Bad Behavior - Version 2.0.21

Version Description

Release Info

Developer	error
Plugin	Bad Behavior
Version	2.0.21
Comparing to
See all releases

Code changes from version 2.0.20 to 2.0.21

Files changed (13) hide show

README.txt +8 -3
bad-behavior-generic.php +4 -1
bad-behavior-lifetype.php +10 -1
bad-behavior-mediawiki.php +4 -1
bad-behavior-wordpress-admin.php +87 -6
bad-behavior-wordpress.php +3 -3
bad-behavior/blackhole.inc.php +14 -0
bad-behavior/blacklist.inc.php +7 -2
bad-behavior/common_tests.inc.php +14 -3
bad-behavior/core.inc.php +5 -0
bad-behavior/post.inc.php +6 -1
bad-behavior/responses.inc.php +3 -0
bad-behavior/version.inc.php +1 -1

README.txt CHANGED Viewed

	@@ -2,9 +2,9 @@
2	Tags: comment,trackback,referrer,spam,robot,antispam
3	Contributors: error, MarkJaquith, Firas, skeltoac
4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5	- Requires at least: 1.5
6	- Tested up to: 2.6
7	- Stable tag: 2.0.20
8
9	Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10	content management system free of link spam. Bad Behavior is a PHP-based
	@@ -68,6 +68,11 @@ http://www.bad-behavior.ioerror.us/
68
69	* Bad Behavior may be unable to protect cached pages on MediaWiki.
70





71	* On WordPress when using WordPress Advanced Cache (WP-Cache) or WP-Super
72	Cache, Bad Behavior requires a patch to WP-Cache 2 in order to protect
73	cached pages.


2	Tags: comment,trackback,referrer,spam,robot,antispam
3	Contributors: error, MarkJaquith, Firas, skeltoac
4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5	+ Requires at least: 2.1
6	+ Tested up to: 2.7
7	+ Stable tag: 2.0.21
8
9	Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10	content management system free of link spam. Bad Behavior is a PHP-based

68
69	* Bad Behavior may be unable to protect cached pages on MediaWiki.
70
71	+ * When upgrading from version 2.0.19 or prior on MediaWiki and WordPress,
72	+ you must remove the old version of Bad Behavior from your system manually
73	+ before manually installing the new version. Other platforms are not
74	+ affected by this issue.
75	+
76	* On WordPress when using WordPress Advanced Cache (WP-Cache) or WP-Super
77	Cache, Bad Behavior requires a patch to WP-Cache 2 in order to protect
78	cached pages.

bad-behavior-generic.php CHANGED Viewed

	@@ -37,7 +37,10 @@ $bb2_settings_defaults = array(
37	'display_stats' => true,
38	'strict' => false,
39	'verbose' => false,
40	- 'logging' => true



41	);
42
43	// Bad Behavior callback functions.


37	'display_stats' => true,
38	'strict' => false,
39	'verbose' => false,
40	+ 'logging' => true,
41	+ 'httpbl_key' => '',
42	+ 'httpbl_threat' => '25',
43	+ 'httpbl_maxage' => '30',
44	);
45
46	// Bad Behavior callback functions.

bad-behavior-lifetype.php CHANGED Viewed

	@@ -102,12 +102,18 @@
102	$verbose = $config->getValue( 'bb2_verbose', false );
103	$isInstalled = $config->getValue( 'bb2_installed', false );
104	$logging = $config->getValue( 'bb2_logging', true );



105
106	return array('log_table' => $prefix . $logTable,
107	'display_stats' => $displayStats,
108	'strict' => $strict,
109	'verbose' => $verbose,
110	'logging' => $logging,



111	'is_installed' => $isInstalled );
112	}
113
	@@ -119,6 +125,9 @@
119	$config->setValue( 'bb2_display_stats', $settings['display_stats'] );
120	$config->setValue( 'bb2_strict', $settings['strict'] );
121	$config->setValue( 'bb2_verbose', $settings['verbose'] );



122	$config->setValue( 'bb2_installed', $settings['is_installed'] );
123	$config->save();
124	}
	@@ -160,4 +169,4 @@
160	$bb2_mtime = explode(" ", microtime());
161	$bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
162	$bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
163	- ?>


102	$verbose = $config->getValue( 'bb2_verbose', false );
103	$isInstalled = $config->getValue( 'bb2_installed', false );
104	$logging = $config->getValue( 'bb2_logging', true );
105	+ $httpbl_key = $config->getValue( 'bb2_httpbl_key', '' );
106	+ $httpbl_threat = $config->getValue( 'bb2_httpbl_threat', '25' );
107	+ $httpbl_maxage = $config->getValue( 'bb2_httpbl_maxage', '30' );
108
109	return array('log_table' => $prefix . $logTable,
110	'display_stats' => $displayStats,
111	'strict' => $strict,
112	'verbose' => $verbose,
113	'logging' => $logging,
114	+ 'httpbl_key' => $httpbl_key,
115	+ 'httpbl_threat' => $httpbl_threat,
116	+ 'httpbl_maxage' => $httpbl_maxage,
117	'is_installed' => $isInstalled );
118	}
119

125	$config->setValue( 'bb2_display_stats', $settings['display_stats'] );
126	$config->setValue( 'bb2_strict', $settings['strict'] );
127	$config->setValue( 'bb2_verbose', $settings['verbose'] );
128	+ $config->setValue( 'bb2_httpbl_key', $settings['httpbl_key'] );
129	+ $config->setValue( 'bb2_httpbl_threat', $settings['httpbl_threat'] );
130	+ $config->setValue( 'bb2_httpbl_maxage', $settings['httpbl_maxage'] );
131	$config->setValue( 'bb2_installed', $settings['is_installed'] );
132	$config->save();
133	}

169	$bb2_mtime = explode(" ", microtime());
170	$bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
171	$bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
172	+ ?>

bad-behavior-mediawiki.php CHANGED Viewed

	@@ -30,7 +30,10 @@ $bb2_settings_defaults = array(
30	'display_stats' => true,
31	'strict' => false,
32	'verbose' => false,
33	- 'logging' => true



34	);
35
36	define('BB2_CWD', dirname(__FILE__));


30	'display_stats' => true,
31	'strict' => false,
32	'verbose' => false,
33	+ 'logging' => true,
34	+ 'httpbl_key' => '',
35	+ 'httpbl_threat' => '25',
36	+ 'httpbl_maxage' => '30',
37	);
38
39	define('BB2_CWD', dirname(__FILE__));

bad-behavior-wordpress-admin.php CHANGED Viewed

@@ -19,6 +19,7 @@ function bb2_admin_pages() {
             	if ($bb2_is_admin) {
             		add_options_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_options', 'bb2_options');
             		add_management_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_manage', 'bb2_manage');
+            	}
+            }
@@ -29,6 +30,57 @@ function bb2_clean_log_link($uri) {
             	return $uri;
+            }
             function bb2_manage() {
             	global $wpdb;
@@ -37,7 +89,7 @@ function bb2_manage() {
             	$rows_per_page = 100;
             	$where = "";
-            -
            	// Get query variables desired by the user
             	$paged = 0 + $_GET['paged']; if (!$paged) $paged = 1;
             	if ($_GET['key']) $where .= "AND `key` = '" . $wpdb->escape($_GET['key']) . "' ";
             	if ($_GET['blocked']) $where .= "AND `key` != '00000000' ";
@@ -72,9 +124,9 @@ function bb2_manage() {
             <div class="alignleft">
             <?php if ($count < $totalcount): ?>
             Displaying <strong><?php echo $count; ?></strong> of <strong><?php echo $totalcount; ?></strong> records filtered by:<br/>
-            -
            <?php if ($_GET['ip']) echo "IP [<a href=\"" . remove_query_arg(array("paged", "ip"), $request_uri) . "\">X</a>] "; ?>
             <?php if ($_GET['key']) echo "Status [<a href=\"" . remove_query_arg(array("paged", "key"), $request_uri) . "\">X</a>] "; ?>
             <?php if ($_GET['blocked']) echo "Blocked [<a href=\"" . remove_query_arg(array("paged", "blocked"), $request_uri) . "\">X</a>] "; ?>
             <?php if ($_GET['user_agent']) echo "User Agent [<a href=\"" . remove_query_arg(array("paged", "user_agent"), $request_uri) . "\">X</a>] "; ?>
             <?php if ($_GET['request_method']) echo "GET/POST [<a href=\"" . remove_query_arg(array("paged", "request_method"), $request_uri) . "\">X</a>] "; ?>
             <?php else: ?>
@@ -96,7 +148,7 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
             	<tbody>
             <?php
             	$alternate = 0;
-            -
            	foreach ($results as $result) {
             		$key = bb2_get_response($result["key"]);
             		$alternate++;
             		if ($alternate % 2) {
@@ -105,9 +157,15 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
             			echo "<tr id=\"request-" . $result["id"] . "\" class=\"alternate\" valign=\"top\">\n";
+            		}
             		echo "<th scope=\"row\" class=\"check-column\"><input type=\"checkbox\" name=\"submit[]\" value=\"" . $result["id"] . "\" /></th>\n";
-            -
            		echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/><br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a></td>\n";
-            -
            		echo "<td>" . str_replace(array($result['user_agent'], $result['request_method'], "\n"), array("<a href=\"" . add_query_arg("user_agent", $result["user_agent"], remove_query_arg("paged", $request_uri)) . "\">" . $result["user_agent"] . "</a>", "<a href=\"" . add_query_arg("request_method" , $result["request_method"], remove_query_arg("paged", $request_uri)) . "\">" . $result["request_method"] . "</a>", "<br/>\n"), htmlspecialchars($result["http_headers"])) . "</td>\n";
-            -
            		echo "<td>" . htmlspecialchars(str_replace("\n", "<br/>\n", $result["request_entity"])) . "</td>\n";
             		echo "</tr>\n";
+            	}
             ?>
@@ -161,6 +219,21 @@ function bb2_options()
             			$settings['verbose'] = false;
             			$settings['logging'] = false;
+            		}
             		bb2_write_settings($settings);
             ?>
             	<div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
@@ -191,6 +264,14 @@ function bb2_options()
             	<tr><td><label><input type="checkbox" name="strict" value="true" <?php if ($settings['strict']) { ?>checked="checked" <?php } ?>/> <?php _e('Strict checking (blocks more spam but may block some people)'); ?></label></td></tr>
             	</table>
             	<p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
             	</form>
             	</div>


19	if ($bb2_is_admin) {
20	add_options_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_options', 'bb2_options');
21	add_management_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_manage', 'bb2_manage');
22	+ @session_start();
23	}
24	}
25

30	return $uri;
31	}
32
33	+ function bb2_httpbl_lookup($ip) {
34	+ $engines = array(
35	+ 2 => "Bloglines",
36	+ 5 => "Googlebot",
37	+ 8 => "msnbot",
38	+ 9 => "Yahoo! Slurp",
39	+ );
40	+ $settings = bb2_read_settings();
41	+ $httpbl_key = $settings['httpbl_key'];
42	+ if (!$httpbl_key) return false;
43	+
44	+ $r = $_SESSION['httpbl'][$ip];
45	+ $d = "";
46	+ if (!$r) { // Lookup
47	+ $find = implode('.', array_reverse(explode('.', $ip)));
48	+ $result = gethostbynamel("${httpbl_key}.${find}.dnsbl.httpbl.org.");
49	+ if (!empty($result)) {
50	+ $r = $result[0];
51	+ $_SESSION['httpbl'][$ip] = $r;
52	+ }
53	+ }
54	+ if ($r) { // Interpret
55	+ $ip = explode('.', $r);
56	+ if ($ip[0] == 127) {
57	+ if ($ip[3] == 0) {
58	+ if ($engines[$ip[2]]) {
59	+ $d .= $engines[$ip[2]];
60	+ } else {
61	+ $d .= "Search engine ${ip[2]}<br/>\n";
62	+ }
63	+ }
64	+ if ($ip[3] & 1) {
65	+ $d .= "Suspicious<br/>\n";
66	+ }
67	+ if ($ip[3] & 2) {
68	+ $d .= "Harvester<br/>\n";
69	+ }
70	+ if ($ip[3] & 4) {
71	+ $d .= "Comment Spammer<br/>\n";
72	+ }
73	+ if ($ip[3] & 7) {
74	+ $d .= "Threat level ${ip[2]}<br/>\n";
75	+ }
76	+ if ($ip[3] > 0) {
77	+ $d .= "Age ${ip[1]} days<br/>\n";
78	+ }
79	+ }
80	+ }
81	+ return $d;
82	+ }
83	+
84	function bb2_manage() {
85	global $wpdb;
86

89	$rows_per_page = 100;
90	$where = "";
91
92	+ // Get query variables desired by the user with input validation
93	$paged = 0 + $_GET['paged']; if (!$paged) $paged = 1;
94	if ($_GET['key']) $where .= "AND `key` = '" . $wpdb->escape($_GET['key']) . "' ";
95	if ($_GET['blocked']) $where .= "AND `key` != '00000000' ";

124	<div class="alignleft">
125	<?php if ($count < $totalcount): ?>
126	Displaying <strong><?php echo $count; ?></strong> of <strong><?php echo $totalcount; ?></strong> records filtered by:<br/>

127	<?php if ($_GET['key']) echo "Status [<a href=\"" . remove_query_arg(array("paged", "key"), $request_uri) . "\">X</a>] "; ?>
128	<?php if ($_GET['blocked']) echo "Blocked [<a href=\"" . remove_query_arg(array("paged", "blocked"), $request_uri) . "\">X</a>] "; ?>
129	+ <?php if ($_GET['ip']) echo "IP [<a href=\"" . remove_query_arg(array("paged", "ip"), $request_uri) . "\">X</a>] "; ?>
130	<?php if ($_GET['user_agent']) echo "User Agent [<a href=\"" . remove_query_arg(array("paged", "user_agent"), $request_uri) . "\">X</a>] "; ?>
131	<?php if ($_GET['request_method']) echo "GET/POST [<a href=\"" . remove_query_arg(array("paged", "request_method"), $request_uri) . "\">X</a>] "; ?>
132	<?php else: ?>

148	<tbody>
149	<?php
150	$alternate = 0;
151	+ if ($results) foreach ($results as $result) {
152	$key = bb2_get_response($result["key"]);
153	$alternate++;
154	if ($alternate % 2) {

157	echo "<tr id=\"request-" . $result["id"] . "\" class=\"alternate\" valign=\"top\">\n";
158	}
159	echo "<th scope=\"row\" class=\"check-column\"><input type=\"checkbox\" name=\"submit[]\" value=\"" . $result["id"] . "\" /></th>\n";
160	+ $httpbl = bb2_httpbl_lookup($result["ip"]);
161	+ echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/><br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
162	+ if ($httpbl) echo "<br/><br/>http:BL:<br/>$httpbl\n";
163	+ echo "</td>\n";
164	+ $headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
165	+ if (strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
166	+ if (strpos($headers, $result['request_method']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("request_method", rawurlencode($result["request_method"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['request_method'] . "</a>", strpos($headers, $result['request_method']), strlen($result['request_method']));
167	+ echo "<td>$headers</td>\n";
168	+ echo "<td>" . str_replace("\n", "<br/>\n", htmlspecialchars($result["request_entity"])) . "</td>\n";
169	echo "</tr>\n";
170	}
171	?>

219	$settings['verbose'] = false;
220	$settings['logging'] = false;
221	}
222	+ if ($_POST['httpbl_key']) {
223	+ $settings['httpbl_key'] = $_POST['httpbl_key'];
224	+ } else {
225	+ $settings['httpbl_key'] = '';
226	+ }
227	+ if ($_POST['httpbl_threat']) {
228	+ $settings['httpbl_threat'] = $_POST['httpbl_threat'];
229	+ } else {
230	+ $settings['httpbl_threat'] = '25';
231	+ }
232	+ if ($_POST['httpbl_maxage']) {
233	+ $settings['httpbl_maxage'] = $_POST['httpbl_maxage'];
234	+ } else {
235	+ $settings['httpbl_maxage'] = '30';
236	+ }
237	bb2_write_settings($settings);
238	?>
239	<div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>

264	<tr><td><label><input type="checkbox" name="strict" value="true" <?php if ($settings['strict']) { ?>checked="checked" <?php } ?>/> <?php _e('Strict checking (blocks more spam but may block some people)'); ?></label></td></tr>
265	</table>
266
267	+ <h3><?php _e('http:BL'); ?></h3>
268	+ <p>To use Bad Behavior's http:BL features you must have an <a href="http://www.projecthoneypot.org/httpbl_configure.php">http:BL Access Key</a>.</p>
269	+ <table class="form-table">
270	+ <tr><td><label><input type="text" size="12" maxlength="12" name="httpbl_key" value="<?php echo $settings['httpbl_key']; ?>" /> http:BL Access Key</label></td></tr>
271	+ <tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_threat" value="<?php echo $settings['httpbl_threat']; ?>" /> Minimum Threat Level (25 is recommended)</label></td></tr>
272	+ <tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_maxage" value="<?php echo $settings['httpbl_maxage']; ?>" /> Maximum Age of Data (30 is recommended)</label></td></tr>
273	+ </table>
274	+
275	<p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update »'); ?>" /></p>
276	</form>
277	</div>

bad-behavior-wordpress.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/*
3	Plugin Name: Bad Behavior
4	- Version: 2.0.20
5	Description: Deny automated spambots access to your PHP-based Web site.
6	Plugin URI: http://www.bad-behavior.ioerror.us/
7	Author: Michael Hampton
	@@ -106,7 +106,7 @@ function bb2_read_settings() {
106	// Add in default settings when they aren't yet present in WP
107	$settings = get_settings('bad_behavior_settings');
108	if (!$settings) $settings = array();
109	- return array_merge(array('log_table' => $wpdb->prefix . 'bad_behavior', 'display_stats' => true, 'strict' => false, 'verbose' => false, 'logging' => true), $settings);
110	}
111
112	// write settings to database
	@@ -160,7 +160,7 @@ require_once(BB2_CWD . "/bad-behavior/core.inc.php");
160	bb2_install(); // FIXME: see above
161
162	if (is_admin() \|\| strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge
163	- wp_enqueue_script("admin-forms");
164	require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
165	}
166


1	<?php
2	/*
3	Plugin Name: Bad Behavior
4	+ Version: 2.0.21
5	Description: Deny automated spambots access to your PHP-based Web site.
6	Plugin URI: http://www.bad-behavior.ioerror.us/
7	Author: Michael Hampton

106	// Add in default settings when they aren't yet present in WP
107	$settings = get_settings('bad_behavior_settings');
108	if (!$settings) $settings = array();
109	+ return array_merge(array('log_table' => $wpdb->prefix . 'bad_behavior', 'display_stats' => true, 'strict' => false, 'verbose' => false, 'logging' => true, 'httpbl_key' => '', 'httpbl_threat' => '25', 'httpbl_maxage' => '30',), $settings);
110	}
111
112	// write settings to database

160	bb2_install(); // FIXME: see above
161
162	if (is_admin() \|\| strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge
163	+ #wp_enqueue_script("admin-forms");
164	require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
165	}
166

bad-behavior/blackhole.inc.php CHANGED Viewed

@@ -34,4 +34,18 @@ function bb2_blackhole($package) {
+            	}
             	return false;
+            }
             ?>


34	}
35	return false;
36	}
37	+
38	+ function bb2_httpbl($settings, $package) {
39	+ if (!$settings['httpbl_key']) return false;
40	+
41	+ $find = implode('.', array_reverse(explode('.', $package['ip'])));
42	+ $result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org.");
43	+ if (!empty($result)) {
44	+ $ip = explode('.', $result[0]);
45	+ if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] >= $settings['httpbl_maxage']) {
46	+ return '2b021b1f';
47	+ }
48	+ }
49	+ return false;
50	+ }
51	?>

bad-behavior/blacklist.inc.php CHANGED Viewed

	@@ -10,10 +10,12 @@ function bb2_blacklist($package) {
10	"adwords", // referrer spam
11	"autoemailspider", // spam harvester
12	"blogsearchbot-martin", // from honeypot



13	"Digger", // spam harvester
14	"ecollector", // spam harvester
15	"EmailCollector", // spam harvester
16	- "Email Extractor", // spam harvester
17	"Email Siphon", // spam harvester
18	"EmailSiphon", // spam harvester
19	"grub crawler", // misc comment/email spam
	@@ -26,7 +28,7 @@ function bb2_blacklist($package) {
26	"LWP", // spambot scripts
27	"Microsoft URL", // spam harvester
28	"Missigua", // spam harvester
29	- "MJ12bot", // ~~crawls~~ ~~MUCH too fast~~
30	"Movable Type", // customised spambots
31	"Mozilla ", // malicious software
32	"Mozilla/4.0(", // from honeypot
	@@ -40,6 +42,7 @@ function bb2_blacklist($package) {
40	"PycURL", // misc comment spam
41	// "Shockwave Flash", // spam harvester
42	// WP 2.5 now has Flash; FIXME

43	"TrackBack/", // trackback spam
44	"user", // suspicious harvester
45	"User Agent: ", // spam harvester
	@@ -58,6 +61,7 @@ function bb2_blacklist($package) {
58	"compatible ; MSIE", // misc comment/email spam
59	"compatible-", // misc comment/email spam
60	"DTS Agent", // misc comment/email spam

61	"Gecko/25", // revisit this in 500 years
62	"grub-client", // search engine ignores robots.txt
63	"hanzoweb", // very badly behaved crawler
	@@ -74,6 +78,7 @@ function bb2_blacklist($package) {
74	"Windows NT 5.0;)", // wikispam bot
75	"Windows NT 5.1;)", // wikispam bot
76	"Windows XP 5", // spam harvester

77	"\\\\)", // spam harvester
78	);
79


10	"adwords", // referrer spam
11	"autoemailspider", // spam harvester
12	"blogsearchbot-martin", // from honeypot
13	+ "CherryPicker", // spam harvester
14	+ "core-project/", // FrontPage extension exploits
15	+ "Diamond", // delivers spyware/adware
16	"Digger", // spam harvester
17	"ecollector", // spam harvester
18	"EmailCollector", // spam harvester

19	"Email Siphon", // spam harvester
20	"EmailSiphon", // spam harvester
21	"grub crawler", // misc comment/email spam

28	"LWP", // spambot scripts
29	"Microsoft URL", // spam harvester
30	"Missigua", // spam harvester
31	+ "MJ12bot/v1.0.8", // malicious botnet
32	"Movable Type", // customised spambots
33	"Mozilla ", // malicious software
34	"Mozilla/4.0(", // from honeypot

42	"PycURL", // misc comment spam
43	// "Shockwave Flash", // spam harvester
44	// WP 2.5 now has Flash; FIXME
45	+ "Super Happy Fun ", // spam harvester
46	"TrackBack/", // trackback spam
47	"user", // suspicious harvester
48	"User Agent: ", // spam harvester

61	"compatible ; MSIE", // misc comment/email spam
62	"compatible-", // misc comment/email spam
63	"DTS Agent", // misc comment/email spam
64	+ "Email Extractor", // spam harvester
65	"Gecko/25", // revisit this in 500 years
66	"grub-client", // search engine ignores robots.txt
67	"hanzoweb", // very badly behaved crawler

78	"Windows NT 5.0;)", // wikispam bot
79	"Windows NT 5.1;)", // wikispam bot
80	"Windows XP 5", // spam harvester
81	+ "WordPress/4.01", // pingback spam
82	"\\\\)", // spam harvester
83	);
84

bad-behavior/common_tests.inc.php CHANGED Viewed

	@@ -20,6 +20,16 @@ function bb2_protocol($settings, $package)
20	return false;
21	}
22










23	function bb2_misc_headers($settings, $package)
24	{
25	$ua = $package['headers_mixed']['User-Agent'];
	@@ -116,9 +126,10 @@ function bb2_misc_headers($settings, $package)
116	}
117
118	// "uk" is not a language (ISO 639) nor a country (ISO 3166)
119	- if ~~(preg_match('/\buk\b/'~~, ~~$package['headers_mixed']['Accept-Language']))~~ {
120	- ~~return~~ ~~"35ea7ffa";~~
121	- }

122
123	return false;
124	}


20	return false;
21	}
22
23	+ function bb2_cookies($settings, $package)
24	+ {
25	+ // Enforce RFC 2965 sec 3.3.5 and 9.1
26	+ // Bots wanting new-style cookies should send Cookie2
27	+ if (strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists($package['headers_mixed']['Cookie2'])) {
28	+ return '6c502ff1';
29	+ }
30	+ return false;
31	+ }
32	+
33	function bb2_misc_headers($settings, $package)
34	{
35	$ua = $package['headers_mixed']['User-Agent'];

126	}
127
128	// "uk" is not a language (ISO 639) nor a country (ISO 3166)
129	+ // oops, yes it is :( Please shoot any Ukrainian spammers you see.
130	+ # if (preg_match('/\buk\b/', $package['headers_mixed']['Accept-Language'])) {
131	+ # return "35ea7ffa";
132	+ # }
133
134	return false;
135	}

bad-behavior/core.inc.php CHANGED Viewed

	@@ -137,9 +137,14 @@ function bb2_start($settings)
137	require_once(BB2_CORE . "/blacklist.inc.php");
138	bb2_test($settings, $package, bb2_blacklist($package));
139




140	// Check for common stuff
141	require_once(BB2_CORE . "/common_tests.inc.php");
142	bb2_test($settings, $package, bb2_protocol($settings, $package));

143	bb2_test($settings, $package, bb2_misc_headers($settings, $package));
144
145	// Specific checks


137	require_once(BB2_CORE . "/blacklist.inc.php");
138	bb2_test($settings, $package, bb2_blacklist($package));
139
140	+ // Check the http:BL
141	+ require_once(BB2_CORE . "/blackhole.inc.php");
142	+ bb2_test($settings, $package, bb2_httpbl($settings, $package));
143	+
144	// Check for common stuff
145	require_once(BB2_CORE . "/common_tests.inc.php");
146	bb2_test($settings, $package, bb2_protocol($settings, $package));
147	+ bb2_test($settings, $package, bb2_cookies($settings, $package));
148	bb2_test($settings, $package, bb2_misc_headers($settings, $package));
149
150	// Specific checks

bad-behavior/post.inc.php CHANGED Viewed

	@@ -24,11 +24,16 @@ function bb2_post($settings, $package)
24	// Catch a few completely broken spambots
25	foreach ($request_entity as $key => $value) {
26	$pos = strpos($key, " document.write");
27	- if ($pos !== ~~FAlSE~~) {
28	return "dfd9b1ad";
29	}
30	}
31





32	// Screen by cookie/JavaScript form add
33	if (isset($_COOKIE[BB2_COOKIE])) {
34	$screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);


24	// Catch a few completely broken spambots
25	foreach ($request_entity as $key => $value) {
26	$pos = strpos($key, " document.write");
27	+ if ($pos !== FALSE) {
28	return "dfd9b1ad";
29	}
30	}
31
32	+ // If Referer exists, it should refer to a page on our site
33	+ if (array_key_exists($package['headers_mixed']['Referer']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
34	+ return "cd361abb";
35	+ }
36	+
37	// Screen by cookie/JavaScript form add
38	if (isset($_COOKIE[BB2_COOKIE])) {
39	$screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);

bad-behavior/responses.inc.php CHANGED Viewed

	@@ -9,6 +9,7 @@ function bb2_get_response($key) {
9	'17566707' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
10	'17f4e8c8' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent was found on blacklist'),
11	'21f11d3f' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a mobile Web device, but you do not actually appear to be a mobile Web device.', 'log' => 'User-Agent claimed to be AvantGo, claim appears false'),

12	'2b90f772' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. If you are using the Opera browser, then Opera must appear in your user agent.', 'log' => 'Connection: TE present, not supported by MSIE'),
13	'35ea7ffa' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Check your browser\'s language and locale settings.', 'log' => 'Invalid language specified'),
14	'408d7e72' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST comes too quickly after GET'),
	@@ -17,6 +18,7 @@ function bb2_get_response($key) {
17	'57796684' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
18	'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
19	'69920ee5' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),

20	'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
21	'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
22	'7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
	@@ -30,6 +32,7 @@ function bb2_get_response($key) {
30	'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
31	'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
32	'c1fa729b' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Use of rotating proxy servers detected'),

33	'd60b87c7' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Trackback received via proxy server'),
34	'dfd9b1ad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Request contained a malicious JavaScript or SQL injection attack'),
35	'e4de0453' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be msnbot, claim appears to be false'),


9	'17566707' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept\' missing'),
10	'17f4e8c8' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent was found on blacklist'),
11	'21f11d3f' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a mobile Web device, but you do not actually appear to be a mobile Web device.', 'log' => 'User-Agent claimed to be AvantGo, claim appears false'),
12	+ '2b021b1f' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'IP address found on http:BL blacklist'),
13	'2b90f772' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. If you are using the Opera browser, then Opera must appear in your user agent.', 'log' => 'Connection: TE present, not supported by MSIE'),
14	'35ea7ffa' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Check your browser\'s language and locale settings.', 'log' => 'Invalid language specified'),
15	'408d7e72' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST comes too quickly after GET'),

18	'57796684' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
19	'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
20	'69920ee5' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
21	+ '6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
22	'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
23	'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
24	'7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),

32	'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
33	'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
34	'c1fa729b' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Use of rotating proxy servers detected'),
35	+ 'cd361abb' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Data may not be posted from offsite forms.', 'log' => 'Referer did not point to a form on this site'),
36	'd60b87c7' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Trackback received via proxy server'),
37	'dfd9b1ad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Request contained a malicious JavaScript or SQL injection attack'),
38	'e4de0453' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be msnbot, claim appears to be false'),

bad-behavior/version.inc.php CHANGED Viewed

	@@ -1,3 +1,3 @@
1	<?php if (!defined('BB2_CWD')) die("I said no cheating!");
2	- define('BB2_VERSION', "2.0.20");
3	?>


1	<?php if (!defined('BB2_CWD')) die("I said no cheating!");
2	+ define('BB2_VERSION', "2.0.21");
3	?>