Version Description
Download this release
Release Info
Developer | error |
Plugin | Bad Behavior |
Version | 2.0.39 |
Comparing to | |
See all releases |
Code changes from version 2.1.7 to 2.0.39
- README.txt +5 -2
- bad-behavior-generic.php +5 -14
- bad-behavior-mediawiki.php +1 -5
- bad-behavior-mysql.php +0 -46
- bad-behavior-wordpress-admin.php +2 -2
- bad-behavior-wordpress.php +2 -7
- bad-behavior/banned.inc.php +3 -3
- bad-behavior/blackhole.inc.php +5 -0
- bad-behavior/blacklist.inc.php +2 -4
- bad-behavior/cloudflare.inc.php +0 -15
- bad-behavior/common_tests.inc.php +3 -7
- bad-behavior/core.inc.php +88 -46
- bad-behavior/functions.inc.php +1 -6
- bad-behavior/google.inc.php +1 -6
- bad-behavior/msnbot.inc.php +1 -6
- bad-behavior/post.inc.php +1 -1
- bad-behavior/responses.inc.php +0 -2
- bad-behavior/roundtripdns.inc.php +0 -20
- bad-behavior/version.inc.php +1 -1
- bad-behavior/whitelist.inc.php +61 -8
- settings.ini +0 -9
- whitelist.ini +0 -26
README.txt
CHANGED
@@ -3,8 +3,8 @@ Tags: comment,trackback,referrer,spam,robot,antispam
|
|
3 |
Contributors: error, MarkJaquith, Firas, skeltoac
|
4 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
|
5 |
Requires at least: 1.5
|
6 |
-
Tested up to: 3.0.
|
7 |
-
Stable tag: 2.0.
|
8 |
|
9 |
Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
|
10 |
content management system free of link spam. Bad Behavior is a PHP-based
|
@@ -66,6 +66,9 @@ http://www.bad-behavior.ioerror.us/
|
|
66 |
|
67 |
= Bad Behavior 2.0 Known Issues =
|
68 |
|
|
|
|
|
|
|
69 |
* Bad Behavior may be unable to protect cached pages on MediaWiki.
|
70 |
|
71 |
* When upgrading from version 2.0.19 or prior on MediaWiki and WordPress,
|
3 |
Contributors: error, MarkJaquith, Firas, skeltoac
|
4 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
|
5 |
Requires at least: 1.5
|
6 |
+
Tested up to: 3.0.4
|
7 |
+
Stable tag: 2.0.39
|
8 |
|
9 |
Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
|
10 |
content management system free of link spam. Bad Behavior is a PHP-based
|
66 |
|
67 |
= Bad Behavior 2.0 Known Issues =
|
68 |
|
69 |
+
* Bad Behavior requires MySQL 4.1 or later and PHP 4.3 or later. Future
|
70 |
+
versions of Bad Behavior will require PHP 5.
|
71 |
+
|
72 |
* Bad Behavior may be unable to protect cached pages on MediaWiki.
|
73 |
|
74 |
* When upgrading from version 2.0.19 or prior on MediaWiki and WordPress,
|
bad-behavior-generic.php
CHANGED
@@ -1,11 +1,11 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
Bad Behavior - detects and blocks unwanted Web accesses
|
4 |
-
Copyright (C) 2005
|
5 |
|
6 |
This program is free software; you can redistribute it and/or modify
|
7 |
it under the terms of the GNU General Public License as published by
|
8 |
-
the Free Software Foundation; either version
|
9 |
(at your option) any later version.
|
10 |
|
11 |
As a special exemption, you may link this program with any of the
|
@@ -32,8 +32,6 @@ define('BB2_CWD', dirname(__FILE__));
|
|
32 |
|
33 |
// Settings you can adjust for Bad Behavior.
|
34 |
// Most of these are unused in non-database mode.
|
35 |
-
// DO NOT EDIT HERE; instead make changes in settings.ini.
|
36 |
-
// These settings are used when settings.ini is not present.
|
37 |
$bb2_settings_defaults = array(
|
38 |
'log_table' => 'bad_behavior',
|
39 |
'display_stats' => true,
|
@@ -85,24 +83,17 @@ function bb2_db_rows($result) {
|
|
85 |
return $result;
|
86 |
}
|
87 |
|
88 |
-
// Create the SQL query for inserting a record in the database.
|
89 |
-
// See example for MySQL elsewhere.
|
90 |
-
function bb2_insert($settings, $package, $key)
|
91 |
-
{
|
92 |
-
return "--";
|
93 |
-
}
|
94 |
-
|
95 |
// Return emergency contact email address.
|
96 |
function bb2_email() {
|
97 |
-
return "example@example.com"; // You need to change this.
|
|
|
98 |
}
|
99 |
|
100 |
// retrieve settings from database
|
101 |
// Settings are hard-coded for non-database use
|
102 |
function bb2_read_settings() {
|
103 |
global $bb2_settings_defaults;
|
104 |
-
$
|
105 |
-
return array_merge($bb2_settings_defaults, $settings);
|
106 |
}
|
107 |
|
108 |
// write settings to database
|
1 |
<?php
|
2 |
/*
|
3 |
Bad Behavior - detects and blocks unwanted Web accesses
|
4 |
+
Copyright (C) 2005-2006 Michael Hampton
|
5 |
|
6 |
This program is free software; you can redistribute it and/or modify
|
7 |
it under the terms of the GNU General Public License as published by
|
8 |
+
the Free Software Foundation; either version 2 of the License, or
|
9 |
(at your option) any later version.
|
10 |
|
11 |
As a special exemption, you may link this program with any of the
|
32 |
|
33 |
// Settings you can adjust for Bad Behavior.
|
34 |
// Most of these are unused in non-database mode.
|
|
|
|
|
35 |
$bb2_settings_defaults = array(
|
36 |
'log_table' => 'bad_behavior',
|
37 |
'display_stats' => true,
|
83 |
return $result;
|
84 |
}
|
85 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
86 |
// Return emergency contact email address.
|
87 |
function bb2_email() {
|
88 |
+
// return "example@example.com"; // You need to change this.
|
89 |
+
return "badbots@ioerror.us"; // You need to change this.
|
90 |
}
|
91 |
|
92 |
// retrieve settings from database
|
93 |
// Settings are hard-coded for non-database use
|
94 |
function bb2_read_settings() {
|
95 |
global $bb2_settings_defaults;
|
96 |
+
return $bb2_settings_defaults;
|
|
|
97 |
}
|
98 |
|
99 |
// write settings to database
|
bad-behavior-mediawiki.php
CHANGED
@@ -25,8 +25,6 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
25 |
if (!defined('MEDIAWIKI')) die();
|
26 |
|
27 |
// Settings you can adjust for Bad Behavior.
|
28 |
-
// DO NOT EDIT HERE; instead make changes in settings.ini.
|
29 |
-
// These settings are used when settings.ini is not present.
|
30 |
$bb2_settings_defaults = array(
|
31 |
'log_table' => $wgDBprefix . 'bad_behavior',
|
32 |
'display_stats' => true,
|
@@ -42,7 +40,6 @@ $bb2_settings_defaults = array(
|
|
42 |
define('BB2_CWD', dirname(__FILE__));
|
43 |
|
44 |
// Bad Behavior callback functions.
|
45 |
-
require_once("bad-behavior-mysql.php");
|
46 |
|
47 |
// Return current time in the format preferred by your database.
|
48 |
function bb2_db_date() {
|
@@ -93,8 +90,7 @@ function bb2_email() {
|
|
93 |
// retrieve settings from database
|
94 |
function bb2_read_settings() {
|
95 |
global $bb2_settings_defaults;
|
96 |
-
$
|
97 |
-
return array_merge($bb2_settings_defaults, $settings);
|
98 |
}
|
99 |
|
100 |
// This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
|
25 |
if (!defined('MEDIAWIKI')) die();
|
26 |
|
27 |
// Settings you can adjust for Bad Behavior.
|
|
|
|
|
28 |
$bb2_settings_defaults = array(
|
29 |
'log_table' => $wgDBprefix . 'bad_behavior',
|
30 |
'display_stats' => true,
|
40 |
define('BB2_CWD', dirname(__FILE__));
|
41 |
|
42 |
// Bad Behavior callback functions.
|
|
|
43 |
|
44 |
// Return current time in the format preferred by your database.
|
45 |
function bb2_db_date() {
|
90 |
// retrieve settings from database
|
91 |
function bb2_read_settings() {
|
92 |
global $bb2_settings_defaults;
|
93 |
+
return $bb2_settings_defaults;
|
|
|
94 |
}
|
95 |
|
96 |
// This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
|
bad-behavior-mysql.php
DELETED
@@ -1,46 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
// Our log table structure
|
4 |
-
function bb2_table_structure($name)
|
5 |
-
{
|
6 |
-
// It's not paranoia if they really are out to get you.
|
7 |
-
$name_escaped = bb2_db_escape($name);
|
8 |
-
return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
|
9 |
-
`id` INT(11) NOT NULL auto_increment,
|
10 |
-
`ip` TEXT NOT NULL,
|
11 |
-
`date` DATETIME NOT NULL default '0000-00-00 00:00:00',
|
12 |
-
`request_method` TEXT NOT NULL,
|
13 |
-
`request_uri` TEXT NOT NULL,
|
14 |
-
`server_protocol` TEXT NOT NULL,
|
15 |
-
`http_headers` TEXT NOT NULL,
|
16 |
-
`user_agent` TEXT NOT NULL,
|
17 |
-
`request_entity` TEXT NOT NULL,
|
18 |
-
`key` TEXT NOT NULL,
|
19 |
-
INDEX (`ip`(15)),
|
20 |
-
INDEX (`user_agent`(10)),
|
21 |
-
PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
|
22 |
-
}
|
23 |
-
|
24 |
-
// Insert a new record
|
25 |
-
function bb2_insert($settings, $package, $key)
|
26 |
-
{
|
27 |
-
$ip = bb2_db_escape($package['ip']);
|
28 |
-
$date = bb2_db_date();
|
29 |
-
$request_method = bb2_db_escape($package['request_method']);
|
30 |
-
$request_uri = bb2_db_escape($package['request_uri']);
|
31 |
-
$server_protocol = bb2_db_escape($package['server_protocol']);
|
32 |
-
$user_agent = bb2_db_escape($package['user_agent']);
|
33 |
-
$headers = "$request_method $request_uri $server_protocol\n";
|
34 |
-
foreach ($package['headers'] as $h => $v) {
|
35 |
-
$headers .= bb2_db_escape("$h: $v\n");
|
36 |
-
}
|
37 |
-
$request_entity = "";
|
38 |
-
if (!strcasecmp($request_method, "POST")) {
|
39 |
-
foreach ($package['request_entity'] as $h => $v) {
|
40 |
-
$request_entity .= bb2_db_escape("$h: $v\n");
|
41 |
-
}
|
42 |
-
}
|
43 |
-
return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
|
44 |
-
(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
|
45 |
-
('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
|
46 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bad-behavior-wordpress-admin.php
CHANGED
@@ -179,7 +179,7 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
|
|
179 |
$host .= "<br/>\n";
|
180 |
}
|
181 |
echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
|
182 |
-
if ($httpbl) echo "<br/><br
|
183 |
echo "</td>\n";
|
184 |
$headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
|
185 |
if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
|
@@ -270,7 +270,7 @@ function bb2_options()
|
|
270 |
?>
|
271 |
<div class="wrap">
|
272 |
<h2><?php _e("Bad Behavior"); ?></h2>
|
273 |
-
<form method="post" action="<?php echo $
|
274 |
<p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
|
275 |
<p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
|
276 |
|
179 |
$host .= "<br/>\n";
|
180 |
}
|
181 |
echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
|
182 |
+
if ($httpbl) echo "<br/><br/>http:BL:<br/>$httpbl\n";
|
183 |
echo "</td>\n";
|
184 |
$headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
|
185 |
if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
|
270 |
?>
|
271 |
<div class="wrap">
|
272 |
<h2><?php _e("Bad Behavior"); ?></h2>
|
273 |
+
<form method="post" action="<?php echo $request_uri; ?>">
|
274 |
<p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
|
275 |
<p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
|
276 |
|
bad-behavior-wordpress.php
CHANGED
@@ -1,7 +1,7 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: Bad Behavior
|
4 |
-
Version: 2.
|
5 |
Description: Deny automated spambots access to your PHP-based Web site.
|
6 |
Plugin URI: http://www.bad-behavior.ioerror.us/
|
7 |
Author: Michael Hampton
|
@@ -44,7 +44,6 @@ $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
|
|
44 |
define('BB2_CWD', dirname(__FILE__));
|
45 |
|
46 |
// Bad Behavior callback functions.
|
47 |
-
require_once("bad-behavior-mysql.php");
|
48 |
|
49 |
// Return current time in the format preferred by your database.
|
50 |
function bb2_db_date() {
|
@@ -141,10 +140,6 @@ function bb2_insert_stats($force = false) {
|
|
141 |
echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
|
142 |
}
|
143 |
}
|
144 |
-
if (@!empty($_SESSION['BB2_RESULT'])) {
|
145 |
-
echo sprintf("\n<!-- Bad Behavior result was %s! This request would have been blocked. -->\n", $_SESSION['BB2_RESULT']);
|
146 |
-
unset($_SESSION['BB2_RESULT']);
|
147 |
-
}
|
148 |
}
|
149 |
|
150 |
// Return the top-level relative path of wherever we are (for cookies)
|
@@ -170,7 +165,7 @@ if (is_admin() || strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge
|
|
170 |
require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
|
171 |
}
|
172 |
|
173 |
-
|
174 |
|
175 |
$bb2_mtime = explode(" ", microtime());
|
176 |
$bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: Bad Behavior
|
4 |
+
Version: 2.0.39
|
5 |
Description: Deny automated spambots access to your PHP-based Web site.
|
6 |
Plugin URI: http://www.bad-behavior.ioerror.us/
|
7 |
Author: Michael Hampton
|
44 |
define('BB2_CWD', dirname(__FILE__));
|
45 |
|
46 |
// Bad Behavior callback functions.
|
|
|
47 |
|
48 |
// Return current time in the format preferred by your database.
|
49 |
function bb2_db_date() {
|
140 |
echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
|
141 |
}
|
142 |
}
|
|
|
|
|
|
|
|
|
143 |
}
|
144 |
|
145 |
// Return the top-level relative path of wherever we are (for cookies)
|
165 |
require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
|
166 |
}
|
167 |
|
168 |
+
bb2_start(bb2_read_settings());
|
169 |
|
170 |
$bb2_mtime = explode(" ", microtime());
|
171 |
$bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
|
bad-behavior/banned.inc.php
CHANGED
@@ -5,7 +5,7 @@
|
|
5 |
|
6 |
require_once(BB2_CORE . "/responses.inc.php");
|
7 |
|
8 |
-
function bb2_display_denial($settings, $
|
9 |
{
|
10 |
define('DONOTCACHEPAGE', true); // WP Super Cache
|
11 |
if (!$previous_key) $previous_key = $key;
|
@@ -13,7 +13,7 @@ function bb2_display_denial($settings, $package, $key, $previous_key = false)
|
|
13 |
// FIXME: lookup the real key
|
14 |
}
|
15 |
// Create support key
|
16 |
-
$ip = explode(".", $
|
17 |
$ip_hex = "";
|
18 |
foreach ($ip as $octet) {
|
19 |
$ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
|
@@ -24,7 +24,7 @@ function bb2_display_denial($settings, $package, $key, $previous_key = false)
|
|
24 |
$response = bb2_get_response($previous_key);
|
25 |
header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
|
26 |
header("Status: " . $response['response'] . " Bad Behavior");
|
27 |
-
$request_uri = $_SERVER[
|
28 |
if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
|
29 |
?>
|
30 |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
5 |
|
6 |
require_once(BB2_CORE . "/responses.inc.php");
|
7 |
|
8 |
+
function bb2_display_denial($settings, $key, $previous_key = false)
|
9 |
{
|
10 |
define('DONOTCACHEPAGE', true); // WP Super Cache
|
11 |
if (!$previous_key) $previous_key = $key;
|
13 |
// FIXME: lookup the real key
|
14 |
}
|
15 |
// Create support key
|
16 |
+
$ip = explode(".", $_SERVER['REMOTE_ADDR']);
|
17 |
$ip_hex = "";
|
18 |
foreach ($ip as $octet) {
|
19 |
$ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
|
24 |
$response = bb2_get_response($previous_key);
|
25 |
header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
|
26 |
header("Status: " . $response['response'] . " Bad Behavior");
|
27 |
+
$request_uri = $_SERVER['REQUEST_URI'];
|
28 |
if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
|
29 |
?>
|
30 |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
bad-behavior/blackhole.inc.php
CHANGED
@@ -1,5 +1,10 @@
|
|
1 |
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
|
|
|
|
|
|
|
|
|
|
|
3 |
// Look up address on various blackhole lists.
|
4 |
// These should not be used for GET requests under any circumstances!
|
5 |
// FIXME: Note that this code is no longer in use
|
1 |
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
|
3 |
+
// Quick and dirty check for an IPv6 address
|
4 |
+
function is_ipv6($address) {
|
5 |
+
return (strpos($address, ":")) ? TRUE : FALSE;
|
6 |
+
}
|
7 |
+
|
8 |
// Look up address on various blackhole lists.
|
9 |
// These should not be used for GET requests under any circumstances!
|
10 |
// FIXME: Note that this code is no longer in use
|
bad-behavior/blacklist.inc.php
CHANGED
@@ -34,7 +34,7 @@ function bb2_blacklist($package) {
|
|
34 |
"Mozilla ", // malicious software
|
35 |
"Mozilla/2", // malicious software
|
36 |
"Mozilla/4.0(", // from honeypot
|
37 |
-
"Mozilla/4.0+(", // suspicious harvester
|
38 |
"MSIE", // malicious software
|
39 |
"NutchCVS", // unidentified robots
|
40 |
"Nutscrape/", // misc comment spam
|
@@ -69,12 +69,11 @@ function bb2_blacklist($package) {
|
|
69 |
"grub-client", // search engine ignores robots.txt
|
70 |
"hanzoweb", // very badly behaved crawler
|
71 |
"Indy Library", // misc comment/email spam
|
72 |
-
"
|
73 |
"Murzillo compatible", // comment spam bot
|
74 |
".NET CLR 1)", // free poker, etc.
|
75 |
"POE-Component-Client", // free poker, etc.
|
76 |
"Turing Machine", // www.anonymizer.com abuse
|
77 |
-
"unspecified.mail", // stealth harvesters
|
78 |
"User-agent: ", // spam harvester/splogger
|
79 |
"WebaltBot", // spam harvester
|
80 |
"WISEbot", // spam harvester
|
@@ -84,7 +83,6 @@ function bb2_blacklist($package) {
|
|
84 |
"Windows NT 5.1;)", // wikispam bot
|
85 |
"Windows XP 5", // spam harvester
|
86 |
"WordPress/4.01", // pingback spam
|
87 |
-
"Xedant Human Emulator",// spammer script engine
|
88 |
"\\\\)", // spam harvester
|
89 |
);
|
90 |
|
34 |
"Mozilla ", // malicious software
|
35 |
"Mozilla/2", // malicious software
|
36 |
"Mozilla/4.0(", // from honeypot
|
37 |
+
"Mozilla/4.0+(compatible;+", // suspicious harvester
|
38 |
"MSIE", // malicious software
|
39 |
"NutchCVS", // unidentified robots
|
40 |
"Nutscrape/", // misc comment spam
|
69 |
"grub-client", // search engine ignores robots.txt
|
70 |
"hanzoweb", // very badly behaved crawler
|
71 |
"Indy Library", // misc comment/email spam
|
72 |
+
"larbin@unspecified", // stealth harvesters
|
73 |
"Murzillo compatible", // comment spam bot
|
74 |
".NET CLR 1)", // free poker, etc.
|
75 |
"POE-Component-Client", // free poker, etc.
|
76 |
"Turing Machine", // www.anonymizer.com abuse
|
|
|
77 |
"User-agent: ", // spam harvester/splogger
|
78 |
"WebaltBot", // spam harvester
|
79 |
"WISEbot", // spam harvester
|
83 |
"Windows NT 5.1;)", // wikispam bot
|
84 |
"Windows XP 5", // spam harvester
|
85 |
"WordPress/4.01", // pingback spam
|
|
|
86 |
"\\\\)", // spam harvester
|
87 |
);
|
88 |
|
bad-behavior/cloudflare.inc.php
DELETED
@@ -1,15 +0,0 @@
|
|
1 |
-
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
-
|
3 |
-
// Analyze requests claiming to be from CloudFlare
|
4 |
-
|
5 |
-
require_once(BB2_CORE . "/roundtripdns.inc.php");
|
6 |
-
|
7 |
-
function bb2_cloudflare($package)
|
8 |
-
{
|
9 |
-
if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
|
10 |
-
return '70e45496';
|
11 |
-
}
|
12 |
-
return false;
|
13 |
-
}
|
14 |
-
|
15 |
-
?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bad-behavior/common_tests.inc.php
CHANGED
@@ -4,8 +4,9 @@
|
|
4 |
|
5 |
function bb2_protocol($settings, $package)
|
6 |
{
|
|
|
7 |
// Always run this test; we should never see Expect:
|
8 |
-
if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
|
9 |
return "a0105122";
|
10 |
}
|
11 |
|
@@ -68,6 +69,7 @@ function bb2_misc_headers($settings, $package)
|
|
68 |
// Lowercase via is used by open proxies/referrer spammers
|
69 |
// Exceptions: Clearswift uses lowercase via (refuses to fix;
|
70 |
// may be blocked again in the future)
|
|
|
71 |
if (array_key_exists('via', $package['headers']) &&
|
72 |
strpos($package['headers']['via'],'Clearswift') === FALSE &&
|
73 |
strpos($ua,'CoralWebPrx') === FALSE) {
|
@@ -104,12 +106,6 @@ function bb2_misc_headers($settings, $package)
|
|
104 |
if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
|
105 |
return "a52f0448";
|
106 |
}
|
107 |
-
// Keep-Alive format in RFC 2068; some bots mangle these headers
|
108 |
-
if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
|
109 |
-
return "b0924802";
|
110 |
-
}
|
111 |
-
// Close should not be oddly capitalized
|
112 |
-
|
113 |
}
|
114 |
|
115 |
|
4 |
|
5 |
function bb2_protocol($settings, $package)
|
6 |
{
|
7 |
+
// Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
|
8 |
// Always run this test; we should never see Expect:
|
9 |
+
if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
|
10 |
return "a0105122";
|
11 |
}
|
12 |
|
69 |
// Lowercase via is used by open proxies/referrer spammers
|
70 |
// Exceptions: Clearswift uses lowercase via (refuses to fix;
|
71 |
// may be blocked again in the future)
|
72 |
+
// Coral CDN uses lowercase via
|
73 |
if (array_key_exists('via', $package['headers']) &&
|
74 |
strpos($package['headers']['via'],'Clearswift') === FALSE &&
|
75 |
strpos($ua,'CoralWebPrx') === FALSE) {
|
106 |
if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
|
107 |
return "a52f0448";
|
108 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
109 |
}
|
110 |
|
111 |
|
bad-behavior/core.inc.php
CHANGED
@@ -1,6 +1,6 @@
|
|
1 |
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
|
2 |
|
3 |
-
// Bad Behavior entry point is
|
4 |
// If you're reading this, you are probably lost.
|
5 |
// Go read the bad-behavior-generic.php file.
|
6 |
|
@@ -9,6 +9,51 @@ define('BB2_COOKIE', 'bb2_screener_');
|
|
9 |
|
10 |
require_once(BB2_CORE . "/functions.inc.php");
|
11 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12 |
// Kill 'em all!
|
13 |
function bb2_banned($settings, $package, $key, $previous_key=false)
|
14 |
{
|
@@ -16,7 +61,7 @@ function bb2_banned($settings, $package, $key, $previous_key=false)
|
|
16 |
sleep(2);
|
17 |
|
18 |
require_once(BB2_CORE . "/banned.inc.php");
|
19 |
-
bb2_display_denial($settings, $
|
20 |
bb2_log_denial($settings, $package, $key, $previous_key);
|
21 |
if (is_callable('bb2_banned_callback')) {
|
22 |
bb2_banned_callback($settings, $package, $key);
|
@@ -40,6 +85,18 @@ function bb2_approved($settings, $package)
|
|
40 |
}
|
41 |
}
|
42 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43 |
|
44 |
// Let God sort 'em out!
|
45 |
function bb2_start($settings)
|
@@ -47,7 +104,7 @@ function bb2_start($settings)
|
|
47 |
// Gather up all the information we need, first of all.
|
48 |
$headers = bb2_load_headers();
|
49 |
// Postprocess the headers to mixed-case
|
50 |
-
//
|
51 |
$headers_mixed = array();
|
52 |
foreach ($headers as $h => $v) {
|
53 |
$headers_mixed[uc_all($h)] = $v;
|
@@ -55,106 +112,91 @@ function bb2_start($settings)
|
|
55 |
|
56 |
// IPv6 - IPv4 compatibility mode hack
|
57 |
$_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
58 |
|
59 |
// Reconstruct the HTTP entity, if present.
|
60 |
$request_entity = array();
|
61 |
-
if (!strcasecmp($
|
62 |
foreach ($_POST as $h => $v) {
|
63 |
$request_entity[$h] = $v;
|
64 |
}
|
65 |
}
|
66 |
|
67 |
-
$
|
68 |
-
if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
|
69 |
-
|
70 |
-
# Nasty CloudFlare hack provided by butchs at simplemachines
|
71 |
-
$ip_temp = preg_replace("/^::ffff:/", "", (array_key_exists('Cf-Connecting-Ip', $headers_mixed)) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR']);
|
72 |
-
$cloudflare_ip = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
|
73 |
-
|
74 |
-
@$package = array('ip' => $ip_temp, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false, 'cloudflare' => $cloudflare_ip);
|
75 |
|
76 |
-
$result = bb2_screen($settings, $package);
|
77 |
-
if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
|
78 |
-
return $result;
|
79 |
-
}
|
80 |
-
|
81 |
-
function bb2_screen($settings, $package)
|
82 |
-
{
|
83 |
// Please proceed to the security checkpoint and have your
|
84 |
// identification and boarding pass ready.
|
85 |
|
86 |
-
// Check for CloudFlare CDN since IP to be screened may be different
|
87 |
-
// Thanks to butchs at Simple Machines
|
88 |
-
if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
|
89 |
-
require_once(BB2_CORE . "/cloudflare.inc.php");
|
90 |
-
$r = bb2_cloudflare($package);
|
91 |
-
if ($r !== false && $r != $package['ip']) return $r;
|
92 |
-
}
|
93 |
-
|
94 |
// First check the whitelist
|
95 |
require_once(BB2_CORE . "/whitelist.inc.php");
|
96 |
if (!bb2_whitelist($package)) {
|
97 |
// Now check the blacklist
|
98 |
require_once(BB2_CORE . "/blacklist.inc.php");
|
99 |
-
|
100 |
|
101 |
// Check the http:BL
|
102 |
require_once(BB2_CORE . "/blackhole.inc.php");
|
103 |
-
|
104 |
|
105 |
// Check for common stuff
|
106 |
require_once(BB2_CORE . "/common_tests.inc.php");
|
107 |
-
|
108 |
-
|
109 |
-
|
110 |
|
111 |
// Specific checks
|
112 |
-
@$ua = $
|
113 |
// MSIE checks
|
114 |
-
if (stripos($ua, "
|
115 |
$package['is_browser'] = true;
|
116 |
if (stripos($ua, "Opera") !== FALSE) {
|
117 |
require_once(BB2_CORE . "/opera.inc.php");
|
118 |
-
|
119 |
} else {
|
120 |
require_once(BB2_CORE . "/msie.inc.php");
|
121 |
-
|
122 |
}
|
123 |
} elseif (stripos($ua, "Konqueror") !== FALSE) {
|
124 |
$package['is_browser'] = true;
|
125 |
require_once(BB2_CORE . "/konqueror.inc.php");
|
126 |
-
|
127 |
} elseif (stripos($ua, "Opera") !== FALSE) {
|
128 |
$package['is_browser'] = true;
|
129 |
require_once(BB2_CORE . "/opera.inc.php");
|
130 |
-
|
131 |
} elseif (stripos($ua, "Safari") !== FALSE) {
|
132 |
$package['is_browser'] = true;
|
133 |
require_once(BB2_CORE . "/safari.inc.php");
|
134 |
-
|
135 |
} elseif (stripos($ua, "Lynx") !== FALSE) {
|
136 |
$package['is_browser'] = true;
|
137 |
require_once(BB2_CORE . "/lynx.inc.php");
|
138 |
-
|
139 |
} elseif (stripos($ua, "MovableType") !== FALSE) {
|
140 |
require_once(BB2_CORE . "/movabletype.inc.php");
|
141 |
-
|
142 |
} elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
|
143 |
require_once(BB2_CORE . "/msnbot.inc.php");
|
144 |
-
|
145 |
} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
|
146 |
require_once(BB2_CORE . "/google.inc.php");
|
147 |
-
|
148 |
} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
|
149 |
$package['is_browser'] = true;
|
150 |
require_once(BB2_CORE . "/mozilla.inc.php");
|
151 |
-
|
152 |
}
|
153 |
|
154 |
// More intensive screening applies to POST requests
|
155 |
if (!strcasecmp('POST', $package['request_method'])) {
|
156 |
require_once(BB2_CORE . "/post.inc.php");
|
157 |
-
|
158 |
}
|
159 |
}
|
160 |
|
@@ -164,6 +206,6 @@ function bb2_screen($settings, $package)
|
|
164 |
|
165 |
// And that's about it.
|
166 |
bb2_approved($settings, $package);
|
167 |
-
return
|
168 |
}
|
169 |
?>
|
1 |
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
|
2 |
|
3 |
+
// Bad Behavior entry point is start_bad_behavior().
|
4 |
// If you're reading this, you are probably lost.
|
5 |
// Go read the bad-behavior-generic.php file.
|
6 |
|
9 |
|
10 |
require_once(BB2_CORE . "/functions.inc.php");
|
11 |
|
12 |
+
// Our log table structure
|
13 |
+
function bb2_table_structure($name)
|
14 |
+
{
|
15 |
+
// It's not paranoia if they really are out to get you.
|
16 |
+
$name_escaped = bb2_db_escape($name);
|
17 |
+
return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
|
18 |
+
`id` INT(11) NOT NULL auto_increment,
|
19 |
+
`ip` TEXT NOT NULL,
|
20 |
+
`date` DATETIME NOT NULL default '0000-00-00 00:00:00',
|
21 |
+
`request_method` TEXT NOT NULL,
|
22 |
+
`request_uri` TEXT NOT NULL,
|
23 |
+
`server_protocol` TEXT NOT NULL,
|
24 |
+
`http_headers` TEXT NOT NULL,
|
25 |
+
`user_agent` TEXT NOT NULL,
|
26 |
+
`request_entity` TEXT NOT NULL,
|
27 |
+
`key` TEXT NOT NULL,
|
28 |
+
INDEX (`ip`(15)),
|
29 |
+
INDEX (`user_agent`(10)),
|
30 |
+
PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
|
31 |
+
}
|
32 |
+
|
33 |
+
// Insert a new record
|
34 |
+
function bb2_insert($settings, $package, $key)
|
35 |
+
{
|
36 |
+
$ip = bb2_db_escape($package['ip']);
|
37 |
+
$date = bb2_db_date();
|
38 |
+
$request_method = bb2_db_escape($package['request_method']);
|
39 |
+
$request_uri = bb2_db_escape($package['request_uri']);
|
40 |
+
$server_protocol = bb2_db_escape($package['server_protocol']);
|
41 |
+
$user_agent = bb2_db_escape($package['user_agent']);
|
42 |
+
$headers = "$request_method $request_uri $server_protocol\n";
|
43 |
+
foreach ($package['headers'] as $h => $v) {
|
44 |
+
$headers .= bb2_db_escape("$h: $v\n");
|
45 |
+
}
|
46 |
+
$request_entity = "";
|
47 |
+
if (!strcasecmp($request_method, "POST")) {
|
48 |
+
foreach ($package['request_entity'] as $h => $v) {
|
49 |
+
$request_entity .= bb2_db_escape("$h: $v\n");
|
50 |
+
}
|
51 |
+
}
|
52 |
+
return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
|
53 |
+
(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
|
54 |
+
('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
|
55 |
+
}
|
56 |
+
|
57 |
// Kill 'em all!
|
58 |
function bb2_banned($settings, $package, $key, $previous_key=false)
|
59 |
{
|
61 |
sleep(2);
|
62 |
|
63 |
require_once(BB2_CORE . "/banned.inc.php");
|
64 |
+
bb2_display_denial($settings, $key, $previous_key);
|
65 |
bb2_log_denial($settings, $package, $key, $previous_key);
|
66 |
if (is_callable('bb2_banned_callback')) {
|
67 |
bb2_banned_callback($settings, $package, $key);
|
85 |
}
|
86 |
}
|
87 |
|
88 |
+
// Check the results of a particular test; see below for usage
|
89 |
+
// Returns FALSE if test passed (yes this is backwards)
|
90 |
+
function bb2_test($settings, $package, $result)
|
91 |
+
{
|
92 |
+
if ($result !== FALSE)
|
93 |
+
{
|
94 |
+
bb2_banned($settings, $package, $result);
|
95 |
+
return TRUE;
|
96 |
+
}
|
97 |
+
return FALSE;
|
98 |
+
}
|
99 |
+
|
100 |
|
101 |
// Let God sort 'em out!
|
102 |
function bb2_start($settings)
|
104 |
// Gather up all the information we need, first of all.
|
105 |
$headers = bb2_load_headers();
|
106 |
// Postprocess the headers to mixed-case
|
107 |
+
// FIXME: get the world to stop using PHP as CGI
|
108 |
$headers_mixed = array();
|
109 |
foreach ($headers as $h => $v) {
|
110 |
$headers_mixed[uc_all($h)] = $v;
|
112 |
|
113 |
// IPv6 - IPv4 compatibility mode hack
|
114 |
$_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
|
115 |
+
// We use these frequently. Keep a copy close at hand.
|
116 |
+
$ip = $_SERVER['REMOTE_ADDR'];
|
117 |
+
$request_method = $_SERVER['REQUEST_METHOD'];
|
118 |
+
$request_uri = $_SERVER['REQUEST_URI'];
|
119 |
+
if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
|
120 |
+
$server_protocol = $_SERVER['SERVER_PROTOCOL'];
|
121 |
+
@$user_agent = $_SERVER['HTTP_USER_AGENT'];
|
122 |
|
123 |
// Reconstruct the HTTP entity, if present.
|
124 |
$request_entity = array();
|
125 |
+
if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
|
126 |
foreach ($_POST as $h => $v) {
|
127 |
$request_entity[$h] = $v;
|
128 |
}
|
129 |
}
|
130 |
|
131 |
+
$package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
132 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
133 |
// Please proceed to the security checkpoint and have your
|
134 |
// identification and boarding pass ready.
|
135 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
136 |
// First check the whitelist
|
137 |
require_once(BB2_CORE . "/whitelist.inc.php");
|
138 |
if (!bb2_whitelist($package)) {
|
139 |
// Now check the blacklist
|
140 |
require_once(BB2_CORE . "/blacklist.inc.php");
|
141 |
+
bb2_test($settings, $package, bb2_blacklist($package));
|
142 |
|
143 |
// Check the http:BL
|
144 |
require_once(BB2_CORE . "/blackhole.inc.php");
|
145 |
+
bb2_test($settings, $package, bb2_httpbl($settings, $package));
|
146 |
|
147 |
// Check for common stuff
|
148 |
require_once(BB2_CORE . "/common_tests.inc.php");
|
149 |
+
bb2_test($settings, $package, bb2_protocol($settings, $package));
|
150 |
+
bb2_test($settings, $package, bb2_cookies($settings, $package));
|
151 |
+
bb2_test($settings, $package, bb2_misc_headers($settings, $package));
|
152 |
|
153 |
// Specific checks
|
154 |
+
@$ua = $headers_mixed['User-Agent'];
|
155 |
// MSIE checks
|
156 |
+
if (stripos($ua, "MSIE") !== FALSE) {
|
157 |
$package['is_browser'] = true;
|
158 |
if (stripos($ua, "Opera") !== FALSE) {
|
159 |
require_once(BB2_CORE . "/opera.inc.php");
|
160 |
+
bb2_test($settings, $package, bb2_opera($package));
|
161 |
} else {
|
162 |
require_once(BB2_CORE . "/msie.inc.php");
|
163 |
+
bb2_test($settings, $package, bb2_msie($package));
|
164 |
}
|
165 |
} elseif (stripos($ua, "Konqueror") !== FALSE) {
|
166 |
$package['is_browser'] = true;
|
167 |
require_once(BB2_CORE . "/konqueror.inc.php");
|
168 |
+
bb2_test($settings, $package, bb2_konqueror($package));
|
169 |
} elseif (stripos($ua, "Opera") !== FALSE) {
|
170 |
$package['is_browser'] = true;
|
171 |
require_once(BB2_CORE . "/opera.inc.php");
|
172 |
+
bb2_test($settings, $package, bb2_opera($package));
|
173 |
} elseif (stripos($ua, "Safari") !== FALSE) {
|
174 |
$package['is_browser'] = true;
|
175 |
require_once(BB2_CORE . "/safari.inc.php");
|
176 |
+
bb2_test($settings, $package, bb2_safari($package));
|
177 |
} elseif (stripos($ua, "Lynx") !== FALSE) {
|
178 |
$package['is_browser'] = true;
|
179 |
require_once(BB2_CORE . "/lynx.inc.php");
|
180 |
+
bb2_test($settings, $package, bb2_lynx($package));
|
181 |
} elseif (stripos($ua, "MovableType") !== FALSE) {
|
182 |
require_once(BB2_CORE . "/movabletype.inc.php");
|
183 |
+
bb2_test($settings, $package, bb2_movabletype($package));
|
184 |
} elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
|
185 |
require_once(BB2_CORE . "/msnbot.inc.php");
|
186 |
+
bb2_test($settings, $package, bb2_msnbot($package));
|
187 |
} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
|
188 |
require_once(BB2_CORE . "/google.inc.php");
|
189 |
+
bb2_test($settings, $package, bb2_google($package));
|
190 |
} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
|
191 |
$package['is_browser'] = true;
|
192 |
require_once(BB2_CORE . "/mozilla.inc.php");
|
193 |
+
bb2_test($settings, $package, bb2_mozilla($package));
|
194 |
}
|
195 |
|
196 |
// More intensive screening applies to POST requests
|
197 |
if (!strcasecmp('POST', $package['request_method'])) {
|
198 |
require_once(BB2_CORE . "/post.inc.php");
|
199 |
+
bb2_test($settings, $package, bb2_post($settings, $package));
|
200 |
}
|
201 |
}
|
202 |
|
206 |
|
207 |
// And that's about it.
|
208 |
bb2_approved($settings, $package);
|
209 |
+
return true;
|
210 |
}
|
211 |
?>
|
bad-behavior/functions.inc.php
CHANGED
@@ -2,11 +2,6 @@
|
|
2 |
|
3 |
// Miscellaneous helper functions.
|
4 |
|
5 |
-
// Quick and dirty check for an IPv6 address
|
6 |
-
function is_ipv6($address) {
|
7 |
-
return (strpos($address, ":")) ? TRUE : FALSE;
|
8 |
-
}
|
9 |
-
|
10 |
// stripos() needed because stripos is only present on PHP 5
|
11 |
if (!function_exists('stripos')) {
|
12 |
function stripos($haystack,$needle,$offset = 0) {
|
@@ -64,7 +59,7 @@ function bb2_load_headers() {
|
|
64 |
if (!is_callable('getallheaders')) {
|
65 |
$headers = array();
|
66 |
foreach ($_SERVER as $h => $v)
|
67 |
-
if (
|
68 |
$headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
|
69 |
} else {
|
70 |
$headers = getallheaders();
|
2 |
|
3 |
// Miscellaneous helper functions.
|
4 |
|
|
|
|
|
|
|
|
|
|
|
5 |
// stripos() needed because stripos is only present on PHP 5
|
6 |
if (!function_exists('stripos')) {
|
7 |
function stripos($haystack,$needle,$offset = 0) {
|
59 |
if (!is_callable('getallheaders')) {
|
60 |
$headers = array();
|
61 |
foreach ($_SERVER as $h => $v)
|
62 |
+
if (preg_match('/HTTP_(.+)/', $h, $hp))
|
63 |
$headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
|
64 |
} else {
|
65 |
$headers = getallheaders();
|
bad-behavior/google.inc.php
CHANGED
@@ -2,14 +2,9 @@
|
|
2 |
|
3 |
// Analyze user agents claiming to be Googlebot
|
4 |
|
5 |
-
require_once(BB2_CORE . "/roundtripdns.inc.php");
|
6 |
-
|
7 |
function bb2_google($package)
|
8 |
{
|
9 |
-
|
10 |
-
# return "f1182195";
|
11 |
-
# }
|
12 |
-
if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
|
13 |
return "f1182195";
|
14 |
}
|
15 |
return false;
|
2 |
|
3 |
// Analyze user agents claiming to be Googlebot
|
4 |
|
|
|
|
|
5 |
function bb2_google($package)
|
6 |
{
|
7 |
+
if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
|
|
|
|
|
|
|
8 |
return "f1182195";
|
9 |
}
|
10 |
return false;
|
bad-behavior/msnbot.inc.php
CHANGED
@@ -2,14 +2,9 @@
|
|
2 |
|
3 |
// Analyze user agents claiming to be msnbot
|
4 |
|
5 |
-
require_once(BB2_CORE . "/roundtripdns.inc.php");
|
6 |
-
|
7 |
function bb2_msnbot($package)
|
8 |
{
|
9 |
-
|
10 |
-
# return "e4de0453";
|
11 |
-
# }
|
12 |
-
if (!bb2_roundtripdns($package['ip'], "msn.com")) {
|
13 |
return "e4de0453";
|
14 |
}
|
15 |
return false;
|
2 |
|
3 |
// Analyze user agents claiming to be msnbot
|
4 |
|
|
|
|
|
5 |
function bb2_msnbot($package)
|
6 |
{
|
7 |
+
if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
|
|
|
|
|
|
|
8 |
return "e4de0453";
|
9 |
}
|
10 |
return false;
|
bad-behavior/post.inc.php
CHANGED
@@ -5,7 +5,7 @@ function bb2_post($settings, $package)
|
|
5 |
{
|
6 |
// Check blackhole lists for known spam/malicious activity
|
7 |
// require_once(BB2_CORE . "/blackhole.inc.php");
|
8 |
-
//
|
9 |
|
10 |
// MovableType needs specialized screening
|
11 |
if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
|
5 |
{
|
6 |
// Check blackhole lists for known spam/malicious activity
|
7 |
// require_once(BB2_CORE . "/blackhole.inc.php");
|
8 |
+
// bb2_test($settings, $package, bb2_blackhole($package));
|
9 |
|
10 |
// MovableType needs specialized screening
|
11 |
if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
|
bad-behavior/responses.inc.php
CHANGED
@@ -19,7 +19,6 @@ function bb2_get_response($key) {
|
|
19 |
'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
|
20 |
'69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
|
21 |
'6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
|
22 |
-
'70e45496' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User agent claimed to be CloudFlare, claim appears false'),
|
23 |
'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
|
24 |
'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
|
25 |
'7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
|
@@ -29,7 +28,6 @@ function bb2_get_response($key) {
|
|
29 |
'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
|
30 |
'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
|
31 |
'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
|
32 |
-
'b0924802' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by malicious software on your computer.', 'log' => 'Incorrect form of HTTP/1.0 Keep-Alive'),
|
33 |
'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
|
34 |
'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
|
35 |
'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
|
19 |
'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
|
20 |
'69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
|
21 |
'6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
|
|
|
22 |
'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
|
23 |
'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
|
24 |
'7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
|
28 |
'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
|
29 |
'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
|
30 |
'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
|
|
|
31 |
'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
|
32 |
'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
|
33 |
'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
|
bad-behavior/roundtripdns.inc.php
DELETED
@@ -1,20 +0,0 @@
|
|
1 |
-
<?php if (!defined('BB2_CORE')) die("I said no cheating!");
|
2 |
-
|
3 |
-
# Round trip DNS verification
|
4 |
-
|
5 |
-
# Returns TRUE if DNS matches; FALSE on mismatch
|
6 |
-
# Returns $ip if an error occurs
|
7 |
-
# TODO: Not IPv6 safe
|
8 |
-
# FIXME: Returns false on DNS server failure; PHP provides no distinction
|
9 |
-
# between no records and error condition
|
10 |
-
function bb2_roundtripdns($ip,$domain)
|
11 |
-
{
|
12 |
-
if (@is_ipv6($ip)) return $ip;
|
13 |
-
|
14 |
-
$host = gethostbyaddr($ip);
|
15 |
-
$host_result = strpos(strrev($host), strrev($domain));
|
16 |
-
if ($host_result === false || $host_result > 0) return false;
|
17 |
-
$addrs = gethostbynamel($host);
|
18 |
-
if (in_array($ip, $addrs)) return true;
|
19 |
-
return false;
|
20 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bad-behavior/version.inc.php
CHANGED
@@ -1,3 +1,3 @@
|
|
1 |
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
|
2 |
-
define('BB2_VERSION', "2.
|
3 |
?>
|
1 |
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
|
2 |
+
define('BB2_VERSION', "2.0.39");
|
3 |
?>
|
bad-behavior/whitelist.inc.php
CHANGED
@@ -2,25 +2,78 @@
|
|
2 |
|
3 |
function bb2_whitelist($package)
|
4 |
{
|
5 |
-
|
6 |
|
7 |
-
|
8 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9 |
if (match_cidr($package['ip'], $range)) return true;
|
10 |
}
|
11 |
}
|
12 |
-
if (
|
13 |
-
foreach ($
|
14 |
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
|
15 |
}
|
16 |
}
|
17 |
-
if (
|
18 |
if (strpos($package['request_uri'], "?") === FALSE) {
|
19 |
$request_uri = $package['request_uri'];
|
20 |
} else {
|
21 |
-
$request_uri = substr($package['request_uri'], 0, strpos($
|
22 |
}
|
23 |
-
foreach ($
|
24 |
if (!strcmp($request_uri, $url)) return true;
|
25 |
}
|
26 |
}
|
2 |
|
3 |
function bb2_whitelist($package)
|
4 |
{
|
5 |
+
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
|
6 |
|
7 |
+
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
|
8 |
+
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
|
9 |
+
// are 100% CERTAIN that you should.
|
10 |
+
|
11 |
+
// IP address ranges use the CIDR format.
|
12 |
+
|
13 |
+
// Includes four examples of whitelisting by IP address and netblock.
|
14 |
+
$bb2_whitelist_ip_ranges = array(
|
15 |
+
"64.191.203.34", // Digg whitelisted as of 2.0.12
|
16 |
+
"208.67.217.130", // Digg whitelisted as of 2.0.12
|
17 |
+
"10.0.0.0/8",
|
18 |
+
"172.16.0.0/12",
|
19 |
+
"192.168.0.0/16",
|
20 |
+
// "127.0.0.1",
|
21 |
+
);
|
22 |
+
|
23 |
+
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
|
24 |
+
|
25 |
+
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
|
26 |
+
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
|
27 |
+
// are 100% CERTAIN that you should.
|
28 |
+
|
29 |
+
// You should not whitelist search engines by user agent. Use the IP
|
30 |
+
// netblock for the search engine instead. See http://whois.arin.net/
|
31 |
+
// to locate the netblocks for an IP.
|
32 |
+
|
33 |
+
// User agents are matched by exact match only.
|
34 |
+
|
35 |
+
// Includes one example of whitelisting by user agent.
|
36 |
+
// All are commented out.
|
37 |
+
$bb2_whitelist_user_agents = array(
|
38 |
+
// "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
|
39 |
+
);
|
40 |
+
|
41 |
+
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
|
42 |
+
|
43 |
+
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
|
44 |
+
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
|
45 |
+
// are 100% CERTAIN that you should.
|
46 |
+
|
47 |
+
// URLs are matched from the first / after the server name up to,
|
48 |
+
// but not including, the ? (if any).
|
49 |
+
|
50 |
+
// Includes two examples of whitelisting by URL.
|
51 |
+
$bb2_whitelist_urls = array(
|
52 |
+
// "/example.php",
|
53 |
+
// "/openid/server",
|
54 |
+
);
|
55 |
+
|
56 |
+
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
|
57 |
+
|
58 |
+
// Do not edit below this line
|
59 |
+
|
60 |
+
if (!empty($bb2_whitelist_ip_ranges)) {
|
61 |
+
foreach ($bb2_whitelist_ip_ranges as $range) {
|
62 |
if (match_cidr($package['ip'], $range)) return true;
|
63 |
}
|
64 |
}
|
65 |
+
if (!empty($bb2_whitelist_user_agents)) {
|
66 |
+
foreach ($bb2_whitelist_user_agents as $user_agent) {
|
67 |
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
|
68 |
}
|
69 |
}
|
70 |
+
if (!empty($bb2_whitelist_urls)) {
|
71 |
if (strpos($package['request_uri'], "?") === FALSE) {
|
72 |
$request_uri = $package['request_uri'];
|
73 |
} else {
|
74 |
+
$request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
|
75 |
}
|
76 |
+
foreach ($bb2_whitelist_urls as $url) {
|
77 |
if (!strcmp($request_uri, $url)) return true;
|
78 |
}
|
79 |
}
|
settings.ini
DELETED
@@ -1,9 +0,0 @@
|
|
1 |
-
[settings]
|
2 |
-
display_stats = true
|
3 |
-
strict = false
|
4 |
-
verbose = false
|
5 |
-
logging = true
|
6 |
-
httpbl_key = ""
|
7 |
-
httpbl_threat = 25
|
8 |
-
httpbl_maxage = 30
|
9 |
-
offsite_forms = false
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
whitelist.ini
DELETED
@@ -1,26 +0,0 @@
|
|
1 |
-
; Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior
|
2 |
-
; to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN
|
3 |
-
; that you should.
|
4 |
-
|
5 |
-
; IP address ranges use the CIDR format.
|
6 |
-
|
7 |
-
[ip]
|
8 |
-
; Digg whitelisted as of 2.0.12
|
9 |
-
ip[] = "64.191.203.34"
|
10 |
-
ip[] = "208.67.217.130"
|
11 |
-
; RFC 1918 addresses
|
12 |
-
ip[] = "10.0.0.0/8"
|
13 |
-
ip[] = "172.16.0.0/12"
|
14 |
-
ip[] = "192.168.0.0/16"
|
15 |
-
|
16 |
-
; User agents are matched by exact match only.
|
17 |
-
|
18 |
-
[useragent]
|
19 |
-
useragent[] = "Mozilla/4.0 (It's me, let me in)"
|
20 |
-
|
21 |
-
; URLs are matched from the first / after the server name up to, but not
|
22 |
-
; including, the ? (if any). The URL to be whitelisted is a URL on YOUR site.
|
23 |
-
|
24 |
-
[url]
|
25 |
-
url[] = "/example.php"
|
26 |
-
url[] = "/openid/server"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|