Bad Behavior - Version 2.0.38

Version Description

Download this release

Release Info

Developer error
Plugin Icon wp plugin Bad Behavior
Version 2.0.38
Comparing to
See all releases

Code changes from version 2.1.0 to 2.0.38

Files changed (15) hide show
  1. README.txt +2 -2
  2. bad-behavior-generic.php +3 -6
  3. bad-behavior-mediawiki.php +1 -5
  4. bad-behavior-mysql.php +0 -46
  5. bad-behavior-wordpress-admin.php +5 -1
  6. bad-behavior-wordpress.php +4 -8
  7. bad-behavior/banned.inc.php +3 -1
  8. bad-behavior/blacklist.inc.php +1 -3
  9. bad-behavior/common_tests.inc.php +4 -3
  10. bad-behavior/core.inc.php +87 -30
  11. bad-behavior/post.inc.php +1 -1
  12. bad-behavior/version.inc.php +1 -1
  13. bad-behavior/whitelist.inc.php +60 -7
  14. settings.ini +0 -9
  15. whitelist.ini +0 -26
README.txt CHANGED
@@ -3,8 +3,8 @@ Tags: comment,trackback,referrer,spam,robot,antispam
3
  Contributors: error, MarkJaquith, Firas, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 1.5
6
- Tested up to: 2.9
7
- Stable tag: 2.0.35
8
 
9
  Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10
  content management system free of link spam. Bad Behavior is a PHP-based
3
  Contributors: error, MarkJaquith, Firas, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 1.5
6
+ Tested up to: 3.0
7
+ Stable tag: 2.0.38
8
 
9
  Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10
  content management system free of link spam. Bad Behavior is a PHP-based
bad-behavior-generic.php CHANGED
@@ -1,11 +1,11 @@
1
  <?php
2
  /*
3
  Bad Behavior - detects and blocks unwanted Web accesses
4
- Copyright (C) 2005,2006,2007,2008,2009 Michael Hampton
5
 
6
  This program is free software; you can redistribute it and/or modify
7
  it under the terms of the GNU General Public License as published by
8
- the Free Software Foundation; either version 3 of the License, or
9
  (at your option) any later version.
10
 
11
  As a special exemption, you may link this program with any of the
@@ -32,8 +32,6 @@ define('BB2_CWD', dirname(__FILE__));
32
 
33
  // Settings you can adjust for Bad Behavior.
34
  // Most of these are unused in non-database mode.
35
- // DO NOT EDIT HERE; instead make changes in settings.ini.
36
- // These settings are used when settings.ini is not present.
37
  $bb2_settings_defaults = array(
38
  'log_table' => 'bad_behavior',
39
  'display_stats' => true,
@@ -95,8 +93,7 @@ function bb2_email() {
95
  // Settings are hard-coded for non-database use
96
  function bb2_read_settings() {
97
  global $bb2_settings_defaults;
98
- $settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
99
- return array_merge($bb2_settings_defaults, $settings);
100
  }
101
 
102
  // write settings to database
1
  <?php
2
  /*
3
  Bad Behavior - detects and blocks unwanted Web accesses
4
+ Copyright (C) 2005-2006 Michael Hampton
5
 
6
  This program is free software; you can redistribute it and/or modify
7
  it under the terms of the GNU General Public License as published by
8
+ the Free Software Foundation; either version 2 of the License, or
9
  (at your option) any later version.
10
 
11
  As a special exemption, you may link this program with any of the
32
 
33
  // Settings you can adjust for Bad Behavior.
34
  // Most of these are unused in non-database mode.
 
 
35
  $bb2_settings_defaults = array(
36
  'log_table' => 'bad_behavior',
37
  'display_stats' => true,
93
  // Settings are hard-coded for non-database use
94
  function bb2_read_settings() {
95
  global $bb2_settings_defaults;
96
+ return $bb2_settings_defaults;
 
97
  }
98
 
99
  // write settings to database
bad-behavior-mediawiki.php CHANGED
@@ -25,8 +25,6 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25
  if (!defined('MEDIAWIKI')) die();
26
 
27
  // Settings you can adjust for Bad Behavior.
28
- // DO NOT EDIT HERE; instead make changes in settings.ini.
29
- // These settings are used when settings.ini is not present.
30
  $bb2_settings_defaults = array(
31
  'log_table' => $wgDBprefix . 'bad_behavior',
32
  'display_stats' => true,
@@ -42,7 +40,6 @@ $bb2_settings_defaults = array(
42
  define('BB2_CWD', dirname(__FILE__));
43
 
44
  // Bad Behavior callback functions.
45
- require_once("bad-behavior-mysql.php");
46
 
47
  // Return current time in the format preferred by your database.
48
  function bb2_db_date() {
@@ -93,8 +90,7 @@ function bb2_email() {
93
  // retrieve settings from database
94
  function bb2_read_settings() {
95
  global $bb2_settings_defaults;
96
- $settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
97
- return array_merge($bb2_settings_defaults, $settings);
98
  }
99
 
100
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
25
  if (!defined('MEDIAWIKI')) die();
26
 
27
  // Settings you can adjust for Bad Behavior.
 
 
28
  $bb2_settings_defaults = array(
29
  'log_table' => $wgDBprefix . 'bad_behavior',
30
  'display_stats' => true,
40
  define('BB2_CWD', dirname(__FILE__));
41
 
42
  // Bad Behavior callback functions.
 
43
 
44
  // Return current time in the format preferred by your database.
45
  function bb2_db_date() {
90
  // retrieve settings from database
91
  function bb2_read_settings() {
92
  global $bb2_settings_defaults;
93
+ return $bb2_settings_defaults;
 
94
  }
95
 
96
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
bad-behavior-mysql.php DELETED
@@ -1,46 +0,0 @@
1
- <?php
2
-
3
- // Our log table structure
4
- function bb2_table_structure($name)
5
- {
6
- // It's not paranoia if they really are out to get you.
7
- $name_escaped = bb2_db_escape($name);
8
- return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
9
- `id` INT(11) NOT NULL auto_increment,
10
- `ip` TEXT NOT NULL,
11
- `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
12
- `request_method` TEXT NOT NULL,
13
- `request_uri` TEXT NOT NULL,
14
- `server_protocol` TEXT NOT NULL,
15
- `http_headers` TEXT NOT NULL,
16
- `user_agent` TEXT NOT NULL,
17
- `request_entity` TEXT NOT NULL,
18
- `key` TEXT NOT NULL,
19
- INDEX (`ip`(15)),
20
- INDEX (`user_agent`(10)),
21
- PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
22
- }
23
-
24
- // Insert a new record
25
- function bb2_insert($settings, $package, $key)
26
- {
27
- $ip = bb2_db_escape($package['ip']);
28
- $date = bb2_db_date();
29
- $request_method = bb2_db_escape($package['request_method']);
30
- $request_uri = bb2_db_escape($package['request_uri']);
31
- $server_protocol = bb2_db_escape($package['server_protocol']);
32
- $user_agent = bb2_db_escape($package['user_agent']);
33
- $headers = "$request_method $request_uri $server_protocol\n";
34
- foreach ($package['headers'] as $h => $v) {
35
- $headers .= bb2_db_escape("$h: $v\n");
36
- }
37
- $request_entity = "";
38
- if (!strcasecmp($request_method, "POST")) {
39
- foreach ($package['request_entity'] as $h => $v) {
40
- $request_entity .= bb2_db_escape("$h: $v\n");
41
- }
42
- }
43
- return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
44
- (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
45
- ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
46
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior-wordpress-admin.php CHANGED
@@ -98,6 +98,7 @@ function bb2_manage() {
98
  global $wpdb;
99
 
100
  $request_uri = $_SERVER["REQUEST_URI"];
 
101
  $settings = bb2_read_settings();
102
  $rows_per_page = 100;
103
  $where = "";
@@ -207,6 +208,9 @@ function bb2_options()
207
  {
208
  $settings = bb2_read_settings();
209
 
 
 
 
210
  if ($_POST) {
211
  if ($_POST['display_stats']) {
212
  $settings['display_stats'] = true;
@@ -266,7 +270,7 @@ function bb2_options()
266
  ?>
267
  <div class="wrap">
268
  <h2><?php _e("Bad Behavior"); ?></h2>
269
- <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
270
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
271
  <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
272
 
98
  global $wpdb;
99
 
100
  $request_uri = $_SERVER["REQUEST_URI"];
101
+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
102
  $settings = bb2_read_settings();
103
  $rows_per_page = 100;
104
  $where = "";
208
  {
209
  $settings = bb2_read_settings();
210
 
211
+ $request_uri = $_SERVER["REQUEST_URI"];
212
+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
213
+
214
  if ($_POST) {
215
  if ($_POST['display_stats']) {
216
  $settings['display_stats'] = true;
270
  ?>
271
  <div class="wrap">
272
  <h2><?php _e("Bad Behavior"); ?></h2>
273
+ <form method="post" action="<?php echo $request_uri; ?>">
274
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
275
  <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
276
 
bad-behavior-wordpress.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
- Version: 2.1.0
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://www.bad-behavior.ioerror.us/
7
  Author: Michael Hampton
@@ -44,7 +44,6 @@ $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
44
  define('BB2_CWD', dirname(__FILE__));
45
 
46
  // Bad Behavior callback functions.
47
- require_once("bad-behavior-mysql.php");
48
 
49
  // Return current time in the format preferred by your database.
50
  function bb2_db_date() {
@@ -80,7 +79,8 @@ function bb2_db_query($query) {
80
 
81
  $wpdb->hide_errors();
82
  $result = $wpdb->get_results($query, ARRAY_A);
83
- $wpdb->show_errors();
 
84
  if (mysql_error()) {
85
  return FALSE;
86
  }
@@ -140,10 +140,6 @@ function bb2_insert_stats($force = false) {
140
  echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
141
  }
142
  }
143
- if (@!empty($_SESSION['BB2_RESULT'])) {
144
- echo sprintf("\n<!-- Bad Behavior result was %s! This request would have been blocked. -->\n", $_SESSION['BB2_RESULT']);
145
- unset($_SESSION['BB2_RESULT']);
146
- }
147
  }
148
 
149
  // Return the top-level relative path of wherever we are (for cookies)
@@ -169,7 +165,7 @@ if (is_admin() || strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge
169
  require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
170
  }
171
 
172
- $_SESSION['BB2_RESULT'] = bb2_start(bb2_read_settings());
173
 
174
  $bb2_mtime = explode(" ", microtime());
175
  $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
+ Version: 2.0.38
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://www.bad-behavior.ioerror.us/
7
  Author: Michael Hampton
44
  define('BB2_CWD', dirname(__FILE__));
45
 
46
  // Bad Behavior callback functions.
 
47
 
48
  // Return current time in the format preferred by your database.
49
  function bb2_db_date() {
79
 
80
  $wpdb->hide_errors();
81
  $result = $wpdb->get_results($query, ARRAY_A);
82
+ if ( defined('WP_DEBUG') and WP_DEBUG == true )
83
+ $wpdb->show_errors();
84
  if (mysql_error()) {
85
  return FALSE;
86
  }
140
  echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
141
  }
142
  }
 
 
 
 
143
  }
144
 
145
  // Return the top-level relative path of wherever we are (for cookies)
165
  require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
166
  }
167
 
168
+ bb2_start(bb2_read_settings());
169
 
170
  $bb2_mtime = explode(" ", microtime());
171
  $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
bad-behavior/banned.inc.php CHANGED
@@ -24,6 +24,8 @@ function bb2_display_denial($settings, $key, $previous_key = false)
24
  $response = bb2_get_response($previous_key);
25
  header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
26
  header("Status: " . $response['response'] . " Bad Behavior");
 
 
27
  ?>
28
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
29
  <!--< html xmlns="http://www.w3.org/1999/xhtml">-->
@@ -33,7 +35,7 @@ function bb2_display_denial($settings, $key, $previous_key = false)
33
  <body>
34
  <h1>Error <?php echo $response['response']; ?></h1>
35
  <p>We're sorry, but we could not fulfill your request for
36
- <?php echo htmlspecialchars($_SERVER['REQUEST_URI']) ?> on this server.</p>
37
  <p><?php echo $response['explanation']; ?></p>
38
  <p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
39
  <p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
24
  $response = bb2_get_response($previous_key);
25
  header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
26
  header("Status: " . $response['response'] . " Bad Behavior");
27
+ $request_uri = $_SERVER['REQUEST_URI'];
28
+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
29
  ?>
30
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
31
  <!--< html xmlns="http://www.w3.org/1999/xhtml">-->
35
  <body>
36
  <h1>Error <?php echo $response['response']; ?></h1>
37
  <p>We're sorry, but we could not fulfill your request for
38
+ <?php echo htmlspecialchars($request_uri) ?> on this server.</p>
39
  <p><?php echo $response['explanation']; ?></p>
40
  <p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
41
  <p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
bad-behavior/blacklist.inc.php CHANGED
@@ -69,12 +69,11 @@ function bb2_blacklist($package) {
69
  "grub-client", // search engine ignores robots.txt
70
  "hanzoweb", // very badly behaved crawler
71
  "Indy Library", // misc comment/email spam
72
- "MSIE 7.0; Windows NT 5.2", // Cyveillance
73
  "Murzillo compatible", // comment spam bot
74
  ".NET CLR 1)", // free poker, etc.
75
  "POE-Component-Client", // free poker, etc.
76
  "Turing Machine", // www.anonymizer.com abuse
77
- "unspecified.mail", // stealth harvesters
78
  "User-agent: ", // spam harvester/splogger
79
  "WebaltBot", // spam harvester
80
  "WISEbot", // spam harvester
@@ -84,7 +83,6 @@ function bb2_blacklist($package) {
84
  "Windows NT 5.1;)", // wikispam bot
85
  "Windows XP 5", // spam harvester
86
  "WordPress/4.01", // pingback spam
87
- "Xedant Human Emulator",// spammer script engine
88
  "\\\\)", // spam harvester
89
  );
90
 
69
  "grub-client", // search engine ignores robots.txt
70
  "hanzoweb", // very badly behaved crawler
71
  "Indy Library", // misc comment/email spam
72
+ "larbin@unspecified", // stealth harvesters
73
  "Murzillo compatible", // comment spam bot
74
  ".NET CLR 1)", // free poker, etc.
75
  "POE-Component-Client", // free poker, etc.
76
  "Turing Machine", // www.anonymizer.com abuse
 
77
  "User-agent: ", // spam harvester/splogger
78
  "WebaltBot", // spam harvester
79
  "WISEbot", // spam harvester
83
  "Windows NT 5.1;)", // wikispam bot
84
  "Windows XP 5", // spam harvester
85
  "WordPress/4.01", // pingback spam
 
86
  "\\\\)", // spam harvester
87
  );
88
 
bad-behavior/common_tests.inc.php CHANGED
@@ -54,9 +54,9 @@ function bb2_misc_headers($settings, $package)
54
  // Real user-agents do not start ranges at 0
55
  // NOTE: this blocks the whois.sc bot. No big loss.
56
  // Exceptions: MT (not fixable); LJ (refuses to fix; may be
57
- // blocked again in the future)
58
  if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
59
- if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11)) {
60
  return "7ad04a8a";
61
  }
62
  }
@@ -69,6 +69,7 @@ function bb2_misc_headers($settings, $package)
69
  // Lowercase via is used by open proxies/referrer spammers
70
  // Exceptions: Clearswift uses lowercase via (refuses to fix;
71
  // may be blocked again in the future)
 
72
  if (array_key_exists('via', $package['headers']) &&
73
  strpos($package['headers']['via'],'Clearswift') === FALSE &&
74
  strpos($ua,'CoralWebPrx') === FALSE) {
@@ -113,7 +114,7 @@ function bb2_misc_headers($settings, $package)
113
  return "b9cc1d86";
114
  }
115
  // Proxy-Connection does not exist and should never be seen in the wild
116
- if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
117
  return "b7830251";
118
  }
119
 
54
  // Real user-agents do not start ranges at 0
55
  // NOTE: this blocks the whois.sc bot. No big loss.
56
  // Exceptions: MT (not fixable); LJ (refuses to fix; may be
57
+ // blocked again in the future); Facebook
58
  if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
59
+ if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua, "facebookexternalhit", 19)) {
60
  return "7ad04a8a";
61
  }
62
  }
69
  // Lowercase via is used by open proxies/referrer spammers
70
  // Exceptions: Clearswift uses lowercase via (refuses to fix;
71
  // may be blocked again in the future)
72
+ // Coral CDN uses lowercase via
73
  if (array_key_exists('via', $package['headers']) &&
74
  strpos($package['headers']['via'],'Clearswift') === FALSE &&
75
  strpos($ua,'CoralWebPrx') === FALSE) {
114
  return "b9cc1d86";
115
  }
116
  // Proxy-Connection does not exist and should never be seen in the wild
117
+ if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
118
  return "b7830251";
119
  }
120
 
bad-behavior/core.inc.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
 
3
- // Bad Behavior entry point is bb2_start()
4
  // If you're reading this, you are probably lost.
5
  // Go read the bad-behavior-generic.php file.
6
 
@@ -9,6 +9,51 @@ define('BB2_COOKIE', 'bb2_screener_');
9
 
10
  require_once(BB2_CORE . "/functions.inc.php");
11
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  // Kill 'em all!
13
  function bb2_banned($settings, $package, $key, $previous_key=false)
14
  {
@@ -40,6 +85,18 @@ function bb2_approved($settings, $package)
40
  }
41
  }
42
 
 
 
 
 
 
 
 
 
 
 
 
 
43
 
44
  // Let God sort 'em out!
45
  function bb2_start($settings)
@@ -47,7 +104,7 @@ function bb2_start($settings)
47
  // Gather up all the information we need, first of all.
48
  $headers = bb2_load_headers();
49
  // Postprocess the headers to mixed-case
50
- // TODO: get the world to stop using PHP as CGI
51
  $headers_mixed = array();
52
  foreach ($headers as $h => $v) {
53
  $headers_mixed[uc_all($h)] = $v;
@@ -55,24 +112,24 @@ function bb2_start($settings)
55
 
56
  // IPv6 - IPv4 compatibility mode hack
57
  $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
 
 
 
 
 
 
 
58
 
59
  // Reconstruct the HTTP entity, if present.
60
  $request_entity = array();
61
- if (!strcasecmp($_SERVER['REQUEST_METHOD'], "POST") || !strcasecmp($_SERVER['REQUEST_METHOD'], "PUT")) {
62
  foreach ($_POST as $h => $v) {
63
  $request_entity[$h] = $v;
64
  }
65
  }
66
 
67
- @$package = array('ip' => $_SERVER['REMOTE_ADDR'], 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $_SERVER['REQUEST_URI'], 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false);
68
-
69
- $result = bb2_screen($settings, $package);
70
- if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
71
- return $result;
72
- }
73
 
74
- function bb2_screen($settings, $package)
75
- {
76
  // Please proceed to the security checkpoint and have your
77
  // identification and boarding pass ready.
78
 
@@ -81,65 +138,65 @@ function bb2_screen($settings, $package)
81
  if (!bb2_whitelist($package)) {
82
  // Now check the blacklist
83
  require_once(BB2_CORE . "/blacklist.inc.php");
84
- if ($r = bb2_blacklist($package)) return $r;
85
 
86
  // Check the http:BL
87
  require_once(BB2_CORE . "/blackhole.inc.php");
88
- if ($r = bb2_httpbl($settings, $package)) return $r;
89
 
90
  // Check for common stuff
91
  require_once(BB2_CORE . "/common_tests.inc.php");
92
- if ($r = bb2_protocol($settings, $package)) return $r;
93
- if ($r = bb2_cookies($settings, $package)) return $r;
94
- if ($r = bb2_misc_headers($settings, $package)) return $r;
95
 
96
  // Specific checks
97
- @$ua = $package['user_agent'];
98
  // MSIE checks
99
- if (stripos($ua, "; MSIE") !== FALSE) {
100
  $package['is_browser'] = true;
101
  if (stripos($ua, "Opera") !== FALSE) {
102
  require_once(BB2_CORE . "/opera.inc.php");
103
- if ($r = bb2_opera($package)) return $r;
104
  } else {
105
  require_once(BB2_CORE . "/msie.inc.php");
106
- if ($r = bb2_msie($package)) return $r;
107
  }
108
  } elseif (stripos($ua, "Konqueror") !== FALSE) {
109
  $package['is_browser'] = true;
110
  require_once(BB2_CORE . "/konqueror.inc.php");
111
- if ($r = bb2_konqueror($package)) return $r;
112
  } elseif (stripos($ua, "Opera") !== FALSE) {
113
  $package['is_browser'] = true;
114
  require_once(BB2_CORE . "/opera.inc.php");
115
- if ($r = bb2_opera($package)) return $r;
116
  } elseif (stripos($ua, "Safari") !== FALSE) {
117
  $package['is_browser'] = true;
118
  require_once(BB2_CORE . "/safari.inc.php");
119
- if ($r = bb2_safari($package)) return $r;
120
  } elseif (stripos($ua, "Lynx") !== FALSE) {
121
  $package['is_browser'] = true;
122
  require_once(BB2_CORE . "/lynx.inc.php");
123
- if ($r = bb2_lynx($package)) return $r;
124
  } elseif (stripos($ua, "MovableType") !== FALSE) {
125
  require_once(BB2_CORE . "/movabletype.inc.php");
126
- if ($r = bb2_movabletype($package)) return $r;
127
  } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
128
  require_once(BB2_CORE . "/msnbot.inc.php");
129
- if ($r = bb2_msnbot($package)) return $r;
130
  } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
131
  require_once(BB2_CORE . "/google.inc.php");
132
- if ($r = bb2_google($package)) return $r;
133
  } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
134
  $package['is_browser'] = true;
135
  require_once(BB2_CORE . "/mozilla.inc.php");
136
- if ($r = bb2_mozilla($package)) return $r;
137
  }
138
 
139
  // More intensive screening applies to POST requests
140
  if (!strcasecmp('POST', $package['request_method'])) {
141
  require_once(BB2_CORE . "/post.inc.php");
142
- if ($r = bb2_post($settings, $package)) return $r;
143
  }
144
  }
145
 
@@ -149,6 +206,6 @@ function bb2_screen($settings, $package)
149
 
150
  // And that's about it.
151
  bb2_approved($settings, $package);
152
- return false;
153
  }
154
  ?>
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
 
3
+ // Bad Behavior entry point is start_bad_behavior().
4
  // If you're reading this, you are probably lost.
5
  // Go read the bad-behavior-generic.php file.
6
 
9
 
10
  require_once(BB2_CORE . "/functions.inc.php");
11
 
12
+ // Our log table structure
13
+ function bb2_table_structure($name)
14
+ {
15
+ // It's not paranoia if they really are out to get you.
16
+ $name_escaped = bb2_db_escape($name);
17
+ return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
18
+ `id` INT(11) NOT NULL auto_increment,
19
+ `ip` TEXT NOT NULL,
20
+ `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
21
+ `request_method` TEXT NOT NULL,
22
+ `request_uri` TEXT NOT NULL,
23
+ `server_protocol` TEXT NOT NULL,
24
+ `http_headers` TEXT NOT NULL,
25
+ `user_agent` TEXT NOT NULL,
26
+ `request_entity` TEXT NOT NULL,
27
+ `key` TEXT NOT NULL,
28
+ INDEX (`ip`(15)),
29
+ INDEX (`user_agent`(10)),
30
+ PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
31
+ }
32
+
33
+ // Insert a new record
34
+ function bb2_insert($settings, $package, $key)
35
+ {
36
+ $ip = bb2_db_escape($package['ip']);
37
+ $date = bb2_db_date();
38
+ $request_method = bb2_db_escape($package['request_method']);
39
+ $request_uri = bb2_db_escape($package['request_uri']);
40
+ $server_protocol = bb2_db_escape($package['server_protocol']);
41
+ $user_agent = bb2_db_escape($package['user_agent']);
42
+ $headers = "$request_method $request_uri $server_protocol\n";
43
+ foreach ($package['headers'] as $h => $v) {
44
+ $headers .= bb2_db_escape("$h: $v\n");
45
+ }
46
+ $request_entity = "";
47
+ if (!strcasecmp($request_method, "POST")) {
48
+ foreach ($package['request_entity'] as $h => $v) {
49
+ $request_entity .= bb2_db_escape("$h: $v\n");
50
+ }
51
+ }
52
+ return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
53
+ (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
54
+ ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
55
+ }
56
+
57
  // Kill 'em all!
58
  function bb2_banned($settings, $package, $key, $previous_key=false)
59
  {
85
  }
86
  }
87
 
88
+ // Check the results of a particular test; see below for usage
89
+ // Returns FALSE if test passed (yes this is backwards)
90
+ function bb2_test($settings, $package, $result)
91
+ {
92
+ if ($result !== FALSE)
93
+ {
94
+ bb2_banned($settings, $package, $result);
95
+ return TRUE;
96
+ }
97
+ return FALSE;
98
+ }
99
+
100
 
101
  // Let God sort 'em out!
102
  function bb2_start($settings)
104
  // Gather up all the information we need, first of all.
105
  $headers = bb2_load_headers();
106
  // Postprocess the headers to mixed-case
107
+ // FIXME: get the world to stop using PHP as CGI
108
  $headers_mixed = array();
109
  foreach ($headers as $h => $v) {
110
  $headers_mixed[uc_all($h)] = $v;
112
 
113
  // IPv6 - IPv4 compatibility mode hack
114
  $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
115
+ // We use these frequently. Keep a copy close at hand.
116
+ $ip = $_SERVER['REMOTE_ADDR'];
117
+ $request_method = $_SERVER['REQUEST_METHOD'];
118
+ $request_uri = $_SERVER['REQUEST_URI'];
119
+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
120
+ $server_protocol = $_SERVER['SERVER_PROTOCOL'];
121
+ @$user_agent = $_SERVER['HTTP_USER_AGENT'];
122
 
123
  // Reconstruct the HTTP entity, if present.
124
  $request_entity = array();
125
+ if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
126
  foreach ($_POST as $h => $v) {
127
  $request_entity[$h] = $v;
128
  }
129
  }
130
 
131
+ $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
 
 
 
 
 
132
 
 
 
133
  // Please proceed to the security checkpoint and have your
134
  // identification and boarding pass ready.
135
 
138
  if (!bb2_whitelist($package)) {
139
  // Now check the blacklist
140
  require_once(BB2_CORE . "/blacklist.inc.php");
141
+ bb2_test($settings, $package, bb2_blacklist($package));
142
 
143
  // Check the http:BL
144
  require_once(BB2_CORE . "/blackhole.inc.php");
145
+ bb2_test($settings, $package, bb2_httpbl($settings, $package));
146
 
147
  // Check for common stuff
148
  require_once(BB2_CORE . "/common_tests.inc.php");
149
+ bb2_test($settings, $package, bb2_protocol($settings, $package));
150
+ bb2_test($settings, $package, bb2_cookies($settings, $package));
151
+ bb2_test($settings, $package, bb2_misc_headers($settings, $package));
152
 
153
  // Specific checks
154
+ @$ua = $headers_mixed['User-Agent'];
155
  // MSIE checks
156
+ if (stripos($ua, "MSIE") !== FALSE) {
157
  $package['is_browser'] = true;
158
  if (stripos($ua, "Opera") !== FALSE) {
159
  require_once(BB2_CORE . "/opera.inc.php");
160
+ bb2_test($settings, $package, bb2_opera($package));
161
  } else {
162
  require_once(BB2_CORE . "/msie.inc.php");
163
+ bb2_test($settings, $package, bb2_msie($package));
164
  }
165
  } elseif (stripos($ua, "Konqueror") !== FALSE) {
166
  $package['is_browser'] = true;
167
  require_once(BB2_CORE . "/konqueror.inc.php");
168
+ bb2_test($settings, $package, bb2_konqueror($package));
169
  } elseif (stripos($ua, "Opera") !== FALSE) {
170
  $package['is_browser'] = true;
171
  require_once(BB2_CORE . "/opera.inc.php");
172
+ bb2_test($settings, $package, bb2_opera($package));
173
  } elseif (stripos($ua, "Safari") !== FALSE) {
174
  $package['is_browser'] = true;
175
  require_once(BB2_CORE . "/safari.inc.php");
176
+ bb2_test($settings, $package, bb2_safari($package));
177
  } elseif (stripos($ua, "Lynx") !== FALSE) {
178
  $package['is_browser'] = true;
179
  require_once(BB2_CORE . "/lynx.inc.php");
180
+ bb2_test($settings, $package, bb2_lynx($package));
181
  } elseif (stripos($ua, "MovableType") !== FALSE) {
182
  require_once(BB2_CORE . "/movabletype.inc.php");
183
+ bb2_test($settings, $package, bb2_movabletype($package));
184
  } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
185
  require_once(BB2_CORE . "/msnbot.inc.php");
186
+ bb2_test($settings, $package, bb2_msnbot($package));
187
  } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
188
  require_once(BB2_CORE . "/google.inc.php");
189
+ bb2_test($settings, $package, bb2_google($package));
190
  } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
191
  $package['is_browser'] = true;
192
  require_once(BB2_CORE . "/mozilla.inc.php");
193
+ bb2_test($settings, $package, bb2_mozilla($package));
194
  }
195
 
196
  // More intensive screening applies to POST requests
197
  if (!strcasecmp('POST', $package['request_method'])) {
198
  require_once(BB2_CORE . "/post.inc.php");
199
+ bb2_test($settings, $package, bb2_post($settings, $package));
200
  }
201
  }
202
 
206
 
207
  // And that's about it.
208
  bb2_approved($settings, $package);
209
+ return true;
210
  }
211
  ?>
bad-behavior/post.inc.php CHANGED
@@ -5,7 +5,7 @@ function bb2_post($settings, $package)
5
  {
6
  // Check blackhole lists for known spam/malicious activity
7
  // require_once(BB2_CORE . "/blackhole.inc.php");
8
- // if ($r = bb2_blackhole($package)) return $r;
9
 
10
  // MovableType needs specialized screening
11
  if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
5
  {
6
  // Check blackhole lists for known spam/malicious activity
7
  // require_once(BB2_CORE . "/blackhole.inc.php");
8
+ // bb2_test($settings, $package, bb2_blackhole($package));
9
 
10
  // MovableType needs specialized screening
11
  if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
bad-behavior/version.inc.php CHANGED
@@ -1,3 +1,3 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
- define('BB2_VERSION', "2.1.0");
3
  ?>
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
+ define('BB2_VERSION', "2.0.38");
3
  ?>
bad-behavior/whitelist.inc.php CHANGED
@@ -2,25 +2,78 @@
2
 
3
  function bb2_whitelist($package)
4
  {
5
- $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
6
 
7
- if (@!empty($whitelists['ip'])) {
8
- foreach ($whitelists['ip'] as $range) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
9
  if (match_cidr($package['ip'], $range)) return true;
10
  }
11
  }
12
- if (@!empty($whitelists['useragent'])) {
13
- foreach ($whitelists['useragent'] as $user_agent) {
14
  if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
15
  }
16
  }
17
- if (@!empty($whitelists['url'])) {
18
  if (strpos($package['request_uri'], "?") === FALSE) {
19
  $request_uri = $package['request_uri'];
20
  } else {
21
  $request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
22
  }
23
- foreach ($whitelists['url'] as $url) {
24
  if (!strcmp($request_uri, $url)) return true;
25
  }
26
  }
2
 
3
  function bb2_whitelist($package)
4
  {
5
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
6
 
7
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
8
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
9
+ // are 100% CERTAIN that you should.
10
+
11
+ // IP address ranges use the CIDR format.
12
+
13
+ // Includes four examples of whitelisting by IP address and netblock.
14
+ $bb2_whitelist_ip_ranges = array(
15
+ "64.191.203.34", // Digg whitelisted as of 2.0.12
16
+ "208.67.217.130", // Digg whitelisted as of 2.0.12
17
+ "10.0.0.0/8",
18
+ "172.16.0.0/12",
19
+ "192.168.0.0/16",
20
+ // "127.0.0.1",
21
+ );
22
+
23
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
24
+
25
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
26
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
27
+ // are 100% CERTAIN that you should.
28
+
29
+ // You should not whitelist search engines by user agent. Use the IP
30
+ // netblock for the search engine instead. See http://whois.arin.net/
31
+ // to locate the netblocks for an IP.
32
+
33
+ // User agents are matched by exact match only.
34
+
35
+ // Includes one example of whitelisting by user agent.
36
+ // All are commented out.
37
+ $bb2_whitelist_user_agents = array(
38
+ // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
39
+ );
40
+
41
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
42
+
43
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
44
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
45
+ // are 100% CERTAIN that you should.
46
+
47
+ // URLs are matched from the first / after the server name up to,
48
+ // but not including, the ? (if any).
49
+
50
+ // Includes two examples of whitelisting by URL.
51
+ $bb2_whitelist_urls = array(
52
+ // "/example.php",
53
+ // "/openid/server",
54
+ );
55
+
56
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
57
+
58
+ // Do not edit below this line
59
+
60
+ if (!empty($bb2_whitelist_ip_ranges)) {
61
+ foreach ($bb2_whitelist_ip_ranges as $range) {
62
  if (match_cidr($package['ip'], $range)) return true;
63
  }
64
  }
65
+ if (!empty($bb2_whitelist_user_agents)) {
66
+ foreach ($bb2_whitelist_user_agents as $user_agent) {
67
  if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
68
  }
69
  }
70
+ if (!empty($bb2_whitelist_urls)) {
71
  if (strpos($package['request_uri'], "?") === FALSE) {
72
  $request_uri = $package['request_uri'];
73
  } else {
74
  $request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
75
  }
76
+ foreach ($bb2_whitelist_urls as $url) {
77
  if (!strcmp($request_uri, $url)) return true;
78
  }
79
  }
settings.ini DELETED
@@ -1,9 +0,0 @@
1
- [settings]
2
- display_stats = true
3
- strict = false
4
- verbose = false
5
- logging = true
6
- httpbl_key = ""
7
- httpbl_threat = 25
8
- httpbl_maxage = 30
9
- offsite_forms = false
 
 
 
 
 
 
 
 
 
whitelist.ini DELETED
@@ -1,26 +0,0 @@
1
- ; Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior
2
- ; to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN
3
- ; that you should.
4
-
5
- ; IP address ranges use the CIDR format.
6
-
7
- [ip]
8
- ; Digg whitelisted as of 2.0.12
9
- ip[] = "64.191.203.34"
10
- ip[] = "208.67.217.130"
11
- ; RFC 1918 addresses
12
- ip[] = "10.0.0.0/8"
13
- ip[] = "172.16.0.0/12"
14
- ip[] = "192.168.0.0/16"
15
-
16
- ; User agents are matched by exact match only.
17
-
18
- [useragent]
19
- useragent[] = "Mozilla/4.0 (It's me, let me in)"
20
-
21
- ; URLs are matched from the first / after the server name up to, but not
22
- ; including, the ? (if any). The URL to be whitelisted is a URL on YOUR site.
23
-
24
- [url]
25
- url[] = "/example.php"
26
- url[] = "/openid/server"