[pLog-svn] r7172 - in plog/branches/lifetype-1.2/plugins/badbehavior: . bad-behavior
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Wed Feb 22 00:08:44 EST 2012
Author: jondaley
Date: 2012-02-22 00:08:44 -0500 (Wed, 22 Feb 2012)
New Revision: 7172
Added:
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/browser.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/cloudflare.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/index.html
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/roundtripdns.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/searchengine.inc.php
Removed:
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/COPYING
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
Modified:
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php
Log:
updated bad-behavior to 2.2.2. (after upgrading my php to 5.3, I started getting bad-behavior coding errors)
Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/COPYING
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/COPYING 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/COPYING 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,339 +0,0 @@
- GNU GENERAL PUBLIC LICENSE
- Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
- Preamble
-
- The licenses for most software are designed to take away your
-freedom to share and change it. By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users. This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it. (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.) You can apply it to
-your programs, too.
-
- When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
- To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
- For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have. You must make sure that they, too, receive or can get the
-source code. And you must show them these terms so they know their
-rights.
-
- We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
- Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software. If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
- Finally, any free program is threatened constantly by software
-patents. We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary. To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
- The precise terms and conditions for copying, distribution and
-modification follow.
-
- GNU GENERAL PUBLIC LICENSE
- TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
- 0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License. The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language. (Hereinafter, translation is included without limitation in
-the term "modification".) Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope. The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
- 1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
- 2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
- a) You must cause the modified files to carry prominent notices
- stating that you changed the files and the date of any change.
-
- b) You must cause any work that you distribute or publish, that in
- whole or in part contains or is derived from the Program or any
- part thereof, to be licensed as a whole at no charge to all third
- parties under the terms of this License.
-
- c) If the modified program normally reads commands interactively
- when run, you must cause it, when started running for such
- interactive use in the most ordinary way, to print or display an
- announcement including an appropriate copyright notice and a
- notice that there is no warranty (or else, saying that you provide
- a warranty) and that users may redistribute the program under
- these conditions, and telling the user how to view a copy of this
- License. (Exception: if the Program itself is interactive but
- does not normally print such an announcement, your work based on
- the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole. If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works. But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
- 3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
- a) Accompany it with the complete corresponding machine-readable
- source code, which must be distributed under the terms of Sections
- 1 and 2 above on a medium customarily used for software interchange; or,
-
- b) Accompany it with a written offer, valid for at least three
- years, to give any third party, for a charge no more than your
- cost of physically performing source distribution, a complete
- machine-readable copy of the corresponding source code, to be
- distributed under the terms of Sections 1 and 2 above on a medium
- customarily used for software interchange; or,
-
- c) Accompany it with the information you received as to the offer
- to distribute corresponding source code. (This alternative is
- allowed only for noncommercial distribution and only if you
- received the program in object code or executable form with such
- an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it. For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable. However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
- 4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License. Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
- 5. You are not required to accept this License, since you have not
-signed it. However, nothing else grants you permission to modify or
-distribute the Program or its derivative works. These actions are
-prohibited by law if you do not accept this License. Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
- 6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions. You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
- 7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all. For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices. Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
- 8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded. In such case, this License incorporates
-the limitation as if written in the body of this License.
-
- 9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time. Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation. If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
- 10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission. For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this. Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
- NO WARRANTY
-
- 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
- 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
- END OF TERMS AND CONDITIONS
-
- How to Apply These Terms to Your New Programs
-
- If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
- To do so, attach the following notices to the program. It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
- <one line to give the program's name and a brief idea of what it does.>
- Copyright (C) <year> <name of author>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
- Gnomovision version 69, Copyright (C) year name of author
- Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
- This is free software, and you are welcome to redistribute it
- under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License. Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary. Here is a sample; alter the names:
-
- Yoyodyne, Inc., hereby disclaims all copyright interest in the program
- `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
- <signature of Ty Coon>, 1 April 1989
- Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs. If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library. If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/banned.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -5,15 +5,28 @@
require_once(BB2_CORE . "/responses.inc.php");
-function bb2_display_denial($settings, $key, $previous_key = false)
+function bb2_housekeeping($settings, $package)
{
+ // FIXME Yes, the interval's hard coded (again) for now.
+ $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
+ bb2_db_query($query);
+
+ // Waste a bunch more of the spammer's time, sometimes.
+ if (rand(1,1000) == 1) {
+ $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
+ bb2_db_query($query);
+ }
+}
+
+function bb2_display_denial($settings, $package, $key, $previous_key = false)
+{
define('DONOTCACHEPAGE', true); // WP Super Cache
if (!$previous_key) $previous_key = $key;
if ($key == "e87553e1") {
// FIXME: lookup the real key
}
// Create support key
- $ip = explode(".", $_SERVER['REMOTE_ADDR']);
+ $ip = explode(".", $package['ip']);
$ip_hex = "";
foreach ($ip as $octet) {
$ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
@@ -24,6 +37,8 @@
$response = bb2_get_response($previous_key);
header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
header("Status: " . $response['response'] . " Bad Behavior");
+ $request_uri = $_SERVER["REQUEST_URI"];
+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--< html xmlns="http://www.w3.org/1999/xhtml">-->
@@ -33,7 +48,7 @@
<body>
<h1>Error <?php echo $response['response']; ?></h1>
<p>We're sorry, but we could not fulfill your request for
-<?php echo htmlspecialchars($_SERVER['REQUEST_URI']) ?> on this server.</p>
+<?php echo htmlspecialchars($request_uri) ?> on this server.</p>
<p><?php echo $response['explanation']; ?></p>
<p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
<p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
@@ -46,5 +61,3 @@
if (!$settings['logging']) return;
bb2_db_query(bb2_insert($settings, $package, $key));
}
-
-?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blackhole.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,10 +1,5 @@
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-// Quick and dirty check for an IPv6 address
-function is_ipv6($address) {
- return (strpos($address, ":")) ? TRUE : FALSE;
-}
-
// Look up address on various blackhole lists.
// These should not be used for GET requests under any circumstances!
// FIXME: Note that this code is no longer in use
@@ -63,7 +58,10 @@
if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) {
return '2b021b1f';
}
+ // Check if search engine
+ if ($ip[3] == 0) {
+ return 1;
+ }
}
return false;
}
-?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/blacklist.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -18,6 +18,7 @@
"EmailCollector", // spam harvester
"Email Siphon", // spam harvester
"EmailSiphon", // spam harvester
+ "Forum Poster", // forum spambot
"grub crawler", // misc comment/email spam
"HttpProxy", // misc comment/email spam
"Internet Explorer", // XMLRPC exploits seen
@@ -34,7 +35,7 @@
"Mozilla ", // malicious software
"Mozilla/2", // malicious software
"Mozilla/4.0(", // from honeypot
- "Mozilla/4.0+(", // suspicious harvester
+ "Mozilla/4.0+(compatible;+", // suspicious harvester
"MSIE", // malicious software
"NutchCVS", // unidentified robots
"Nutscrape/", // misc comment spam
@@ -42,8 +43,9 @@
"psycheclone", // spam harvester
"PussyCat ", // misc comment spam
"PycURL", // misc comment spam
+ "Python-urllib", // commonly abused
+// WP 2.5 now has Flash; FIXME
// "Shockwave Flash", // spam harvester
-// WP 2.5 now has Flash; FIXME
"Super Happy Fun ", // spam harvester
"TrackBack/", // trackback spam
"user", // suspicious harvester
@@ -69,11 +71,12 @@
"grub-client", // search engine ignores robots.txt
"hanzoweb", // very badly behaved crawler
"Indy Library", // misc comment/email spam
- "larbin at unspecified", // stealth harvesters
+ "MSIE 7.0; Windows NT 5.2", // Cyveillance
"Murzillo compatible", // comment spam bot
".NET CLR 1)", // free poker, etc.
"POE-Component-Client", // free poker, etc.
"Turing Machine", // www.anonymizer.com abuse
+ "unspecified.mail", // stealth harvesters
"User-agent: ", // spam harvester/splogger
"WebaltBot", // spam harvester
"WISEbot", // spam harvester
@@ -83,6 +86,7 @@
"Windows NT 5.1;)", // wikispam bot
"Windows XP 5", // spam harvester
"WordPress/4.01", // pingback spam
+ "Xedant Human Emulator",// spammer script engine
"\\\\)", // spam harvester
);
@@ -121,5 +125,3 @@
return FALSE;
}
-
-?>
Added: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/browser.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/browser.inc.php (rev 0)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/browser.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -0,0 +1,84 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Konqueror
+
+function bb2_konqueror($package)
+{
+ // CafeKelsa is a dev project at Yahoo which indexes job listings for
+ // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
+ if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ }
+ return false;
+}
+
+// Analyze user agents claiming to be Lynx
+
+function bb2_lynx($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ return false;
+}
+
+// Analyze user agents claiming to be Mozilla
+
+function bb2_mozilla($package)
+{
+ // First off, workaround for Google Desktop, until they fix it FIXME
+ // Google Desktop fixed it, but apparently some old versions are
+ // still out there. :(
+ // Always check accept header for Mozilla user agents
+ if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ }
+ return false;
+}
+
+// Analyze user agents claiming to be MSIE
+
+function bb2_msie($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+
+ // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
+ if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
+ return "a1084bad";
+ }
+
+ // MSIE does NOT send Connection: TE but Akamai does
+ // Bypass this test when Akamai detected
+ // The latest version of IE for Windows CE also uses Connection: TE
+ if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
+ return "2b90f772";
+ }
+
+ return false;
+}
+
+// Analyze user agents claiming to be Opera
+
+function bb2_opera($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ return false;
+}
+
+// Analyze user agents claiming to be Safari
+
+function bb2_safari($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ return false;
+}
Added: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/cloudflare.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/cloudflare.inc.php (rev 0)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/cloudflare.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -0,0 +1,14 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze requests claiming to be from CloudFlare
+
+require_once(BB2_CORE . "/roundtripdns.inc.php");
+
+function bb2_cloudflare($package)
+{
+# Disabled due to http://bugs.php.net/bug.php?id=53092
+# if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
+# return '70e45496';
+# }
+ return false;
+}
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/common_tests.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -4,9 +4,8 @@
function bb2_protocol($settings, $package)
{
- // Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
- // Always run this test; we should never see Expect:
- if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
+ // We should never see Expect: for HTTP/1.0 requests
+ if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
return "a0105122";
}
@@ -41,8 +40,10 @@
// Broken spambots send URLs with various invalid characters
// Some broken browsers send the #vector in the referer field :(
+ // Worse yet, some Javascript client-side apps do the same in
+ // blatant violation of the protocol and good sense.
// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
- if (strpos($package['request_uri'], "#") !== FALSE) {
+ if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) {
return "dfd9b1ad";
}
// A pretty nasty SQL injection attack on IIS servers
@@ -54,9 +55,9 @@
// Real user-agents do not start ranges at 0
// NOTE: this blocks the whois.sc bot. No big loss.
// Exceptions: MT (not fixable); LJ (refuses to fix; may be
- // blocked again in the future)
+ // blocked again in the future); Facebook
if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
- if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11)) {
+ if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua, "facebookexternalhit", 19)) {
return "7ad04a8a";
}
}
@@ -69,7 +70,6 @@
// Lowercase via is used by open proxies/referrer spammers
// Exceptions: Clearswift uses lowercase via (refuses to fix;
// may be blocked again in the future)
- // Coral CDN uses lowercase via
if (array_key_exists('via', $package['headers']) &&
strpos($package['headers']['via'],'Clearswift') === FALSE &&
strpos($ua,'CoralWebPrx') === FALSE) {
@@ -106,6 +106,10 @@
if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
return "a52f0448";
}
+ // Keep-Alive format in RFC 2068; some bots mangle these headers
+ if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
+ return "b0924802";
+ }
}
@@ -114,7 +118,9 @@
return "b9cc1d86";
}
// Proxy-Connection does not exist and should never be seen in the wild
- if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
+ // http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html
+ // http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html
+ if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
return "b7830251";
}
@@ -126,7 +132,7 @@
// Referer, if it exists, must contain a :
// While a relative URL is technically valid in Referer, all known
- // legit user-agents send an absolute URL
+ // legitimate user-agents send an absolute URL
if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
return "45b35e30";
}
@@ -140,5 +146,3 @@
return false;
}
-
-?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/core.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,6 +1,7 @@
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
+define('BB2_VERSION', "2.2.2");
-// Bad Behavior entry point is start_bad_behavior().
+// Bad Behavior entry point is bb2_start()
// If you're reading this, you are probably lost.
// Go read the bad-behavior-generic.php file.
@@ -9,51 +10,6 @@
require_once(BB2_CORE . "/functions.inc.php");
-// Our log table structure
-function bb2_table_structure($name)
-{
- // It's not paranoia if they really are out to get you.
- $name_escaped = bb2_db_escape($name);
- return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
- `id` INT(11) NOT NULL auto_increment,
- `ip` TEXT NOT NULL,
- `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
- `request_method` TEXT NOT NULL,
- `request_uri` TEXT NOT NULL,
- `server_protocol` TEXT NOT NULL,
- `http_headers` TEXT NOT NULL,
- `user_agent` TEXT NOT NULL,
- `request_entity` TEXT NOT NULL,
- `key` TEXT NOT NULL,
- INDEX (`ip`(15)),
- INDEX (`user_agent`(10)),
- PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
-}
-
-// Insert a new record
-function bb2_insert($settings, $package, $key)
-{
- $ip = bb2_db_escape($package['ip']);
- $date = bb2_db_date();
- $request_method = bb2_db_escape($package['request_method']);
- $request_uri = bb2_db_escape($package['request_uri']);
- $server_protocol = bb2_db_escape($package['server_protocol']);
- $user_agent = bb2_db_escape($package['user_agent']);
- $headers = "$request_method $request_uri $server_protocol\n";
- foreach ($package['headers'] as $h => $v) {
- $headers .= bb2_db_escape("$h: $v\n");
- }
- $request_entity = "";
- if (!strcasecmp($request_method, "POST")) {
- foreach ($package['request_entity'] as $h => $v) {
- $request_entity .= bb2_db_escape("$h: $v\n");
- }
- }
- return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
- (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
- ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
-}
-
// Kill 'em all!
function bb2_banned($settings, $package, $key, $previous_key=false)
{
@@ -61,13 +17,12 @@
sleep(2);
require_once(BB2_CORE . "/banned.inc.php");
- bb2_display_denial($settings, $key, $previous_key);
+ bb2_display_denial($settings, $package, $key, $previous_key);
bb2_log_denial($settings, $package, $key, $previous_key);
if (is_callable('bb2_banned_callback')) {
bb2_banned_callback($settings, $package, $key);
}
// Penalize the spammers some more
- require_once(BB2_CORE . "/housekeeping.inc.php");
bb2_housekeeping($settings, $package);
die();
}
@@ -85,26 +40,41 @@
}
}
-// Check the results of a particular test; see below for usage
-// Returns FALSE if test passed (yes this is backwards)
-function bb2_test($settings, $package, $result)
+# If this is reverse-proxied or load balanced, obtain the actual client IP
+function bb2_reverse_proxy($settings, $headers_mixed)
{
- if ($result !== FALSE)
- {
- bb2_banned($settings, $package, $result);
- return TRUE;
+ # Detect if option is on when it should be off
+ $header = uc_all($settings['reverse_proxy_header']);
+ if (!array_key_exists($header, $headers_mixed)) {
+ return false;
}
- return FALSE;
+
+ $addrs = @array_reverse(preg_split("/[\s,]+/", $headers_mixed[$header]));
+ # Skip our known reverse proxies and private addresses
+ if (!empty($settings['reverse_proxy_addresses'])) {
+ foreach ($addrs as $addr) {
+ if (!match_cidr($addr, $settings['reverse_proxy_addresses']) && !is_rfc1918($addr)) {
+ return $addr;
+ }
+ }
+ } else {
+ foreach ($addrs as $addr) {
+ if (!is_rfc1918($addr)) {
+ return $addr;
+ }
+ }
+ }
+ # If we got here, someone is playing a trick on us.
+ return false;
}
-
// Let God sort 'em out!
function bb2_start($settings)
{
// Gather up all the information we need, first of all.
$headers = bb2_load_headers();
// Postprocess the headers to mixed-case
- // FIXME: get the world to stop using PHP as CGI
+ // TODO: get the world to stop using PHP as CGI
$headers_mixed = array();
foreach ($headers as $h => $v) {
$headers_mixed[uc_all($h)] = $v;
@@ -112,90 +82,128 @@
// IPv6 - IPv4 compatibility mode hack
$_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
- // We use these frequently. Keep a copy close at hand.
- $ip = $_SERVER['REMOTE_ADDR'];
- $request_method = $_SERVER['REQUEST_METHOD'];
- $request_uri = $_SERVER['REQUEST_URI'];
- $server_protocol = $_SERVER['SERVER_PROTOCOL'];
- @$user_agent = $_SERVER['HTTP_USER_AGENT'];
// Reconstruct the HTTP entity, if present.
$request_entity = array();
- if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
+ if (!strcasecmp($_SERVER['REQUEST_METHOD'], "POST") || !strcasecmp($_SERVER['REQUEST_METHOD'], "PUT")) {
foreach ($_POST as $h => $v) {
$request_entity[$h] = $v;
}
}
- $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
+ $request_uri = $_SERVER["REQUEST_URI"];
+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
- // Please proceed to the security checkpoint and have your
- // identification and boarding pass ready.
+ if ($settings['reverse_proxy'] && $ip = bb2_reverse_proxy($settings, $headers_mixed)) {
+ $headers['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
+ $headers_mixed['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
+ } else {
+ $ip = $_SERVER['REMOTE_ADDR'];
+ }
+ @$package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false,);
+
+ $result = bb2_screen($settings, $package);
+ if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
+ return $result;
+}
+
+function bb2_screen($settings, $package)
+{
+ // Please proceed to the security checkpoint, have your identification
+ // and boarding pass ready, and prepare to be nakedized or fondled.
+
+ // CloudFlare-specific checks not handled by reverse proxy code
+ // Thanks to butchs at Simple Machines
+ if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
+ require_once(BB2_CORE . "/cloudflare.inc.php");
+ $r = bb2_cloudflare($package);
+ if ($r !== false && $r != $package['ip']) return $r;
+ }
+
// First check the whitelist
require_once(BB2_CORE . "/whitelist.inc.php");
if (!bb2_whitelist($package)) {
// Now check the blacklist
require_once(BB2_CORE . "/blacklist.inc.php");
- bb2_test($settings, $package, bb2_blacklist($package));
+ if ($r = bb2_blacklist($package)) return $r;
// Check the http:BL
require_once(BB2_CORE . "/blackhole.inc.php");
- bb2_test($settings, $package, bb2_httpbl($settings, $package));
+ if ($r = bb2_httpbl($settings, $package)) {
+ if ($r == 1) return false; # whitelisted
+ return $r;
+ }
// Check for common stuff
require_once(BB2_CORE . "/common_tests.inc.php");
- bb2_test($settings, $package, bb2_protocol($settings, $package));
- bb2_test($settings, $package, bb2_cookies($settings, $package));
- bb2_test($settings, $package, bb2_misc_headers($settings, $package));
+ if ($r = bb2_protocol($settings, $package)) return $r;
+ if ($r = bb2_cookies($settings, $package)) return $r;
+ if ($r = bb2_misc_headers($settings, $package)) return $r;
// Specific checks
- @$ua = $headers_mixed['User-Agent'];
+ @$ua = $package['user_agent'];
+ // Search engine checks come first
+ if (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
+ require_once(BB2_CORE . "/searchengine.inc.php");
+ if ($r = bb2_msnbot($package)) {
+ if ($r == 1) return false; # whitelisted
+ return $r;
+ }
+ return false;
+ } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) {
+ require_once(BB2_CORE . "/searchengine.inc.php");
+ if ($r = bb2_google($package)) {
+ if ($r == 1) return false; # whitelisted
+ return $r;
+ }
+ return false;
+ } elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
+ require_once(BB2_CORE . "/searchengine.inc.php");
+ if ($r = bb2_yahoo($package)) {
+ if ($r == 1) return false; # whitelisted
+ return $r;
+ }
+ return false;
+ }
// MSIE checks
- if (stripos($ua, "MSIE") !== FALSE) {
+ if (stripos($ua, "; MSIE") !== FALSE) {
$package['is_browser'] = true;
+ require_once(BB2_CORE . "/browser.inc.php");
if (stripos($ua, "Opera") !== FALSE) {
- require_once(BB2_CORE . "/opera.inc.php");
- bb2_test($settings, $package, bb2_opera($package));
+ if ($r = bb2_opera($package)) return $r;
} else {
- require_once(BB2_CORE . "/msie.inc.php");
- bb2_test($settings, $package, bb2_msie($package));
+ if ($r = bb2_msie($package)) return $r;
}
} elseif (stripos($ua, "Konqueror") !== FALSE) {
$package['is_browser'] = true;
- require_once(BB2_CORE . "/konqueror.inc.php");
- bb2_test($settings, $package, bb2_konqueror($package));
+ require_once(BB2_CORE . "/browser.inc.php");
+ if ($r = bb2_konqueror($package)) return $r;
} elseif (stripos($ua, "Opera") !== FALSE) {
$package['is_browser'] = true;
- require_once(BB2_CORE . "/opera.inc.php");
- bb2_test($settings, $package, bb2_opera($package));
+ require_once(BB2_CORE . "/browser.inc.php");
+ if ($r = bb2_opera($package)) return $r;
} elseif (stripos($ua, "Safari") !== FALSE) {
$package['is_browser'] = true;
- require_once(BB2_CORE . "/safari.inc.php");
- bb2_test($settings, $package, bb2_safari($package));
+ require_once(BB2_CORE . "/browser.inc.php");
+ if ($r = bb2_safari($package)) return $r;
} elseif (stripos($ua, "Lynx") !== FALSE) {
$package['is_browser'] = true;
- require_once(BB2_CORE . "/lynx.inc.php");
- bb2_test($settings, $package, bb2_lynx($package));
+ require_once(BB2_CORE . "/browser.inc.php");
+ if ($r = bb2_lynx($package)) return $r;
} elseif (stripos($ua, "MovableType") !== FALSE) {
require_once(BB2_CORE . "/movabletype.inc.php");
- bb2_test($settings, $package, bb2_movabletype($package));
- } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
- require_once(BB2_CORE . "/msnbot.inc.php");
- bb2_test($settings, $package, bb2_msnbot($package));
- } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
- require_once(BB2_CORE . "/google.inc.php");
- bb2_test($settings, $package, bb2_google($package));
+ if ($r = bb2_movabletype($package)) return $r;
} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
$package['is_browser'] = true;
- require_once(BB2_CORE . "/mozilla.inc.php");
- bb2_test($settings, $package, bb2_mozilla($package));
+ require_once(BB2_CORE . "/browser.inc.php");
+ if ($r = bb2_mozilla($package)) return $r;
}
// More intensive screening applies to POST requests
if (!strcasecmp('POST', $package['request_method'])) {
require_once(BB2_CORE . "/post.inc.php");
- bb2_test($settings, $package, bb2_post($settings, $package));
+ if ($r = bb2_post($settings, $package)) return $r;
}
}
@@ -205,6 +213,5 @@
// And that's about it.
bb2_approved($settings, $package);
- return true;
+ return false;
}
-?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/functions.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -2,6 +2,11 @@
// Miscellaneous helper functions.
+// Quick and dirty check for an IPv6 address
+function is_ipv6($address) {
+ return (strpos($address, ":")) ? TRUE : FALSE;
+}
+
// stripos() needed because stripos is only present on PHP 5
if (!function_exists('stripos')) {
function stripos($haystack,$needle,$offset = 0) {
@@ -41,6 +46,7 @@
foreach ($cidr as $cidrlet) {
if (match_cidr($addr, $cidrlet)) {
$output = true;
+ break;
}
}
} else {
@@ -52,6 +58,10 @@
return $output;
}
+// Determine if an IP address is reserved by RFC 1918.
+function is_rfc1918($addr) {
+ return match_cidr($addr, array("10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"));
+}
// Obtain all the HTTP headers.
// NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
// headers. Run PHP as Apache 2.0 module if possible for best results.
@@ -59,12 +69,10 @@
if (!is_callable('getallheaders')) {
$headers = array();
foreach ($_SERVER as $h => $v)
- if (ereg('HTTP_(.+)', $h, $hp))
+ if (preg_match('/HTTP_(.+)/', $h, $hp))
$headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
} else {
$headers = getallheaders();
}
return $headers;
}
-
-?>
Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/google.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Googlebot
-
-function bb2_google($package)
-{
- if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
- return "f1182195";
- }
- return false;
-}
-
-?>
Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/housekeeping.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,16 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_housekeeping($settings, $package)
-{
- // FIXME Yes, the interval's hard coded (again) for now.
- $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
- bb2_db_query($query);
-
- // Waste a bunch more of the spammer's time, sometimes.
- if (rand(1,1000) == 1) {
- $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
- bb2_db_query($query);
- }
-}
-
-?>
Added: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/index.html
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/index.html (rev 0)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/index.html 2012-02-22 05:08:44 UTC (rev 7172)
@@ -0,0 +1 @@
+Viewing directory contents is not permitted.
Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/konqueror.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,17 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Konqueror
-
-function bb2_konqueror($package)
-{
- // CafeKelsa is a dev project at Yahoo which indexes job listings for
- // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
- if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
- }
- return false;
-}
-
-?>
Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/lynx.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Lynx
-
-function bb2_lynx($package)
-{
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
- return false;
-}
-
-?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/movabletype.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -10,5 +10,3 @@
}
return false;
}
-
-?>
Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/mozilla.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,19 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Mozilla
-
-function bb2_mozilla($package)
-{
- // First off, workaround for Google Desktop, until they fix it FIXME
- // Google Desktop fixed it, but apparently some old versions are
- // still out there. :(
- // Always check accept header for Mozilla user agents
- if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
- }
- return false;
-}
-
-?>
Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msie.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,26 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be MSIE
-
-function bb2_msie($package)
-{
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
-
- // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
- if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
- return "a1084bad";
- }
-
- // MSIE does NOT send Connection: TE but Akamai does
- // Bypass this test when Akamai detected
- // The latest version of IE for Windows CE also uses Connection: TE
- if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
- return "2b90f772";
- }
-
- return false;
-}
-
-?>
Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/msnbot.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be msnbot
-
-function bb2_msnbot($package)
-{
- if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
- return "e4de0453";
- }
- return false;
-}
-
-?>
Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/opera.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Opera
-
-function bb2_opera($package)
-{
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
- return false;
-}
-
-?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/post.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,13 +1,36 @@
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+// Specialized screening for trackbacks
+function bb2_trackback($package)
+{
+ // Web browsers don't send trackbacks
+ if ($package['is_browser']) {
+ return 'f0dcb3fd';
+ }
+
+ // Proxy servers don't send trackbacks either
+ if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
+ return 'd60b87c7';
+ }
+
+ // Fake WordPress trackbacks
+ // Real ones do not contain Accept:, and have a charset defined
+ // Real WP trackbacks may contain Accept: depending on the HTTP
+ // transport being used by the sending host
+ if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
+ if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
+ return 'e3990b47';
+ }
+ }
+ return false;
+}
+
// All tests which apply specifically to POST requests
function bb2_post($settings, $package)
{
// Check blackhole lists for known spam/malicious activity
- // LifeType mod by pwestbro: dns blacklist checks can be done in the
- // dnsantispam plugin.
- // require_once(BB2_CORE . "/blackhole.inc.php");
- // bb2_test($settings, $package, bb2_blackhole($package));
+ // require_once(BB2_CORE . "/blackhole.inc.php");
+ // if ($r = bb2_blackhole($package)) return $r;
// MovableType needs specialized screening
if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
@@ -19,7 +42,6 @@
// Trackbacks need special screening
$request_entity = $package['request_entity'];
if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
- require_once(BB2_CORE . "/trackback.inc.php");
return bb2_trackback($package);
}
@@ -32,7 +54,7 @@
}
// If Referer exists, it should refer to a page on our site
- if ($settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
+ if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
return "cd361abb";
}
@@ -55,10 +77,8 @@
// if ($screener + 5 > time())
// return "408d7e72";
// Posting too slow? 48 hr
- // LifeType mod by jondaley: since pages can be cached, the cookie might not be updated
- // and this can get tripped incorrectly
- // if ($screener + 172800 < time())
- // return "b40c8ddc";
+ if ($screener + 172800 < time())
+ return "b40c8ddc";
// Screen by IP address
$ip = ip2long($package['ip']);
@@ -80,5 +100,3 @@
return false;
}
-
-?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/responses.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -19,6 +19,8 @@
'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
'69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
'6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
+ '70e45496' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User agent claimed to be CloudFlare, claim appears false'),
+ '71436a15' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Yahoo, claim appears to be false'),
'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
'7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
@@ -28,6 +30,7 @@
'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
+ 'b0924802' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by malicious software on your computer.', 'log' => 'Incorrect form of HTTP/1.0 Keep-Alive'),
'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
@@ -46,4 +49,3 @@
if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
return array('00000000');
}
-?>
Added: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/roundtripdns.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/roundtripdns.inc.php (rev 0)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/roundtripdns.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -0,0 +1,20 @@
+<?php if (!defined('BB2_CORE')) die("I said no cheating!");
+
+# Round trip DNS verification
+
+# Returns TRUE if DNS matches; FALSE on mismatch
+# Returns $ip if an error occurs
+# TODO: Not IPv6 safe
+# FIXME: Returns false on DNS server failure; PHP provides no distinction
+# between no records and error condition
+function bb2_roundtripdns($ip,$domain)
+{
+ if (@is_ipv6($ip)) return $ip;
+
+ $host = gethostbyaddr($ip);
+ $host_result = strpos(strrev($host), strrev($domain));
+ if ($host_result === false || $host_result > 0) return false;
+ $addrs = gethostbynamel($host);
+ if (in_array($ip, $addrs)) return true;
+ return false;
+}
Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/safari.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Safari
-
-function bb2_safari($package)
-{
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
- return false;
-}
-
-?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/screener.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -60,4 +60,3 @@
bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
}
-?>
Added: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/searchengine.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/searchengine.inc.php (rev 0)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/searchengine.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -0,0 +1,45 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+require_once(BB2_CORE . "/roundtripdns.inc.php");
+
+// Analyze user agents claiming to be Googlebot
+
+function bb2_google($package)
+{
+ if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === FALSE) {
+ return "f1182195";
+ }
+# Disabled due to http://bugs.php.net/bug.php?id=53092
+# if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
+# return "f1182195";
+# }
+ return false;
+}
+
+// Analyze user agents claiming to be msnbot
+
+function bb2_msnbot($package)
+{
+ if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
+ return "e4de0453";
+ }
+# Disabled due to http://bugs.php.net/bug.php?id=53092
+# if (!bb2_roundtripdns($package['ip'], "msn.com")) {
+# return "e4de0453";
+# }
+ return false;
+}
+
+// Analyze user agents claiming to be Yahoo!
+
+function bb2_yahoo($package)
+{
+ if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
+ return '71436a15';
+ }
+# Disabled due to http://bugs.php.net/bug.php?id=53092
+# if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
+# return "71436a15";
+# }
+ return false;
+}
Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/trackback.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,28 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Specialized screening for trackbacks
-function bb2_trackback($package)
-{
- // Web browsers don't send trackbacks
- if ($package['is_browser']) {
- return 'f0dcb3fd';
- }
-
- // Proxy servers don't send trackbacks either
- if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
- return 'd60b87c7';
- }
-
- // Fake WordPress trackbacks
- // Real ones do not contain Accept:, and have a charset defined
- // Real WP trackbacks may contain Accept: depending on the HTTP
- // transport being used by the sending host
- if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
- if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
- return 'e3990b47';
- }
- }
- return false;
-}
-
-?>
Deleted: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/version.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -1,3 +0,0 @@
-<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.0.36");
-?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/bad-behavior/whitelist.inc.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -2,82 +2,28 @@
function bb2_whitelist($package)
{
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+ $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
- // are 100% CERTAIN that you should.
-
- // IP address ranges use the CIDR format.
-
- // Includes four examples of whitelisting by IP address and netblock.
- $bb2_whitelist_ip_ranges = array(
- "64.191.203.34", // Digg whitelisted as of 2.0.12
- "208.67.217.130", // Digg whitelisted as of 2.0.12
- "10.0.0.0/8",
- "172.16.0.0/12",
- "192.168.0.0/16",
-// "127.0.0.1",
- );
-
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
- // are 100% CERTAIN that you should.
-
- // You should not whitelist search engines by user agent. Use the IP
- // netblock for the search engine instead. See http://whois.arin.net/
- // to locate the netblocks for an IP.
-
- // User agents are matched by exact match only.
-
- // Includes one example of whitelisting by user agent.
- // All are commented out.
- $bb2_whitelist_user_agents = array(
- // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
- );
-
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
- // are 100% CERTAIN that you should.
-
- // URLs are matched from the first / after the server name up to,
- // but not including, the ? (if any).
-
- // Includes two examples of whitelisting by URL.
- $bb2_whitelist_urls = array(
- // "/example.php",
- // "/openid/server",
- );
-
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
-
- // Do not edit below this line
-
- if (!empty($bb2_whitelist_ip_ranges)) {
- foreach ($bb2_whitelist_ip_ranges as $range) {
+ if (@!empty($whitelists['ip'])) {
+ foreach ($whitelists['ip'] as $range) {
if (match_cidr($package['ip'], $range)) return true;
}
}
- if (!empty($bb2_whitelist_user_agents)) {
- foreach ($bb2_whitelist_user_agents as $user_agent) {
+ if (@!empty($whitelists['useragent'])) {
+ foreach ($whitelists['useragent'] as $user_agent) {
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
}
}
- if (!empty($bb2_whitelist_urls)) {
+ if (@!empty($whitelists['url'])) {
if (strpos($package['request_uri'], "?") === FALSE) {
$request_uri = $package['request_uri'];
} else {
- $request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
+ $request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
}
- foreach ($bb2_whitelist_urls as $url) {
- if (!strcmp($request_uri, $url)) return true;
+ foreach ($whitelists['url'] as $url) {
+ $pos = strpos($request_uri, $url);
+ if ($pos !== false && $pos == 0) return true;
}
}
return false;
}
-
-?>
Modified: plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php
===================================================================
--- plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php 2012-02-22 01:36:29 UTC (rev 7171)
+++ plog/branches/lifetype-1.2/plugins/badbehavior/pluginbadbehavior.class.php 2012-02-22 05:08:44 UTC (rev 7172)
@@ -20,7 +20,7 @@
$this->desc = "Bad Behavior for LifeType";
$this->author = "The Lifetype Project";
$this->db =& Db::getDb();
- $this->version = "20100130";
+ $this->version = "20120222";
$config =& Config::getConfig();
$prefix = Db::getPrefix();
More information about the pLog-svn
mailing list