
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Defines the responses which Bad Behavior might return.
+
+function bb2_get_response($key) {
+	$bb2_responses = array(
+		'00000000' => array('response' => 200, 'explanation' => '', 'log' => ''),
+		'136673cd' => array('response' => 403, 'explanation' => 'Your Internet Protocol address is listed on a blacklist of addresses involved in malicious or illegal activity. See the listing below for more details on specific blacklists and removal procedures.', 'log' => 'IP address found on external blacklist'),
+		'17566707' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
+		'17f4e8c8' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent was found on blacklist'),
+		'21f11d3f' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a mobile Web device, but you do not actually appear to be a mobile Web device.', 'log' => 'User-Agent claimed to be AvantGo, claim appears false'),
+		'2b90f772' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. If you are using the Opera browser, then Opera must appear in your user agent.', 'log' => 'Connection: TE present, not supported by MSIE'),
+		'408d7e72' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST comes too quickly after GET'),
+		'41feed15' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server. Bypass the proxy server and connect directly, or contact your proxy server administrator.', 'log' => 'Header \'Pragma\' without \'Cache-Control\' prohibited for HTTP/1.1 requests'),
+		'45b35e30' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' is corrupt'),
+		'57796684' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
+		'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
+		'69920ee5' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
+		'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
+		'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
+		'7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
+		'7d12528e' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Prohibited header \'Range\' or \'Content-Range\' in POST request'),
+		'939a6fbb' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Banned proxy server in use'),
+		'9c9e4979' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'via\' present'),
+		'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
+		'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
+		'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received.  This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
+		'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
+		'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
+		'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
+		'c1fa729b' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Use of rotating proxy servers detected'),
+		'd60b87c7' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Trackback received via proxy server'),
+		'dfd9b1ad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Request contained a malicious JavaScript or SQL injection attack'),
+		'e4de0453' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be msnbot, claim appears to be false'),
+		'e87553e1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'I know you and I don\'t like you, dirty spammer.'),
+		'f0dcb3fd' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Web browser attempted to send a trackback'),
+		'f1182195' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Googlebot, claim appears to be false.'),
+		'f9f2b8b9' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'A User-Agent is required but none was provided.'),
+	);
+
+	if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
+	return array('00000000');
+}
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,13 +1,13 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Safari
-
-function bb2_safari($package)
-{
-	if (!array_key_exists('Accept', $package['headers_mixed'])) {
-		return "17566707";
-	}
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Safari
+
+function bb2_safari($package)
+{
+	if (!array_key_exists('Accept', $package['headers_mixed'])) {
+		return "17566707";
+	}
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,63 +1,63 @@
-<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-
-// Bad Behavior browser screener
-
-function bb2_screener_cookie($settings, $package, $cookie_name, $cookie_value)
-{
-	// FIXME: Set the real cookie
-	setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
-}
-
-function bb2_screener_javascript($settings, $package, $cookie_name, $cookie_value)
-{
-	global $bb2_javascript;
-
-	// FIXME: do something
-	$bb2_javascript = "<script type=\"text/javascript\">
-<!--
-function bb2_addLoadEvent(func) {
-	var oldonload = window.onload;
-	if (typeof window.onload != 'function') {
-		window.onload = func;
-	} else {
-		window.onload = function() {
-			oldonload();
-			func();
-		}
-	}
-}
-
-bb2_addLoadEvent(function() {
-	for ( i=0; i < document.forms.length; i++ ) {
-		if (document.forms[i].method == 'post') {
-			var myElement = document.createElement('input');
-			myElement.setAttribute('type', 'hidden');
-			myElement.name = '$cookie_name';
-			myElement.value = '$cookie_value';
-			document.forms[i].appendChild(myElement);
-		}
-	}
-});
-// --></script>
-		";
-}
-
-function bb2_screener($settings, $package)
-{
-	$cookie_name = BB2_COOKIE;
-
-	// Set up a simple cookie
-	$screener = array(time(), $package['ip']);
-	if (isset($package['headers_mixed']['X-Forwarded-For'])) {
-		array_push($screener, $package['headers_mixed']['X-Forwarded-For']);
-	}
-	if (isset($package['headers_mixed']['Client-Ip'])) {
-		array_push($screener, $package['headers_mixed']['Client-Ip']);
-	}
-
-	$cookie_value = implode(" ", $screener);
-
-	bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
-	bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
-}
-?>
+<?php if (!defined('BB2_CWD')) die("I said no cheating!");
+
+// Bad Behavior browser screener
+
+function bb2_screener_cookie($settings, $package, $cookie_name, $cookie_value)
+{
+	// FIXME: Set the real cookie
+	setcookie($cookie_name, $cookie_value, 0, bb2_relative_path());
+}
+
+function bb2_screener_javascript($settings, $package, $cookie_name, $cookie_value)
+{
+	global $bb2_javascript;
+
+	// FIXME: do something
+	$bb2_javascript = "<script type=\"text/javascript\">
+<!--
+function bb2_addLoadEvent(func) {
+	var oldonload = window.onload;
+	if (typeof window.onload != 'function') {
+		window.onload = func;
+	} else {
+		window.onload = function() {
+			oldonload();
+			func();
+		}
+	}
+}
+
+bb2_addLoadEvent(function() {
+	for ( i=0; i < document.forms.length; i++ ) {
+		if (document.forms[i].method == 'post') {
+			var myElement = document.createElement('input');
+			myElement.setAttribute('type', 'hidden');
+			myElement.name = '$cookie_name';
+			myElement.value = '$cookie_value';
+			document.forms[i].appendChild(myElement);
+		}
+	}
+});
+// --></script>
+		";
+}
+
+function bb2_screener($settings, $package)
+{
+	$cookie_name = BB2_COOKIE;
+
+	// Set up a simple cookie
+	$screener = array(time(), $package['ip']);
+	if (isset($package['headers_mixed']['X-Forwarded-For'])) {
+		array_push($screener, $package['headers_mixed']['X-Forwarded-For']);
+	}
+	if (isset($package['headers_mixed']['Client-Ip'])) {
+		array_push($screener, $package['headers_mixed']['Client-Ip']);
+	}
+
+	$cookie_value = implode(" ", $screener);
+
+	bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
+	bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
+}
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -1,18 +1,18 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Specialized screening for trackbacks
-function bb2_trackback($package)
-{
-	// Web browsers don't send trackbacks
-	if ($package['is_browser']) {
-		return 'f0dcb3fd';
-	}
-
-	// Proxy servers don't send trackbacks either
-	if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
-		return 'd60b87c7';
-	}
-	return false;
-}
-
-?>
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Specialized screening for trackbacks
+function bb2_trackback($package)
+{
+	// Web browsers don't send trackbacks
+	if ($package['is_browser']) {
+		return 'f0dcb3fd';
+	}
+
+	// Proxy servers don't send trackbacks either
+	if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
+		return 'd60b87c7';
+	}
+	return false;
+}
+
+?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php	2008-06-18 07:45:07 UTC (rev 6569)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php	2008-06-18 17:23:17 UTC (rev 6570)
@@ -12,8 +12,8 @@
 
 	// Includes four examples of whitelisting by IP address and netblock.
 	$bb2_whitelist_ip_ranges = array(
-		"64.191.203.34/32",	// Digg whitelisted as of 2.0.12
-		"208.67.217.130/32",	// Digg whitelisted as of 2.0.12
+		"64.191.203.34",	// Digg whitelisted as of 2.0.12
+		"208.67.217.130",	// Digg whitelisted as of 2.0.12
 		"10.0.0.0/8",
 		"172.16.0.0/12",
 		"192.168.0.0/16",



More information about the pLog-svn mailing list