[pLog-svn] r7172 - in plog/branches/lifetype-1.2/plugins/badbehavior: . bad-behavior

jondaley at devel.lifetype.net jondaley at devel.lifetype.net
Wed Feb 22 00:08:44 EST 2012


Author: jondaley
Date: 2012-02-22 00:08:44 -0500 (Wed, 22 Feb 2012)
New Revision: 7172

Added:
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/browser.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/cloudflare.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/index.html
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/roundtripdns.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/searchengine.inc.php
Removed:
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/COPYING
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
Modified:
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
   plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php
Log:
updated bad-behavior to 2.2.2.  (after upgrading my php to 5.3, I started getting bad-behavior coding errors)

Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/COPYING
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/COPYING	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/COPYING	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,339 +0,0 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-			    NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -5,15 +5,28 @@
 
 require_once(BB2_CORE . "/responses.inc.php");
 
-function bb2_display_denial($settings, $key, $previous_key = false)
+function bb2_housekeeping($settings, $package)
 {
+	// FIXME Yes, the interval's hard coded (again) for now.
+	$query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
+	bb2_db_query($query);
+
+	// Waste a bunch more of the spammer's time, sometimes.
+	if (rand(1,1000) == 1) {
+		$query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
+		bb2_db_query($query);
+	}
+}
+
+function bb2_display_denial($settings, $package, $key, $previous_key = false)
+{
 	define('DONOTCACHEPAGE', true);	// WP Super Cache
 	if (!$previous_key) $previous_key = $key;
 	if ($key == "e87553e1") {
 		// FIXME: lookup the real key
 	}
 	// Create support key
-	$ip = explode(".", $_SERVER['REMOTE_ADDR']);
+	$ip = explode(".", $package['ip']);
 	$ip_hex = "";
 	foreach ($ip as $octet) {
 		$ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
@@ -24,6 +37,8 @@
 	$response = bb2_get_response($previous_key);
 	header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
 	header("Status: " . $response['response'] . " Bad Behavior");
+	$request_uri = $_SERVER["REQUEST_URI"];
+	if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME'];	# IIS
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <!--< html xmlns="http://www.w3.org/1999/xhtml">-->
@@ -33,7 +48,7 @@
 <body>
 <h1>Error <?php echo $response['response']; ?></h1>
 <p>We're sorry, but we could not fulfill your request for
-<?php echo htmlspecialchars($_SERVER['REQUEST_URI']) ?> on this server.</p>
+<?php echo htmlspecialchars($request_uri) ?> on this server.</p>
 <p><?php echo $response['explanation']; ?></p>
 <p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
 <p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
@@ -46,5 +61,3 @@
 	if (!$settings['logging']) return;
 	bb2_db_query(bb2_insert($settings, $package, $key));
 }
-
-?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,10 +1,5 @@
 <?php if (!defined('BB2_CORE')) die('I said no cheating!');
 
-// Quick and dirty check for an IPv6 address
-function is_ipv6($address) {
-	return (strpos($address, ":")) ? TRUE : FALSE;
-}
-
 // Look up address on various blackhole lists.
 // These should not be used for GET requests under any circumstances!
 // FIXME: Note that this code is no longer in use
@@ -63,7 +58,10 @@
 		if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) {
 			return '2b021b1f';
 		}
+		// Check if search engine
+		if ($ip[3] == 0) {
+			return 1;
+		}
 	}
 	return false;
 }
-?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -18,6 +18,7 @@
 		"EmailCollector",	// spam harvester
 		"Email Siphon",		// spam harvester
 		"EmailSiphon",		// spam harvester
+		"Forum Poster",		// forum spambot
 		"grub crawler",		// misc comment/email spam
 		"HttpProxy",		// misc comment/email spam
 		"Internet Explorer",	// XMLRPC exploits seen
@@ -34,7 +35,7 @@
 		"Mozilla ",		// malicious software
 		"Mozilla/2",		// malicious software
 		"Mozilla/4.0(",		// from honeypot
-		"Mozilla/4.0+(",	// suspicious harvester
+		"Mozilla/4.0+(compatible;+",	// suspicious harvester
 		"MSIE",			// malicious software
 		"NutchCVS",		// unidentified robots
 		"Nutscrape/",		// misc comment spam
@@ -42,8 +43,9 @@
 		"psycheclone",		// spam harvester
 		"PussyCat ",		// misc comment spam
 		"PycURL",		// misc comment spam
+		"Python-urllib",	// commonly abused
+//		WP 2.5 now has Flash; FIXME
 //		"Shockwave Flash",	// spam harvester
-//		WP 2.5 now has Flash; FIXME
 		"Super Happy Fun ",	// spam harvester
 		"TrackBack/",		// trackback spam
 		"user",			// suspicious harvester
@@ -69,11 +71,12 @@
 		"grub-client",		// search engine ignores robots.txt
 		"hanzoweb",		// very badly behaved crawler
 		"Indy Library",		// misc comment/email spam
-		"larbin at unspecified",	// stealth harvesters
+		"MSIE 7.0;  Windows NT 5.2",	// Cyveillance
 		"Murzillo compatible",	// comment spam bot
 		".NET CLR 1)",		// free poker, etc.
 		"POE-Component-Client",	// free poker, etc.
 		"Turing Machine",	// www.anonymizer.com abuse
+		"unspecified.mail",	// stealth harvesters
 		"User-agent: ",		// spam harvester/splogger
 		"WebaltBot",		// spam harvester
 		"WISEbot",		// spam harvester
@@ -83,6 +86,7 @@
 		"Windows NT 5.1;)",	// wikispam bot
 		"Windows XP 5",		// spam harvester
 		"WordPress/4.01",	// pingback spam
+		"Xedant Human Emulator",// spammer script engine
 		"\\\\)",		// spam harvester
 	);
 
@@ -121,5 +125,3 @@
 
 	return FALSE;
 }
-
-?>

Added: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/browser.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/browser.inc.php	                        (rev 0)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/browser.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -0,0 +1,84 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Konqueror
+
+function bb2_konqueror($package)
+{
+	// CafeKelsa is a dev project at Yahoo which indexes job listings for
+	// Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
+	if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
+		if (!array_key_exists('Accept', $package['headers_mixed'])) {
+			return "17566707";
+		}
+	}
+	return false;
+}
+
+// Analyze user agents claiming to be Lynx
+
+function bb2_lynx($package)
+{
+	if (!array_key_exists('Accept', $package['headers_mixed'])) {
+		return "17566707";
+	}
+	return false;
+}
+
+// Analyze user agents claiming to be Mozilla
+
+function bb2_mozilla($package)
+{
+	// First off, workaround for Google Desktop, until they fix it FIXME
+	// Google Desktop fixed it, but apparently some old versions are
+	// still out there. :(
+	// Always check accept header for Mozilla user agents
+	if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
+		if (!array_key_exists('Accept', $package['headers_mixed'])) {
+			return "17566707";
+		}
+	}
+	return false;
+}
+
+// Analyze user agents claiming to be MSIE
+
+function bb2_msie($package)
+{
+	if (!array_key_exists('Accept', $package['headers_mixed'])) {
+		return "17566707";
+	}
+
+	// MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
+	if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
+		return "a1084bad";
+	}
+
+	// MSIE does NOT send Connection: TE but Akamai does
+	// Bypass this test when Akamai detected
+	// The latest version of IE for Windows CE also uses Connection: TE
+	if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
+		return "2b90f772";
+	}
+
+	return false;
+}
+
+// Analyze user agents claiming to be Opera
+
+function bb2_opera($package)
+{
+	if (!array_key_exists('Accept', $package['headers_mixed'])) {
+		return "17566707";
+	}
+	return false;
+}
+
+// Analyze user agents claiming to be Safari
+
+function bb2_safari($package)
+{
+	if (!array_key_exists('Accept', $package['headers_mixed'])) {
+		return "17566707";
+	}
+	return false;
+}

Added: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/cloudflare.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/cloudflare.inc.php	                        (rev 0)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/cloudflare.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -0,0 +1,14 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze requests claiming to be from CloudFlare
+
+require_once(BB2_CORE . "/roundtripdns.inc.php");
+
+function bb2_cloudflare($package)
+{
+#	Disabled due to http://bugs.php.net/bug.php?id=53092
+#	if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
+#		return '70e45496';
+#	}
+	return false;
+}

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -4,9 +4,8 @@
 
 function bb2_protocol($settings, $package)
 {
-	// Is it claiming to be HTTP/1.0?  Then it shouldn't do HTTP/1.1 things
-	// Always run this test; we should never see Expect:
-	if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
+	// We should never see Expect: for HTTP/1.0 requests
+	if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
 		return "a0105122";
 	}
 
@@ -41,8 +40,10 @@
 
 	// Broken spambots send URLs with various invalid characters
 	// Some broken browsers send the #vector in the referer field :(
+	// Worse yet, some Javascript client-side apps do the same in
+	// blatant violation of the protocol and good sense.
 	// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
-	if (strpos($package['request_uri'], "#") !== FALSE) {
+	if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) {
 		return "dfd9b1ad";
 	}
 	// A pretty nasty SQL injection attack on IIS servers
@@ -54,9 +55,9 @@
 	// Real user-agents do not start ranges at 0
 	// NOTE: this blocks the whois.sc bot. No big loss.
 	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
-	// blocked again in the future)
+	// blocked again in the future); Facebook
 	if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
-		if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11)) {
+		if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua, "facebookexternalhit", 19)) {
 			return "7ad04a8a";
 		}
 	}
@@ -69,7 +70,6 @@
 	// Lowercase via is used by open proxies/referrer spammers
 	// Exceptions: Clearswift uses lowercase via (refuses to fix;
 	// may be blocked again in the future)
-	// Coral CDN uses lowercase via
 	if (array_key_exists('via', $package['headers']) &&
 		strpos($package['headers']['via'],'Clearswift') === FALSE &&
 		strpos($ua,'CoralWebPrx') === FALSE) {
@@ -106,6 +106,10 @@
 		if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
 			return "a52f0448";
 		}
+		// Keep-Alive format in RFC 2068; some bots mangle these headers
+		if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
+			return "b0924802";
+		}
 	}
 	
 
@@ -114,7 +118,9 @@
 		return "b9cc1d86";
 	}
 	// Proxy-Connection does not exist and should never be seen in the wild
-	if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
+	// http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html
+	// http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html
+	if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
 		return "b7830251";
 	}
 
@@ -126,7 +132,7 @@
 
 		// Referer, if it exists, must contain a :
 		// While a relative URL is technically valid in Referer, all known
-		// legit user-agents send an absolute URL
+		// legitimate user-agents send an absolute URL
 		if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
 			return "45b35e30";
 		}
@@ -140,5 +146,3 @@
 
 	return false;
 }
-
-?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,6 +1,7 @@
 <?php if (!defined('BB2_CWD')) die("I said no cheating!");
+define('BB2_VERSION', "2.2.2");
 
-// Bad Behavior entry point is start_bad_behavior().
+// Bad Behavior entry point is bb2_start()
 // If you're reading this, you are probably lost.
 // Go read the bad-behavior-generic.php file.
 
@@ -9,51 +10,6 @@
 
 require_once(BB2_CORE . "/functions.inc.php");
 
-// Our log table structure
-function bb2_table_structure($name)
-{
-	// It's not paranoia if they really are out to get you.
-	$name_escaped = bb2_db_escape($name);
-	return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
-		`id` INT(11) NOT NULL auto_increment,
-		`ip` TEXT NOT NULL,
-		`date` DATETIME NOT NULL default '0000-00-00 00:00:00',
-		`request_method` TEXT NOT NULL,
-		`request_uri` TEXT NOT NULL,
-		`server_protocol` TEXT NOT NULL,
-		`http_headers` TEXT NOT NULL,
-		`user_agent` TEXT NOT NULL,
-		`request_entity` TEXT NOT NULL,
-		`key` TEXT NOT NULL,
-		INDEX (`ip`(15)),
-		INDEX (`user_agent`(10)),
-		PRIMARY KEY (`id`) );";	// TODO: INDEX might need tuning
-}
-
-// Insert a new record
-function bb2_insert($settings, $package, $key)
-{
-	$ip = bb2_db_escape($package['ip']);
-	$date = bb2_db_date();
-	$request_method = bb2_db_escape($package['request_method']);
-	$request_uri = bb2_db_escape($package['request_uri']);
-	$server_protocol = bb2_db_escape($package['server_protocol']);
-	$user_agent = bb2_db_escape($package['user_agent']);
-	$headers = "$request_method $request_uri $server_protocol\n";
-	foreach ($package['headers'] as $h => $v) {
-		$headers .= bb2_db_escape("$h: $v\n");
-	}
-	$request_entity = "";
-	if (!strcasecmp($request_method, "POST")) {
-		foreach ($package['request_entity'] as $h => $v) {
-			$request_entity .= bb2_db_escape("$h: $v\n");
-		}
-	}
-	return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
-		(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
-		('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
-}
-
 // Kill 'em all!
 function bb2_banned($settings, $package, $key, $previous_key=false)
 {
@@ -61,13 +17,12 @@
 	sleep(2);
 
 	require_once(BB2_CORE . "/banned.inc.php");
-	bb2_display_denial($settings, $key, $previous_key);
+	bb2_display_denial($settings, $package, $key, $previous_key);
 	bb2_log_denial($settings, $package, $key, $previous_key);
 	if (is_callable('bb2_banned_callback')) {
 		bb2_banned_callback($settings, $package, $key);
 	}
 	// Penalize the spammers some more
-	require_once(BB2_CORE . "/housekeeping.inc.php");
 	bb2_housekeeping($settings, $package);
 	die();
 }
@@ -85,26 +40,41 @@
 	}
 }
 
-// Check the results of a particular test; see below for usage
-// Returns FALSE if test passed (yes this is backwards)
-function bb2_test($settings, $package, $result)
+# If this is reverse-proxied or load balanced, obtain the actual client IP
+function bb2_reverse_proxy($settings, $headers_mixed)
 {
-	if ($result !== FALSE)
-	{
-		bb2_banned($settings, $package, $result);
-		return TRUE;
+	# Detect if option is on when it should be off
+	$header = uc_all($settings['reverse_proxy_header']);
+	if (!array_key_exists($header, $headers_mixed)) {
+		return false;
 	}
-	return FALSE;
+	
+	$addrs = @array_reverse(preg_split("/[\s,]+/", $headers_mixed[$header]));
+	# Skip our known reverse proxies and private addresses
+	if (!empty($settings['reverse_proxy_addresses'])) {
+		foreach ($addrs as $addr) {
+			if (!match_cidr($addr, $settings['reverse_proxy_addresses']) && !is_rfc1918($addr)) {
+				return $addr;
+			}
+		}
+	} else {
+		foreach ($addrs as $addr) {
+			if (!is_rfc1918($addr)) {
+				return $addr;
+			}
+		}
+	}
+	# If we got here, someone is playing a trick on us.
+	return false;
 }
 
-
 // Let God sort 'em out!
 function bb2_start($settings)
 {
 	// Gather up all the information we need, first of all.
 	$headers = bb2_load_headers();
 	// Postprocess the headers to mixed-case
-	// FIXME: get the world to stop using PHP as CGI
+	// TODO: get the world to stop using PHP as CGI
 	$headers_mixed = array();
 	foreach ($headers as $h => $v) {
 		$headers_mixed[uc_all($h)] = $v;
@@ -112,90 +82,128 @@
 
 	// IPv6 - IPv4 compatibility mode hack
 	$_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
-	// We use these frequently. Keep a copy close at hand.
-	$ip = $_SERVER['REMOTE_ADDR'];
-	$request_method = $_SERVER['REQUEST_METHOD'];
-	$request_uri = $_SERVER['REQUEST_URI'];
-	$server_protocol = $_SERVER['SERVER_PROTOCOL'];
-	@$user_agent = $_SERVER['HTTP_USER_AGENT'];
 
 	// Reconstruct the HTTP entity, if present.
 	$request_entity = array();
-	if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
+	if (!strcasecmp($_SERVER['REQUEST_METHOD'], "POST") || !strcasecmp($_SERVER['REQUEST_METHOD'], "PUT")) {
 		foreach ($_POST as $h => $v) {
 			$request_entity[$h] = $v;
 		}
 	}
 
-	$package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
+	$request_uri = $_SERVER["REQUEST_URI"];
+	if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME'];	# IIS
 
-	// Please proceed to the security checkpoint and have your
-	// identification and boarding pass ready.
+	if ($settings['reverse_proxy'] && $ip = bb2_reverse_proxy($settings, $headers_mixed)) {
+		$headers['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
+		$headers_mixed['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
+	} else {
+		$ip = $_SERVER['REMOTE_ADDR'];
+	}
 
+	@$package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false,);
+
+	$result = bb2_screen($settings, $package);
+	if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
+	return $result;
+}
+
+function bb2_screen($settings, $package)
+{
+	// Please proceed to the security checkpoint, have your identification
+	// and boarding pass ready, and prepare to be nakedized or fondled.
+
+	// CloudFlare-specific checks not handled by reverse proxy code
+	// Thanks to butchs at Simple Machines
+	if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
+		require_once(BB2_CORE . "/cloudflare.inc.php");
+		$r = bb2_cloudflare($package);
+		if ($r !== false && $r != $package['ip']) return $r;
+	}
+
 	// First check the whitelist
 	require_once(BB2_CORE . "/whitelist.inc.php");
 	if (!bb2_whitelist($package)) {
 		// Now check the blacklist
 		require_once(BB2_CORE . "/blacklist.inc.php");
-		bb2_test($settings, $package, bb2_blacklist($package));
+		if ($r = bb2_blacklist($package)) return $r;
 
 		// Check the http:BL
 		require_once(BB2_CORE . "/blackhole.inc.php");
-		bb2_test($settings, $package, bb2_httpbl($settings, $package));
+		if ($r = bb2_httpbl($settings, $package)) {
+			if ($r == 1) return false;	# whitelisted
+			return $r;
+		}
 
 		// Check for common stuff
 		require_once(BB2_CORE . "/common_tests.inc.php");
-		bb2_test($settings, $package, bb2_protocol($settings, $package));
-		bb2_test($settings, $package, bb2_cookies($settings, $package));
-		bb2_test($settings, $package, bb2_misc_headers($settings, $package));
+		if ($r = bb2_protocol($settings, $package)) return $r;
+		if ($r = bb2_cookies($settings, $package)) return $r;
+		if ($r = bb2_misc_headers($settings, $package)) return $r;
 
 		// Specific checks
-		@$ua = $headers_mixed['User-Agent'];
+		@$ua = $package['user_agent'];
+		// Search engine checks come first
+		if (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
+			require_once(BB2_CORE . "/searchengine.inc.php");
+			if ($r = bb2_msnbot($package)) {
+				if ($r == 1) return false;	# whitelisted
+				return $r;
+			}
+			return false;
+		} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) {
+			require_once(BB2_CORE . "/searchengine.inc.php");
+			if ($r = bb2_google($package)) {
+				if ($r == 1) return false;	# whitelisted
+				return $r;
+			}
+			return false;
+		} elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
+			require_once(BB2_CORE . "/searchengine.inc.php");
+			if ($r = bb2_yahoo($package)) {
+				if ($r == 1) return false;	# whitelisted
+				return $r;
+			}
+			return false;
+		}
 		// MSIE checks
-		if (stripos($ua, "MSIE") !== FALSE) {
+		if (stripos($ua, "; MSIE") !== FALSE) {
 			$package['is_browser'] = true;
+			require_once(BB2_CORE . "/browser.inc.php");
 			if (stripos($ua, "Opera") !== FALSE) {
-				require_once(BB2_CORE . "/opera.inc.php");
-				bb2_test($settings, $package, bb2_opera($package));
+				if ($r = bb2_opera($package)) return $r;
 			} else {
-				require_once(BB2_CORE . "/msie.inc.php");
-				bb2_test($settings, $package, bb2_msie($package));
+				if ($r = bb2_msie($package)) return $r;
 			}
 		} elseif (stripos($ua, "Konqueror") !== FALSE) {
 			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/konqueror.inc.php");
-			bb2_test($settings, $package, bb2_konqueror($package));
+			require_once(BB2_CORE . "/browser.inc.php");
+			if ($r = bb2_konqueror($package)) return $r;
 		} elseif (stripos($ua, "Opera") !== FALSE) {
 			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/opera.inc.php");
-			bb2_test($settings, $package, bb2_opera($package));
+			require_once(BB2_CORE . "/browser.inc.php");
+			if ($r = bb2_opera($package)) return $r;
 		} elseif (stripos($ua, "Safari") !== FALSE) {
 			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/safari.inc.php");
-			bb2_test($settings, $package, bb2_safari($package));
+			require_once(BB2_CORE . "/browser.inc.php");
+			if ($r = bb2_safari($package)) return $r;
 		} elseif (stripos($ua, "Lynx") !== FALSE) {
 			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/lynx.inc.php");
-			bb2_test($settings, $package, bb2_lynx($package));
+			require_once(BB2_CORE . "/browser.inc.php");
+			if ($r = bb2_lynx($package)) return $r;
 		} elseif (stripos($ua, "MovableType") !== FALSE) {
 			require_once(BB2_CORE . "/movabletype.inc.php");
-			bb2_test($settings, $package, bb2_movabletype($package));
-		} elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
-			require_once(BB2_CORE . "/msnbot.inc.php");
-			bb2_test($settings, $package, bb2_msnbot($package));
-		} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
-			require_once(BB2_CORE . "/google.inc.php");
-			bb2_test($settings, $package, bb2_google($package));
+			if ($r = bb2_movabletype($package)) return $r;
 		} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
 			$package['is_browser'] = true;
-			require_once(BB2_CORE . "/mozilla.inc.php");
-			bb2_test($settings, $package, bb2_mozilla($package));
+			require_once(BB2_CORE . "/browser.inc.php");
+			if ($r = bb2_mozilla($package)) return $r;
 		}
 
 		// More intensive screening applies to POST requests
 		if (!strcasecmp('POST', $package['request_method'])) {
 			require_once(BB2_CORE . "/post.inc.php");
-			bb2_test($settings, $package, bb2_post($settings, $package));
+			if ($r = bb2_post($settings, $package)) return $r;
 		}
 	}
 
@@ -205,6 +213,5 @@
 
 	// And that's about it.
 	bb2_approved($settings, $package);
-	return true;
+	return false;
 }
-?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -2,6 +2,11 @@
 
 // Miscellaneous helper functions.
 
+// Quick and dirty check for an IPv6 address
+function is_ipv6($address) {
+	return (strpos($address, ":")) ? TRUE : FALSE;
+}
+
 // stripos() needed because stripos is only present on PHP 5
 if (!function_exists('stripos')) {
 	function stripos($haystack,$needle,$offset = 0) {
@@ -41,6 +46,7 @@
 		foreach ($cidr as $cidrlet) {
 			if (match_cidr($addr, $cidrlet)) {
 				$output = true;
+				break;
 			}
 		}
 	} else {
@@ -52,6 +58,10 @@
 	return $output;
 }
 
+// Determine if an IP address is reserved by RFC 1918.
+function is_rfc1918($addr) {
+	return match_cidr($addr, array("10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"));
+}
 // Obtain all the HTTP headers.
 // NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
 // headers. Run PHP as Apache 2.0 module if possible for best results.
@@ -59,12 +69,10 @@
 	if (!is_callable('getallheaders')) {
 		$headers = array();
 		foreach ($_SERVER as $h => $v)
-			if (ereg('HTTP_(.+)', $h, $hp))
+			if (preg_match('/HTTP_(.+)/', $h, $hp))
 				$headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
 	} else {
 		$headers = getallheaders();
 	}
 	return $headers;
 }
-
-?>

Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Googlebot
-
-function bb2_google($package)
-{
-	if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
-		return "f1182195";
-	}
-	return false;
-}
-
-?>

Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,16 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_housekeeping($settings, $package)
-{
-	// FIXME Yes, the interval's hard coded (again) for now.
-	$query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
-	bb2_db_query($query);
-
-	// Waste a bunch more of the spammer's time, sometimes.
-	if (rand(1,1000) == 1) {
-		$query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
-		bb2_db_query($query);
-	}
-}
-
-?>

Added: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/index.html
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/index.html	                        (rev 0)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/index.html	2012-02-22 05:08:44 UTC (rev 7172)
@@ -0,0 +1 @@
+Viewing directory contents is not permitted.

Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,17 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Konqueror
-
-function bb2_konqueror($package)
-{
-	// CafeKelsa is a dev project at Yahoo which indexes job listings for
-	// Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
-	if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
-		if (!array_key_exists('Accept', $package['headers_mixed'])) {
-			return "17566707";
-		}
-	}
-	return false;
-}
-
-?>

Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Lynx
-
-function bb2_lynx($package)
-{
-	if (!array_key_exists('Accept', $package['headers_mixed'])) {
-		return "17566707";
-	}
-	return false;
-}
-
-?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -10,5 +10,3 @@
 	}
 	return false;
 }
-
-?>

Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,19 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Mozilla
-
-function bb2_mozilla($package)
-{
-	// First off, workaround for Google Desktop, until they fix it FIXME
-	// Google Desktop fixed it, but apparently some old versions are
-	// still out there. :(
-	// Always check accept header for Mozilla user agents
-	if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
-		if (!array_key_exists('Accept', $package['headers_mixed'])) {
-			return "17566707";
-		}
-	}
-	return false;
-}
-
-?>

Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,26 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be MSIE
-
-function bb2_msie($package)
-{
-	if (!array_key_exists('Accept', $package['headers_mixed'])) {
-		return "17566707";
-	}
-
-	// MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
-	if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
-		return "a1084bad";
-	}
-
-	// MSIE does NOT send Connection: TE but Akamai does
-	// Bypass this test when Akamai detected
-	// The latest version of IE for Windows CE also uses Connection: TE
-	if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
-		return "2b90f772";
-	}
-
-	return false;
-}
-
-?>

Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be msnbot
-
-function bb2_msnbot($package)
-{
-	if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
-		return "e4de0453";
-	}
-	return false;
-}
-
-?>

Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Opera
-
-function bb2_opera($package)
-{
-	if (!array_key_exists('Accept', $package['headers_mixed'])) {
-		return "17566707";
-	}
-	return false;
-}
-
-?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,13 +1,36 @@
 <?php if (!defined('BB2_CORE')) die('I said no cheating!');
 
+// Specialized screening for trackbacks
+function bb2_trackback($package)
+{
+	// Web browsers don't send trackbacks
+	if ($package['is_browser']) {
+		return 'f0dcb3fd';
+	}
+
+	// Proxy servers don't send trackbacks either
+	if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
+		return 'd60b87c7';
+	}
+
+	// Fake WordPress trackbacks
+	// Real ones do not contain Accept:, and have a charset defined
+	// Real WP trackbacks may contain Accept: depending on the HTTP
+	// transport being used by the sending host
+	if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
+		if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
+			return 'e3990b47';
+		}
+	}
+	return false;
+}
+
 // All tests which apply specifically to POST requests
 function bb2_post($settings, $package)
 {
 	// Check blackhole lists for known spam/malicious activity
-        // LifeType mod by pwestbro: dns blacklist checks can be done in the 
-        // dnsantispam plugin.
-        //	require_once(BB2_CORE . "/blackhole.inc.php");
-        //	bb2_test($settings, $package, bb2_blackhole($package));
+	// require_once(BB2_CORE . "/blackhole.inc.php");
+	// if ($r = bb2_blackhole($package)) return $r;
 
 	// MovableType needs specialized screening
 	if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
@@ -19,7 +42,6 @@
 	// Trackbacks need special screening
 	$request_entity = $package['request_entity'];
 	if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
-		require_once(BB2_CORE . "/trackback.inc.php");
 		return bb2_trackback($package);
 	}
 
@@ -32,7 +54,7 @@
 	}
 
 	// If Referer exists, it should refer to a page on our site
-    if ($settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
+	if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
 		return "cd361abb";
 	}
 
@@ -55,10 +77,8 @@
 		// if ($screener + 5 > time())
 		//	return "408d7e72";
 		// Posting too slow? 48 hr
-            // LifeType mod by jondaley: since pages can be cached, the cookie might not be updated
-            // and this can get tripped incorrectly
-            // if ($screener + 172800 < time())
-            // return "b40c8ddc";
+		if ($screener + 172800 < time())
+			return "b40c8ddc";
 
 		// Screen by IP address
 		$ip = ip2long($package['ip']);
@@ -80,5 +100,3 @@
 
 	return false;
 }
-
-?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -19,6 +19,8 @@
 		'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
 		'69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
 		'6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
+		'70e45496' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User agent claimed to be CloudFlare, claim appears false'),
+		'71436a15' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Yahoo, claim appears to be false'),
 		'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
 		'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
 		'7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
@@ -28,6 +30,7 @@
 		'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
 		'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
 		'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received.  This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
+		'b0924802' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by malicious software on your computer.', 'log' => 'Incorrect form of HTTP/1.0 Keep-Alive'),
 		'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
 		'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
 		'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
@@ -46,4 +49,3 @@
 	if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
 	return array('00000000');
 }
-?>

Added: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/roundtripdns.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/roundtripdns.inc.php	                        (rev 0)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/roundtripdns.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -0,0 +1,20 @@
+<?php if (!defined('BB2_CORE')) die("I said no cheating!");
+
+# Round trip DNS verification
+
+# Returns TRUE if DNS matches; FALSE on mismatch
+# Returns $ip if an error occurs
+# TODO: Not IPv6 safe
+# FIXME: Returns false on DNS server failure; PHP provides no distinction
+# between no records and error condition
+function bb2_roundtripdns($ip,$domain)
+{
+	if (@is_ipv6($ip)) return $ip;
+
+	$host = gethostbyaddr($ip);
+	$host_result = strpos(strrev($host), strrev($domain));
+	if ($host_result === false || $host_result > 0) return false;
+	$addrs = gethostbynamel($host);
+	if (in_array($ip, $addrs)) return true;
+	return false;
+}

Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Safari
-
-function bb2_safari($package)
-{
-	if (!array_key_exists('Accept', $package['headers_mixed'])) {
-		return "17566707";
-	}
-	return false;
-}
-
-?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -60,4 +60,3 @@
 	bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
 	bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
 }
-?>

Added: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/searchengine.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/searchengine.inc.php	                        (rev 0)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/searchengine.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -0,0 +1,45 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+require_once(BB2_CORE . "/roundtripdns.inc.php");
+
+// Analyze user agents claiming to be Googlebot
+
+function bb2_google($package)
+{
+	if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === FALSE) {
+		return "f1182195";
+	}
+#	Disabled due to http://bugs.php.net/bug.php?id=53092
+#	if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
+#		return "f1182195";
+#	}
+	return false;
+}
+
+// Analyze user agents claiming to be msnbot
+
+function bb2_msnbot($package)
+{
+	if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
+		return "e4de0453";
+	}
+#	Disabled due to http://bugs.php.net/bug.php?id=53092
+#	if (!bb2_roundtripdns($package['ip'], "msn.com")) {
+#		return "e4de0453";
+#	}
+	return false;
+}
+
+// Analyze user agents claiming to be Yahoo!
+
+function bb2_yahoo($package)
+{
+	if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
+		return '71436a15';
+	}
+#	Disabled due to http://bugs.php.net/bug.php?id=53092
+#	if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
+#		return "71436a15";
+#	}
+	return false;
+}

Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,28 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Specialized screening for trackbacks
-function bb2_trackback($package)
-{
-	// Web browsers don't send trackbacks
-	if ($package['is_browser']) {
-		return 'f0dcb3fd';
-	}
-
-	// Proxy servers don't send trackbacks either
-	if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
-		return 'd60b87c7';
-	}
-
-	// Fake WordPress trackbacks
-	// Real ones do not contain Accept:, and have a charset defined
-	// Real WP trackbacks may contain Accept: depending on the HTTP
-	// transport being used by the sending host
-	if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
-		if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
-			return 'e3990b47';
-		}
-	}
-	return false;
-}
-
-?>

Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,3 +0,0 @@
-<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.0.36");
-?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -2,82 +2,28 @@
 
 function bb2_whitelist($package)
 {
-	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+	$whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
 
-	// Inappropriate whitelisting WILL expose you to spam, or cause Bad
-	// Behavior to stop functioning entirely!  DO NOT WHITELIST unless you
-	// are 100% CERTAIN that you should.
-
-	// IP address ranges use the CIDR format.
-
-	// Includes four examples of whitelisting by IP address and netblock.
-	$bb2_whitelist_ip_ranges = array(
-		"64.191.203.34",	// Digg whitelisted as of 2.0.12
-		"208.67.217.130",	// Digg whitelisted as of 2.0.12
-		"10.0.0.0/8",
-		"172.16.0.0/12",
-		"192.168.0.0/16",
-//		"127.0.0.1",
-	);
-
-	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
-	// Inappropriate whitelisting WILL expose you to spam, or cause Bad
-	// Behavior to stop functioning entirely!  DO NOT WHITELIST unless you
-	// are 100% CERTAIN that you should.
-
-	// You should not whitelist search engines by user agent. Use the IP
-	// netblock for the search engine instead. See http://whois.arin.net/
-	// to locate the netblocks for an IP.
-
-	// User agents are matched by exact match only.
-
-	// Includes one example of whitelisting by user agent.
-	// All are commented out.
-	$bb2_whitelist_user_agents = array(
-	//	"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
-	);
-
-	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
-	// Inappropriate whitelisting WILL expose you to spam, or cause Bad
-	// Behavior to stop functioning entirely!  DO NOT WHITELIST unless you
-	// are 100% CERTAIN that you should.
-
-	// URLs are matched from the first / after the server name up to,
-	// but not including, the ? (if any).
-
-	// Includes two examples of whitelisting by URL.
-	$bb2_whitelist_urls = array(
-	//	"/example.php",
-	//	"/openid/server",
-	);
-
-	// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
-	// Do not edit below this line
-
-	if (!empty($bb2_whitelist_ip_ranges)) {
-		foreach ($bb2_whitelist_ip_ranges as $range) {
+	if (@!empty($whitelists['ip'])) {
+		foreach ($whitelists['ip'] as $range) {
 			if (match_cidr($package['ip'], $range)) return true;
 		}
 	}
-	if (!empty($bb2_whitelist_user_agents)) {
-		foreach ($bb2_whitelist_user_agents as $user_agent) {
+	if (@!empty($whitelists['useragent'])) {
+		foreach ($whitelists['useragent'] as $user_agent) {
 			if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
 		}
 	}
-	if (!empty($bb2_whitelist_urls)) {
+	if (@!empty($whitelists['url'])) {
 		if (strpos($package['request_uri'], "?") === FALSE) {
 			$request_uri = $package['request_uri'];
 		} else {
-			$request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
+			$request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
 		}
-		foreach ($bb2_whitelist_urls as $url) {
-			if (!strcmp($request_uri, $url)) return true;
+		foreach ($whitelists['url'] as $url) {
+			$pos = strpos($request_uri, $url);
+			if ($pos !== false && $pos == 0) return true;
 		}
 	}
 	return false;
 }
-
-?>

Modified: plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php	2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php	2012-02-22 05:08:44 UTC (rev 7172)
@@ -20,7 +20,7 @@
 			$this->desc = "Bad Behavior for LifeType";
 			$this->author = "The Lifetype Project";
 			$this->db =& Db::getDb();
-            $this->version = "20100130";
+            $this->version = "20120222";
 		
 			$config =& Config::getConfig();
 			$prefix = Db::getPrefix();



More information about the pLog-svn mailing list