Bad Behavior - Version 2.0.28

Version Description

Release Info

Developer	error
Plugin	Bad Behavior
Version	2.0.28
Comparing to
See all releases

Code changes from version 2.0.26 to 2.0.28

Files changed (8) hide show

README.txt +1 -1
bad-behavior-wordpress.php +1 -1
bad-behavior/blackhole.inc.php +4 -4
bad-behavior/common_tests.inc.php +2 -2
bad-behavior/core.inc.php +2 -0
bad-behavior/responses.inc.php +1 -0
bad-behavior/trackback.inc.php +8 -0
bad-behavior/version.inc.php +1 -1

README.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Contributors: error, MarkJaquith, Firas, skeltoac
4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5	Requires at least: 1.2
6	Tested up to: 2.8
7	- Stable tag: 2.0.26
8
9	Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10	content management system free of link spam. Bad Behavior is a PHP-based


4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5	Requires at least: 1.2
6	Tested up to: 2.8
7	+ Stable tag: 2.0.28
8
9	Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10	content management system free of link spam. Bad Behavior is a PHP-based

bad-behavior-wordpress.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/*
3	Plugin Name: Bad Behavior
4	- Version: 2.0.26
5	Description: Deny automated spambots access to your PHP-based Web site.
6	Plugin URI: http://www.bad-behavior.ioerror.us/
7	Author: Michael Hampton


1	<?php
2	/*
3	Plugin Name: Bad Behavior
4	+ Version: 2.0.28
5	Description: Deny automated spambots access to your PHP-based Web site.
6	Plugin URI: http://www.bad-behavior.ioerror.us/
7	Author: Michael Hampton

bad-behavior/blackhole.inc.php CHANGED Viewed

	@@ -6,10 +6,10 @@ function is_ipv6($address) {
6	}
7
8	// Look up address on various blackhole lists.
9	- // These ~~cannot~~ be used for GET requests under any circumstances!
10	function bb2_blackhole($package) {
11	// Can't use IPv6 addresses yet
12	- if (is_ipv6($package['~~REMOTE_ADDR~~'])) return;
13
14	// Only conservative lists
15	$bb2_blackhole_lists = array(
	@@ -45,9 +45,9 @@ function bb2_blackhole($package) {
45
46	function bb2_httpbl($settings, $package) {
47	// Can't use IPv6 addresses yet
48	- if (is_ipv6($package['~~REMOTE_ADDR~~'])) return;
49
50	- if (!$settings['httpbl_key']) return false;
51
52	$find = implode('.', array_reverse(explode('.', $package['ip'])));
53	$result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org.");


6	}
7
8	// Look up address on various blackhole lists.
9	+ // These should not be used for GET requests under any circumstances!
10	function bb2_blackhole($package) {
11	// Can't use IPv6 addresses yet
12	+ if (@is_ipv6($package['ip'])) return false;
13
14	// Only conservative lists
15	$bb2_blackhole_lists = array(

45
46	function bb2_httpbl($settings, $package) {
47	// Can't use IPv6 addresses yet
48	+ if (@is_ipv6($package['ip'])) return;
49
50	+ if (@!$settings['httpbl_key']) return false;
51
52	$find = implode('.', array_reverse(explode('.', $package['ip'])));
53	$result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org.");

bad-behavior/common_tests.inc.php CHANGED Viewed

	@@ -25,7 +25,7 @@ function bb2_cookies($settings, $package)
25	// Enforce RFC 2965 sec 3.3.5 and 9.1
26	// Bots wanting new-style cookies should send Cookie2
27	// FIXME: Amazon Kindle is broken; Amazon has been notified 9/24/08
28	- if (strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) {
29	return '6c502ff1';
30	}
31	return false;
	@@ -114,7 +114,7 @@ function bb2_misc_headers($settings, $package)
114
115	if (array_key_exists('Referer', $package['headers_mixed'])) {
116	// Referer, if it exists, must not be blank
117	- if (empty($package['headers_mixed'])) {
118	return "69920ee5";
119	}
120


25	// Enforce RFC 2965 sec 3.3.5 and 9.1
26	// Bots wanting new-style cookies should send Cookie2
27	// FIXME: Amazon Kindle is broken; Amazon has been notified 9/24/08
28	+ if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) {
29	return '6c502ff1';
30	}
31	return false;

114
115	if (array_key_exists('Referer', $package['headers_mixed'])) {
116	// Referer, if it exists, must not be blank
117	+ if (empty($package['headers_mixed']['Referer'])) {
118	return "69920ee5";
119	}
120

bad-behavior/core.inc.php CHANGED Viewed

	@@ -110,6 +110,8 @@ function bb2_start($settings)
110	$headers_mixed[uc_all($h)] = $v;
111	}
112


113	// We use these frequently. Keep a copy close at hand.
114	$ip = $_SERVER['REMOTE_ADDR'];
115	$request_method = $_SERVER['REQUEST_METHOD'];


110	$headers_mixed[uc_all($h)] = $v;
111	}
112
113	+ // IPv6 - IPv4 compatibility mode hack
114	+ $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
115	// We use these frequently. Keep a copy close at hand.
116	$ip = $_SERVER['REMOTE_ADDR'];
117	$request_method = $_SERVER['REQUEST_METHOD'];

bad-behavior/responses.inc.php CHANGED Viewed

	@@ -34,6 +34,7 @@ function bb2_get_response($key) {
34	'c1fa729b' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Use of rotating proxy servers detected'),
35	'cd361abb' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Data may not be posted from offsite forms.', 'log' => 'Referer did not point to a form on this site'),
36	'd60b87c7' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Trackback received via proxy server'),

37	'dfd9b1ad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Request contained a malicious JavaScript or SQL injection attack'),
38	'e4de0453' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be msnbot, claim appears to be false'),
39	'e87553e1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'I know you and I don\'t like you, dirty spammer.'),


34	'c1fa729b' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Use of rotating proxy servers detected'),
35	'cd361abb' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Data may not be posted from offsite forms.', 'log' => 'Referer did not point to a form on this site'),
36	'd60b87c7' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Trackback received via proxy server'),
37	+ 'e3990b47' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Obviously fake trackback received'),
38	'dfd9b1ad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Request contained a malicious JavaScript or SQL injection attack'),
39	'e4de0453' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be msnbot, claim appears to be false'),
40	'e87553e1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'I know you and I don\'t like you, dirty spammer.'),

bad-behavior/trackback.inc.php CHANGED Viewed

	@@ -12,6 +12,14 @@ function bb2_trackback($package)
12	if (array_key_exists('Via', $package['headers_mixed']) \|\| array_key_exists('Max-Forwards', $package['headers_mixed']) \|\| array_key_exists('X-Forwarded-For', $package['headers_mixed']) \|\| array_key_exists('Client-Ip', $package['headers_mixed'])) {
13	return 'd60b87c7';
14	}








15	return false;
16	}
17


12	if (array_key_exists('Via', $package['headers_mixed']) \|\| array_key_exists('Max-Forwards', $package['headers_mixed']) \|\| array_key_exists('X-Forwarded-For', $package['headers_mixed']) \|\| array_key_exists('Client-Ip', $package['headers_mixed'])) {
13	return 'd60b87c7';
14	}
15	+
16	+ // Fake WordPress trackbacks
17	+ // Real ones do not contain Accept:, and have a charset defined
18	+ if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
19	+ if (array_key_exists('Accept', $package['headers_mixed']) \|\| strpos($package['^headers_mixed']['Content-Type'], "charset=") === FALSE) {
20	+ return 'e3990b47';
21	+ }
22	+ }
23	return false;
24	}
25

bad-behavior/version.inc.php CHANGED Viewed

	@@ -1,3 +1,3 @@
1	<?php if (!defined('BB2_CWD')) die("I said no cheating!");
2	- define('BB2_VERSION', "2.0.26");
3	?>


1	<?php if (!defined('BB2_CWD')) die("I said no cheating!");
2	+ define('BB2_VERSION', "2.0.28");
3	?>