Bad Behavior - Version 2.0.19

Version Description

Release Info

Developer	error
Plugin	Bad Behavior
Version	2.0.19
Comparing to
See all releases

Code changes from version 2.0.18 to 2.0.19

Files changed (6) hide show

README.txt +2 -2
bad-behavior-wordpress-admin.php +107 -0
bad-behavior-wordpress.php +2 -1
bad-behavior/common_tests.inc.php +1 -1
bad-behavior/responses.inc.php +2 -2
bad-behavior/version.inc.php +1 -1

README.txt CHANGED Viewed

	@@ -2,9 +2,9 @@
2	Tags: comment,trackback,referrer,spam,robot,antispam
3	Contributors: error, MarkJaquith, Firas, skeltoac
4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5	- Requires at least: 1.2
6	Tested up to: 2.6
7	- Stable tag: 2.0.18
8
9	Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10	content management system free of link spam. Bad Behavior is a PHP-based


2	Tags: comment,trackback,referrer,spam,robot,antispam
3	Contributors: error, MarkJaquith, Firas, skeltoac
4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5	+ Requires at least: 1.5
6	Tested up to: 2.6
7	+ Stable tag: 2.0.19
8
9	Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10	content management system free of link spam. Bad Behavior is a PHP-based

bad-behavior-wordpress-admin.php CHANGED Viewed

@@ -1,5 +1,7 @@
             <?php if (!defined('BB2_CORE')) die('I said no cheating!');
             function bb2_admin_pages() {
             	if (function_exists('current_user_can')) {
             		// The new 2.x way
@@ -16,7 +18,112 @@ function bb2_admin_pages() {
             	if ($bb2_is_admin) {
             		add_options_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_options', 'bb2_options');
+            	}
+            }
             function bb2_options()


1	<?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
3	+ require_once("bad-behavior/responses.inc.php");
4	+
5	function bb2_admin_pages() {
6	if (function_exists('current_user_can')) {
7	// The new 2.x way

18
19	if ($bb2_is_admin) {
20	add_options_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_options', 'bb2_options');
21	+ add_management_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_manage', 'bb2_manage');
22	+ }
23	+ }
24	+
25	+ function bb2_clean_log_link($uri) {
26	+ foreach (array("paged", "ip", "key", "blocked", "request_method", "user_agent") as $arg) {
27	+ $uri = remove_query_arg($arg, $uri);
28	+ }
29	+ return $uri;
30	+ }
31	+
32	+ function bb2_manage() {
33	+ global $wpdb;
34	+
35	+ $request_uri = $_SERVER["REQUEST_URI"];
36	+ $settings = bb2_read_settings();
37	+ $rows_per_page = 100;
38	+ $where = "";
39	+
40	+ // Get query variables desired by the user
41	+ $paged = 0 + $_GET['paged']; if (!$paged) $paged = 1;
42	+ if ($_GET['key']) $where .= "AND `key` = '" . $wpdb->escape($_GET['key']) . "' ";
43	+ if ($_GET['blocked']) $where .= "AND `key` != '00000000' ";
44	+ if ($_GET['ip']) $where .= "AND `ip` = '" . $wpdb->escape($_GET['ip']) . "' ";
45	+ if ($_GET['user_agent']) $where .= "AND `user_agent` = '" . $wpdb->escape($_GET['user_agent']) . "' ";
46	+ if ($_GET['request_method']) $where .= "AND `request_method` = '" . $wpdb->escape($_GET['request_method']) . "' ";
47	+
48	+ // Query the DB based on variables selected
49	+ $r = bb2_db_query("SELECT COUNT(*) FROM `" . $settings['log_table']);
50	+ $results = bb2_db_rows($r);
51	+ $totalcount = $results[0]["COUNT(*)"];
52	+ $r = bb2_db_query("SELECT COUNT(*) FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where);
53	+ $results = bb2_db_rows($r);
54	+ $count = $results[0]["COUNT(*)"];
55	+ $pages = ceil($count / 100);
56	+ $r = bb2_db_query("SELECT * FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where . "ORDER BY `date` DESC LIMIT " . ($paged - 1) * $rows_per_page . "," . $rows_per_page);
57	+ $results = bb2_db_rows($r);
58	+
59	+ // Display rows to the user
60	+ ?>
61	+ <div class="wrap">
62	+ <h2><?php _e("Bad Behavior"); ?></h2>
63	+ <form method="post" action="<?php echo $request_uri; ?>">
64	+ <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
65	+ <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
66	+
67	+ <div class="tablenav">
68	+ <?php
69	+ $page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
70	+ if ($page_links) echo "<div class=\"tablenav-pages\">$page_links</div>\n";
71	+ ?>
72	+ <div class="alignleft">
73	+ <?php if ($count < $totalcount): ?>
74	+ Displaying <strong><?php echo $count; ?></strong> of <strong><?php echo $totalcount; ?></strong> records filtered by:<br/>
75	+ <?php if ($_GET['ip']) echo "IP [<a href=\"" . remove_query_arg(array("paged", "ip"), $request_uri) . "\">X</a>] "; ?>
76	+ <?php if ($_GET['key']) echo "Status [<a href=\"" . remove_query_arg(array("paged", "key"), $request_uri) . "\">X</a>] "; ?>
77	+ <?php if ($_GET['blocked']) echo "Blocked [<a href=\"" . remove_query_arg(array("paged", "blocked"), $request_uri) . "\">X</a>] "; ?>
78	+ <?php if ($_GET['user_agent']) echo "User Agent [<a href=\"" . remove_query_arg(array("paged", "user_agent"), $request_uri) . "\">X</a>] "; ?>
79	+ <?php if ($_GET['request_method']) echo "GET/POST [<a href=\"" . remove_query_arg(array("paged", "request_method"), $request_uri) . "\">X</a>] "; ?>
80	+ <?php else: ?>
81	+ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
82	+ <?php endif; ?>
83	+ <?php if (!$_GET['key'] && !$_GET['blocked']) { ?><a href="<?php add_query_arg("blocked", "true", remove_query_arg("paged", $request_uri)); ?>">Show Blocked</a><?php } ?>
84	+ </div>
85	+ </div>
86	+
87	+ <table class="widefat">
88	+ <thead>
89	+ <tr>
90	+ <th scope="col" class="check-column"><input type="checkbox" onclick="checkAll(document.getElementById('request-filter'));" /></th>
91	+ <th scope="col"><?php _e("IP/Date/Status"); ?></th>
92	+ <th scope="col"><?php _e("Headers"); ?></th>
93	+ <th scope="col"><?php _e("Entity"); ?></th>
94	+ </tr>
95	+ </thead>
96	+ <tbody>
97	+ <?php
98	+ $alternate = 0;
99	+ foreach ($results as $result) {
100	+ $key = bb2_get_response($result["key"]);
101	+ $alternate++;
102	+ if ($alternate % 2) {
103	+ echo "<tr id=\"request-" . $result["id"] . "\" valign=\"top\">\n";
104	+ } else {
105	+ echo "<tr id=\"request-" . $result["id"] . "\" class=\"alternate\" valign=\"top\">\n";
106	+ }
107	+ echo "<th scope=\"row\" class=\"check-column\"><input type=\"checkbox\" name=\"submit[]\" value=\"" . $result["id"] . "\" /></th>\n";
108	+ echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/><br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a></td>\n";
109	+ echo "<td>" . str_replace(array($result['user_agent'], $result['request_method'], "\n"), array("<a href=\"" . add_query_arg("user_agent", $result["user_agent"], remove_query_arg("paged", $request_uri)) . "\">" . $result["user_agent"] . "</a>", "<a href=\"" . add_query_arg("request_method" , $result["request_method"], remove_query_arg("paged", $request_uri)) . "\">" . $result["request_method"] . "</a>", "<br/>\n"), $result["http_headers"]) . "</td>\n";
110	+ echo "<td>" . str_replace("\n", "<br/>\n", $result["request_entity"]) . "</td>\n";
111	+ echo "</tr>\n";
112	}
113	+ ?>
114	+ </tbody>
115	+ </table>
116	+ <div class="tablenav">
117	+ <?php
118	+ $page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
119	+ if ($page_links) echo "<div class=\"tablenav-pages\">$page_links</div>\n";
120	+ ?>
121	+ <div class="alignleft">
122	+ </div>
123	+ </div>
124	+ </form>
125	+ </div>
126	+ <?php
127	}
128
129	function bb2_options()

bad-behavior-wordpress.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/*
3	Plugin Name: Bad Behavior
4	- Version: 2.0.18
5	Description: Deny automated spambots access to your PHP-based Web site.
6	Plugin URI: http://www.bad-behavior.ioerror.us/
7	Author: Michael Hampton
	@@ -160,6 +160,7 @@ require_once(BB2_CWD . "/bad-behavior/core.inc.php");
160	bb2_install(); // FIXME: see above
161
162	if (is_admin() \|\| strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge

163	require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
164	}
165


1	<?php
2	/*
3	Plugin Name: Bad Behavior
4	+ Version: 2.0.19
5	Description: Deny automated spambots access to your PHP-based Web site.
6	Plugin URI: http://www.bad-behavior.ioerror.us/
7	Author: Michael Hampton

160	bb2_install(); // FIXME: see above
161
162	if (is_admin() \|\| strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge
163	+ wp_enqueue_script("admin-forms");
164	require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
165	}
166

bad-behavior/common_tests.inc.php CHANGED Viewed

	@@ -116,7 +116,7 @@ function bb2_misc_headers($settings, $package)
116	}
117
118	// "uk" is not a language (ISO 639) nor a country (ISO 3166)
119	- if (~~ereg~~('/\buk\b/', $package['headers_mixed']['Accept-Language'])) {
120	return "35ea7ffa";
121	}
122


116	}
117
118	// "uk" is not a language (ISO 639) nor a country (ISO 3166)
119	+ if (preg_match('/\buk\b/', $package['headers_mixed']['Accept-Language'])) {
120	return "35ea7ffa";
121	}
122

bad-behavior/responses.inc.php CHANGED Viewed

	@@ -4,13 +4,13 @@
4
5	function bb2_get_response($key) {
6	$bb2_responses = array(
7	- '00000000' => array('response' => 200, 'explanation' => '', 'log' => ''),
8	'136673cd' => array('response' => 403, 'explanation' => 'Your Internet Protocol address is listed on a blacklist of addresses involved in malicious or illegal activity. See the listing below for more details on specific blacklists and removal procedures.', 'log' => 'IP address found on external blacklist'),
9	'17566707' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
10	'17f4e8c8' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent was found on blacklist'),
11	'21f11d3f' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a mobile Web device, but you do not actually appear to be a mobile Web device.', 'log' => 'User-Agent claimed to be AvantGo, claim appears false'),
12	'2b90f772' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. If you are using the Opera browser, then Opera must appear in your user agent.', 'log' => 'Connection: TE present, not supported by MSIE'),
13	- '35ea7ffa' => array('response' => 403, 'explanation' => '', ~~'logYou~~ do not have permission to access this server. Check your browser\'s language and locale settings.' => 'Invalid language specified'),
14	'408d7e72' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST comes too quickly after GET'),
15	'41feed15' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server. Bypass the proxy server and connect directly, or contact your proxy server administrator.', 'log' => 'Header \'Pragma\' without \'Cache-Control\' prohibited for HTTP/1.1 requests'),
16	'45b35e30' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' is corrupt'),


4
5	function bb2_get_response($key) {
6	$bb2_responses = array(
7	+ '00000000' => array('response' => 200, 'explanation' => '', 'log' => 'Permitted'),
8	'136673cd' => array('response' => 403, 'explanation' => 'Your Internet Protocol address is listed on a blacklist of addresses involved in malicious or illegal activity. See the listing below for more details on specific blacklists and removal procedures.', 'log' => 'IP address found on external blacklist'),
9	'17566707' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
10	'17f4e8c8' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent was found on blacklist'),
11	'21f11d3f' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a mobile Web device, but you do not actually appear to be a mobile Web device.', 'log' => 'User-Agent claimed to be AvantGo, claim appears false'),
12	'2b90f772' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. If you are using the Opera browser, then Opera must appear in your user agent.', 'log' => 'Connection: TE present, not supported by MSIE'),
13	+ '35ea7ffa' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Check your browser\'s language and locale settings.', 'log' => 'Invalid language specified'),
14	'408d7e72' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST comes too quickly after GET'),
15	'41feed15' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server. Bypass the proxy server and connect directly, or contact your proxy server administrator.', 'log' => 'Header \'Pragma\' without \'Cache-Control\' prohibited for HTTP/1.1 requests'),
16	'45b35e30' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' is corrupt'),

bad-behavior/version.inc.php CHANGED Viewed

	@@ -1,3 +1,3 @@
1	<?php if (!defined('BB2_CWD')) die("I said no cheating!");
2	- define('BB2_VERSION', "2.0.18");
3	?>


1	<?php if (!defined('BB2_CWD')) die("I said no cheating!");
2	+ define('BB2_VERSION', "2.0.19");
3	?>