Bad Behavior - Version 2.0.39

Version Description

Download this release

Release Info

Developer error
Plugin Icon wp plugin Bad Behavior
Version 2.0.39
Comparing to
See all releases

Code changes from version 2.1.7 to 2.0.39

README.txt CHANGED
@@ -3,8 +3,8 @@ Tags: comment,trackback,referrer,spam,robot,antispam
3
  Contributors: error, MarkJaquith, Firas, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 1.5
6
- Tested up to: 3.0.1
7
- Stable tag: 2.0.38
8
 
9
  Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10
  content management system free of link spam. Bad Behavior is a PHP-based
@@ -66,6 +66,9 @@ http://www.bad-behavior.ioerror.us/
66
 
67
  = Bad Behavior 2.0 Known Issues =
68
 
 
 
 
69
  * Bad Behavior may be unable to protect cached pages on MediaWiki.
70
 
71
  * When upgrading from version 2.0.19 or prior on MediaWiki and WordPress,
3
  Contributors: error, MarkJaquith, Firas, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 1.5
6
+ Tested up to: 3.0.4
7
+ Stable tag: 2.0.39
8
 
9
  Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10
  content management system free of link spam. Bad Behavior is a PHP-based
66
 
67
  = Bad Behavior 2.0 Known Issues =
68
 
69
+ * Bad Behavior requires MySQL 4.1 or later and PHP 4.3 or later. Future
70
+ versions of Bad Behavior will require PHP 5.
71
+
72
  * Bad Behavior may be unable to protect cached pages on MediaWiki.
73
 
74
  * When upgrading from version 2.0.19 or prior on MediaWiki and WordPress,
bad-behavior-generic.php CHANGED
@@ -1,11 +1,11 @@
1
  <?php
2
  /*
3
  Bad Behavior - detects and blocks unwanted Web accesses
4
- Copyright (C) 2005,2006,2007,2008,2009 Michael Hampton
5
 
6
  This program is free software; you can redistribute it and/or modify
7
  it under the terms of the GNU General Public License as published by
8
- the Free Software Foundation; either version 3 of the License, or
9
  (at your option) any later version.
10
 
11
  As a special exemption, you may link this program with any of the
@@ -32,8 +32,6 @@ define('BB2_CWD', dirname(__FILE__));
32
 
33
  // Settings you can adjust for Bad Behavior.
34
  // Most of these are unused in non-database mode.
35
- // DO NOT EDIT HERE; instead make changes in settings.ini.
36
- // These settings are used when settings.ini is not present.
37
  $bb2_settings_defaults = array(
38
  'log_table' => 'bad_behavior',
39
  'display_stats' => true,
@@ -85,24 +83,17 @@ function bb2_db_rows($result) {
85
  return $result;
86
  }
87
 
88
- // Create the SQL query for inserting a record in the database.
89
- // See example for MySQL elsewhere.
90
- function bb2_insert($settings, $package, $key)
91
- {
92
- return "--";
93
- }
94
-
95
  // Return emergency contact email address.
96
  function bb2_email() {
97
- return "example@example.com"; // You need to change this.
 
98
  }
99
 
100
  // retrieve settings from database
101
  // Settings are hard-coded for non-database use
102
  function bb2_read_settings() {
103
  global $bb2_settings_defaults;
104
- $settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
105
- return array_merge($bb2_settings_defaults, $settings);
106
  }
107
 
108
  // write settings to database
1
  <?php
2
  /*
3
  Bad Behavior - detects and blocks unwanted Web accesses
4
+ Copyright (C) 2005-2006 Michael Hampton
5
 
6
  This program is free software; you can redistribute it and/or modify
7
  it under the terms of the GNU General Public License as published by
8
+ the Free Software Foundation; either version 2 of the License, or
9
  (at your option) any later version.
10
 
11
  As a special exemption, you may link this program with any of the
32
 
33
  // Settings you can adjust for Bad Behavior.
34
  // Most of these are unused in non-database mode.
 
 
35
  $bb2_settings_defaults = array(
36
  'log_table' => 'bad_behavior',
37
  'display_stats' => true,
83
  return $result;
84
  }
85
 
 
 
 
 
 
 
 
86
  // Return emergency contact email address.
87
  function bb2_email() {
88
+ // return "example@example.com"; // You need to change this.
89
+ return "badbots@ioerror.us"; // You need to change this.
90
  }
91
 
92
  // retrieve settings from database
93
  // Settings are hard-coded for non-database use
94
  function bb2_read_settings() {
95
  global $bb2_settings_defaults;
96
+ return $bb2_settings_defaults;
 
97
  }
98
 
99
  // write settings to database
bad-behavior-mediawiki.php CHANGED
@@ -25,8 +25,6 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25
  if (!defined('MEDIAWIKI')) die();
26
 
27
  // Settings you can adjust for Bad Behavior.
28
- // DO NOT EDIT HERE; instead make changes in settings.ini.
29
- // These settings are used when settings.ini is not present.
30
  $bb2_settings_defaults = array(
31
  'log_table' => $wgDBprefix . 'bad_behavior',
32
  'display_stats' => true,
@@ -42,7 +40,6 @@ $bb2_settings_defaults = array(
42
  define('BB2_CWD', dirname(__FILE__));
43
 
44
  // Bad Behavior callback functions.
45
- require_once("bad-behavior-mysql.php");
46
 
47
  // Return current time in the format preferred by your database.
48
  function bb2_db_date() {
@@ -93,8 +90,7 @@ function bb2_email() {
93
  // retrieve settings from database
94
  function bb2_read_settings() {
95
  global $bb2_settings_defaults;
96
- $settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
97
- return array_merge($bb2_settings_defaults, $settings);
98
  }
99
 
100
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
25
  if (!defined('MEDIAWIKI')) die();
26
 
27
  // Settings you can adjust for Bad Behavior.
 
 
28
  $bb2_settings_defaults = array(
29
  'log_table' => $wgDBprefix . 'bad_behavior',
30
  'display_stats' => true,
40
  define('BB2_CWD', dirname(__FILE__));
41
 
42
  // Bad Behavior callback functions.
 
43
 
44
  // Return current time in the format preferred by your database.
45
  function bb2_db_date() {
90
  // retrieve settings from database
91
  function bb2_read_settings() {
92
  global $bb2_settings_defaults;
93
+ return $bb2_settings_defaults;
 
94
  }
95
 
96
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
bad-behavior-mysql.php DELETED
@@ -1,46 +0,0 @@
1
- <?php
2
-
3
- // Our log table structure
4
- function bb2_table_structure($name)
5
- {
6
- // It's not paranoia if they really are out to get you.
7
- $name_escaped = bb2_db_escape($name);
8
- return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
9
- `id` INT(11) NOT NULL auto_increment,
10
- `ip` TEXT NOT NULL,
11
- `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
12
- `request_method` TEXT NOT NULL,
13
- `request_uri` TEXT NOT NULL,
14
- `server_protocol` TEXT NOT NULL,
15
- `http_headers` TEXT NOT NULL,
16
- `user_agent` TEXT NOT NULL,
17
- `request_entity` TEXT NOT NULL,
18
- `key` TEXT NOT NULL,
19
- INDEX (`ip`(15)),
20
- INDEX (`user_agent`(10)),
21
- PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
22
- }
23
-
24
- // Insert a new record
25
- function bb2_insert($settings, $package, $key)
26
- {
27
- $ip = bb2_db_escape($package['ip']);
28
- $date = bb2_db_date();
29
- $request_method = bb2_db_escape($package['request_method']);
30
- $request_uri = bb2_db_escape($package['request_uri']);
31
- $server_protocol = bb2_db_escape($package['server_protocol']);
32
- $user_agent = bb2_db_escape($package['user_agent']);
33
- $headers = "$request_method $request_uri $server_protocol\n";
34
- foreach ($package['headers'] as $h => $v) {
35
- $headers .= bb2_db_escape("$h: $v\n");
36
- }
37
- $request_entity = "";
38
- if (!strcasecmp($request_method, "POST")) {
39
- foreach ($package['request_entity'] as $h => $v) {
40
- $request_entity .= bb2_db_escape("$h: $v\n");
41
- }
42
- }
43
- return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
44
- (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
45
- ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
46
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior-wordpress-admin.php CHANGED
@@ -179,7 +179,7 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
179
  $host .= "<br/>\n";
180
  }
181
  echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
182
- if ($httpbl) echo "<br/><br/><a href=\"http://www.projecthoneypot.org/ip_{$result['ip']}\">http:BL</a>:<br/>$httpbl\n";
183
  echo "</td>\n";
184
  $headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
185
  if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
@@ -270,7 +270,7 @@ function bb2_options()
270
  ?>
271
  <div class="wrap">
272
  <h2><?php _e("Bad Behavior"); ?></h2>
273
- <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
274
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
275
  <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
276
 
179
  $host .= "<br/>\n";
180
  }
181
  echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
182
+ if ($httpbl) echo "<br/><br/>http:BL:<br/>$httpbl\n";
183
  echo "</td>\n";
184
  $headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
185
  if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
270
  ?>
271
  <div class="wrap">
272
  <h2><?php _e("Bad Behavior"); ?></h2>
273
+ <form method="post" action="<?php echo $request_uri; ?>">
274
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
275
  <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
276
 
bad-behavior-wordpress.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
- Version: 2.1.7
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://www.bad-behavior.ioerror.us/
7
  Author: Michael Hampton
@@ -44,7 +44,6 @@ $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
44
  define('BB2_CWD', dirname(__FILE__));
45
 
46
  // Bad Behavior callback functions.
47
- require_once("bad-behavior-mysql.php");
48
 
49
  // Return current time in the format preferred by your database.
50
  function bb2_db_date() {
@@ -141,10 +140,6 @@ function bb2_insert_stats($force = false) {
141
  echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
142
  }
143
  }
144
- if (@!empty($_SESSION['BB2_RESULT'])) {
145
- echo sprintf("\n<!-- Bad Behavior result was %s! This request would have been blocked. -->\n", $_SESSION['BB2_RESULT']);
146
- unset($_SESSION['BB2_RESULT']);
147
- }
148
  }
149
 
150
  // Return the top-level relative path of wherever we are (for cookies)
@@ -170,7 +165,7 @@ if (is_admin() || strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge
170
  require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
171
  }
172
 
173
- $_SESSION['BB2_RESULT'] = bb2_start(bb2_read_settings());
174
 
175
  $bb2_mtime = explode(" ", microtime());
176
  $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
+ Version: 2.0.39
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://www.bad-behavior.ioerror.us/
7
  Author: Michael Hampton
44
  define('BB2_CWD', dirname(__FILE__));
45
 
46
  // Bad Behavior callback functions.
 
47
 
48
  // Return current time in the format preferred by your database.
49
  function bb2_db_date() {
140
  echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
141
  }
142
  }
 
 
 
 
143
  }
144
 
145
  // Return the top-level relative path of wherever we are (for cookies)
165
  require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
166
  }
167
 
168
+ bb2_start(bb2_read_settings());
169
 
170
  $bb2_mtime = explode(" ", microtime());
171
  $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
bad-behavior/banned.inc.php CHANGED
@@ -5,7 +5,7 @@
5
 
6
  require_once(BB2_CORE . "/responses.inc.php");
7
 
8
- function bb2_display_denial($settings, $package, $key, $previous_key = false)
9
  {
10
  define('DONOTCACHEPAGE', true); // WP Super Cache
11
  if (!$previous_key) $previous_key = $key;
@@ -13,7 +13,7 @@ function bb2_display_denial($settings, $package, $key, $previous_key = false)
13
  // FIXME: lookup the real key
14
  }
15
  // Create support key
16
- $ip = explode(".", $package['ip']);
17
  $ip_hex = "";
18
  foreach ($ip as $octet) {
19
  $ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
@@ -24,7 +24,7 @@ function bb2_display_denial($settings, $package, $key, $previous_key = false)
24
  $response = bb2_get_response($previous_key);
25
  header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
26
  header("Status: " . $response['response'] . " Bad Behavior");
27
- $request_uri = $_SERVER["REQUEST_URI"];
28
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
29
  ?>
30
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
5
 
6
  require_once(BB2_CORE . "/responses.inc.php");
7
 
8
+ function bb2_display_denial($settings, $key, $previous_key = false)
9
  {
10
  define('DONOTCACHEPAGE', true); // WP Super Cache
11
  if (!$previous_key) $previous_key = $key;
13
  // FIXME: lookup the real key
14
  }
15
  // Create support key
16
+ $ip = explode(".", $_SERVER['REMOTE_ADDR']);
17
  $ip_hex = "";
18
  foreach ($ip as $octet) {
19
  $ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
24
  $response = bb2_get_response($previous_key);
25
  header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
26
  header("Status: " . $response['response'] . " Bad Behavior");
27
+ $request_uri = $_SERVER['REQUEST_URI'];
28
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
29
  ?>
30
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
bad-behavior/blackhole.inc.php CHANGED
@@ -1,5 +1,10 @@
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
 
 
 
 
 
3
  // Look up address on various blackhole lists.
4
  // These should not be used for GET requests under any circumstances!
5
  // FIXME: Note that this code is no longer in use
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
3
+ // Quick and dirty check for an IPv6 address
4
+ function is_ipv6($address) {
5
+ return (strpos($address, ":")) ? TRUE : FALSE;
6
+ }
7
+
8
  // Look up address on various blackhole lists.
9
  // These should not be used for GET requests under any circumstances!
10
  // FIXME: Note that this code is no longer in use
bad-behavior/blacklist.inc.php CHANGED
@@ -34,7 +34,7 @@ function bb2_blacklist($package) {
34
  "Mozilla ", // malicious software
35
  "Mozilla/2", // malicious software
36
  "Mozilla/4.0(", // from honeypot
37
- "Mozilla/4.0+(", // suspicious harvester
38
  "MSIE", // malicious software
39
  "NutchCVS", // unidentified robots
40
  "Nutscrape/", // misc comment spam
@@ -69,12 +69,11 @@ function bb2_blacklist($package) {
69
  "grub-client", // search engine ignores robots.txt
70
  "hanzoweb", // very badly behaved crawler
71
  "Indy Library", // misc comment/email spam
72
- "MSIE 7.0; Windows NT 5.2", // Cyveillance
73
  "Murzillo compatible", // comment spam bot
74
  ".NET CLR 1)", // free poker, etc.
75
  "POE-Component-Client", // free poker, etc.
76
  "Turing Machine", // www.anonymizer.com abuse
77
- "unspecified.mail", // stealth harvesters
78
  "User-agent: ", // spam harvester/splogger
79
  "WebaltBot", // spam harvester
80
  "WISEbot", // spam harvester
@@ -84,7 +83,6 @@ function bb2_blacklist($package) {
84
  "Windows NT 5.1;)", // wikispam bot
85
  "Windows XP 5", // spam harvester
86
  "WordPress/4.01", // pingback spam
87
- "Xedant Human Emulator",// spammer script engine
88
  "\\\\)", // spam harvester
89
  );
90
 
34
  "Mozilla ", // malicious software
35
  "Mozilla/2", // malicious software
36
  "Mozilla/4.0(", // from honeypot
37
+ "Mozilla/4.0+(compatible;+", // suspicious harvester
38
  "MSIE", // malicious software
39
  "NutchCVS", // unidentified robots
40
  "Nutscrape/", // misc comment spam
69
  "grub-client", // search engine ignores robots.txt
70
  "hanzoweb", // very badly behaved crawler
71
  "Indy Library", // misc comment/email spam
72
+ "larbin@unspecified", // stealth harvesters
73
  "Murzillo compatible", // comment spam bot
74
  ".NET CLR 1)", // free poker, etc.
75
  "POE-Component-Client", // free poker, etc.
76
  "Turing Machine", // www.anonymizer.com abuse
 
77
  "User-agent: ", // spam harvester/splogger
78
  "WebaltBot", // spam harvester
79
  "WISEbot", // spam harvester
83
  "Windows NT 5.1;)", // wikispam bot
84
  "Windows XP 5", // spam harvester
85
  "WordPress/4.01", // pingback spam
 
86
  "\\\\)", // spam harvester
87
  );
88
 
bad-behavior/cloudflare.inc.php DELETED
@@ -1,15 +0,0 @@
1
- <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
-
3
- // Analyze requests claiming to be from CloudFlare
4
-
5
- require_once(BB2_CORE . "/roundtripdns.inc.php");
6
-
7
- function bb2_cloudflare($package)
8
- {
9
- if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
10
- return '70e45496';
11
- }
12
- return false;
13
- }
14
-
15
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior/common_tests.inc.php CHANGED
@@ -4,8 +4,9 @@
4
 
5
  function bb2_protocol($settings, $package)
6
  {
 
7
  // Always run this test; we should never see Expect:
8
- if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
9
  return "a0105122";
10
  }
11
 
@@ -68,6 +69,7 @@ function bb2_misc_headers($settings, $package)
68
  // Lowercase via is used by open proxies/referrer spammers
69
  // Exceptions: Clearswift uses lowercase via (refuses to fix;
70
  // may be blocked again in the future)
 
71
  if (array_key_exists('via', $package['headers']) &&
72
  strpos($package['headers']['via'],'Clearswift') === FALSE &&
73
  strpos($ua,'CoralWebPrx') === FALSE) {
@@ -104,12 +106,6 @@ function bb2_misc_headers($settings, $package)
104
  if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
105
  return "a52f0448";
106
  }
107
- // Keep-Alive format in RFC 2068; some bots mangle these headers
108
- if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
109
- return "b0924802";
110
- }
111
- // Close should not be oddly capitalized
112
-
113
  }
114
 
115
 
4
 
5
  function bb2_protocol($settings, $package)
6
  {
7
+ // Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
8
  // Always run this test; we should never see Expect:
9
+ if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
10
  return "a0105122";
11
  }
12
 
69
  // Lowercase via is used by open proxies/referrer spammers
70
  // Exceptions: Clearswift uses lowercase via (refuses to fix;
71
  // may be blocked again in the future)
72
+ // Coral CDN uses lowercase via
73
  if (array_key_exists('via', $package['headers']) &&
74
  strpos($package['headers']['via'],'Clearswift') === FALSE &&
75
  strpos($ua,'CoralWebPrx') === FALSE) {
106
  if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
107
  return "a52f0448";
108
  }
 
 
 
 
 
 
109
  }
110
 
111
 
bad-behavior/core.inc.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
 
3
- // Bad Behavior entry point is bb2_start()
4
  // If you're reading this, you are probably lost.
5
  // Go read the bad-behavior-generic.php file.
6
 
@@ -9,6 +9,51 @@ define('BB2_COOKIE', 'bb2_screener_');
9
 
10
  require_once(BB2_CORE . "/functions.inc.php");
11
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  // Kill 'em all!
13
  function bb2_banned($settings, $package, $key, $previous_key=false)
14
  {
@@ -16,7 +61,7 @@ function bb2_banned($settings, $package, $key, $previous_key=false)
16
  sleep(2);
17
 
18
  require_once(BB2_CORE . "/banned.inc.php");
19
- bb2_display_denial($settings, $package, $key, $previous_key);
20
  bb2_log_denial($settings, $package, $key, $previous_key);
21
  if (is_callable('bb2_banned_callback')) {
22
  bb2_banned_callback($settings, $package, $key);
@@ -40,6 +85,18 @@ function bb2_approved($settings, $package)
40
  }
41
  }
42
 
 
 
 
 
 
 
 
 
 
 
 
 
43
 
44
  // Let God sort 'em out!
45
  function bb2_start($settings)
@@ -47,7 +104,7 @@ function bb2_start($settings)
47
  // Gather up all the information we need, first of all.
48
  $headers = bb2_load_headers();
49
  // Postprocess the headers to mixed-case
50
- // TODO: get the world to stop using PHP as CGI
51
  $headers_mixed = array();
52
  foreach ($headers as $h => $v) {
53
  $headers_mixed[uc_all($h)] = $v;
@@ -55,106 +112,91 @@ function bb2_start($settings)
55
 
56
  // IPv6 - IPv4 compatibility mode hack
57
  $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
 
 
 
 
 
 
 
58
 
59
  // Reconstruct the HTTP entity, if present.
60
  $request_entity = array();
61
- if (!strcasecmp($_SERVER['REQUEST_METHOD'], "POST") || !strcasecmp($_SERVER['REQUEST_METHOD'], "PUT")) {
62
  foreach ($_POST as $h => $v) {
63
  $request_entity[$h] = $v;
64
  }
65
  }
66
 
67
- $request_uri = $_SERVER["REQUEST_URI"];
68
- if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
69
-
70
- # Nasty CloudFlare hack provided by butchs at simplemachines
71
- $ip_temp = preg_replace("/^::ffff:/", "", (array_key_exists('Cf-Connecting-Ip', $headers_mixed)) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR']);
72
- $cloudflare_ip = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
73
-
74
- @$package = array('ip' => $ip_temp, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false, 'cloudflare' => $cloudflare_ip);
75
 
76
- $result = bb2_screen($settings, $package);
77
- if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
78
- return $result;
79
- }
80
-
81
- function bb2_screen($settings, $package)
82
- {
83
  // Please proceed to the security checkpoint and have your
84
  // identification and boarding pass ready.
85
 
86
- // Check for CloudFlare CDN since IP to be screened may be different
87
- // Thanks to butchs at Simple Machines
88
- if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
89
- require_once(BB2_CORE . "/cloudflare.inc.php");
90
- $r = bb2_cloudflare($package);
91
- if ($r !== false && $r != $package['ip']) return $r;
92
- }
93
-
94
  // First check the whitelist
95
  require_once(BB2_CORE . "/whitelist.inc.php");
96
  if (!bb2_whitelist($package)) {
97
  // Now check the blacklist
98
  require_once(BB2_CORE . "/blacklist.inc.php");
99
- if ($r = bb2_blacklist($package)) return $r;
100
 
101
  // Check the http:BL
102
  require_once(BB2_CORE . "/blackhole.inc.php");
103
- if ($r = bb2_httpbl($settings, $package)) return $r;
104
 
105
  // Check for common stuff
106
  require_once(BB2_CORE . "/common_tests.inc.php");
107
- if ($r = bb2_protocol($settings, $package)) return $r;
108
- if ($r = bb2_cookies($settings, $package)) return $r;
109
- if ($r = bb2_misc_headers($settings, $package)) return $r;
110
 
111
  // Specific checks
112
- @$ua = $package['user_agent'];
113
  // MSIE checks
114
- if (stripos($ua, "; MSIE") !== FALSE) {
115
  $package['is_browser'] = true;
116
  if (stripos($ua, "Opera") !== FALSE) {
117
  require_once(BB2_CORE . "/opera.inc.php");
118
- if ($r = bb2_opera($package)) return $r;
119
  } else {
120
  require_once(BB2_CORE . "/msie.inc.php");
121
- if ($r = bb2_msie($package)) return $r;
122
  }
123
  } elseif (stripos($ua, "Konqueror") !== FALSE) {
124
  $package['is_browser'] = true;
125
  require_once(BB2_CORE . "/konqueror.inc.php");
126
- if ($r = bb2_konqueror($package)) return $r;
127
  } elseif (stripos($ua, "Opera") !== FALSE) {
128
  $package['is_browser'] = true;
129
  require_once(BB2_CORE . "/opera.inc.php");
130
- if ($r = bb2_opera($package)) return $r;
131
  } elseif (stripos($ua, "Safari") !== FALSE) {
132
  $package['is_browser'] = true;
133
  require_once(BB2_CORE . "/safari.inc.php");
134
- if ($r = bb2_safari($package)) return $r;
135
  } elseif (stripos($ua, "Lynx") !== FALSE) {
136
  $package['is_browser'] = true;
137
  require_once(BB2_CORE . "/lynx.inc.php");
138
- if ($r = bb2_lynx($package)) return $r;
139
  } elseif (stripos($ua, "MovableType") !== FALSE) {
140
  require_once(BB2_CORE . "/movabletype.inc.php");
141
- if ($r = bb2_movabletype($package)) return $r;
142
  } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
143
  require_once(BB2_CORE . "/msnbot.inc.php");
144
- if ($r = bb2_msnbot($package)) return $r;
145
  } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
146
  require_once(BB2_CORE . "/google.inc.php");
147
- if ($r = bb2_google($package)) return $r;
148
  } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
149
  $package['is_browser'] = true;
150
  require_once(BB2_CORE . "/mozilla.inc.php");
151
- if ($r = bb2_mozilla($package)) return $r;
152
  }
153
 
154
  // More intensive screening applies to POST requests
155
  if (!strcasecmp('POST', $package['request_method'])) {
156
  require_once(BB2_CORE . "/post.inc.php");
157
- if ($r = bb2_post($settings, $package)) return $r;
158
  }
159
  }
160
 
@@ -164,6 +206,6 @@ function bb2_screen($settings, $package)
164
 
165
  // And that's about it.
166
  bb2_approved($settings, $package);
167
- return false;
168
  }
169
  ?>
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
 
3
+ // Bad Behavior entry point is start_bad_behavior().
4
  // If you're reading this, you are probably lost.
5
  // Go read the bad-behavior-generic.php file.
6
 
9
 
10
  require_once(BB2_CORE . "/functions.inc.php");
11
 
12
+ // Our log table structure
13
+ function bb2_table_structure($name)
14
+ {
15
+ // It's not paranoia if they really are out to get you.
16
+ $name_escaped = bb2_db_escape($name);
17
+ return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
18
+ `id` INT(11) NOT NULL auto_increment,
19
+ `ip` TEXT NOT NULL,
20
+ `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
21
+ `request_method` TEXT NOT NULL,
22
+ `request_uri` TEXT NOT NULL,
23
+ `server_protocol` TEXT NOT NULL,
24
+ `http_headers` TEXT NOT NULL,
25
+ `user_agent` TEXT NOT NULL,
26
+ `request_entity` TEXT NOT NULL,
27
+ `key` TEXT NOT NULL,
28
+ INDEX (`ip`(15)),
29
+ INDEX (`user_agent`(10)),
30
+ PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
31
+ }
32
+
33
+ // Insert a new record
34
+ function bb2_insert($settings, $package, $key)
35
+ {
36
+ $ip = bb2_db_escape($package['ip']);
37
+ $date = bb2_db_date();
38
+ $request_method = bb2_db_escape($package['request_method']);
39
+ $request_uri = bb2_db_escape($package['request_uri']);
40
+ $server_protocol = bb2_db_escape($package['server_protocol']);
41
+ $user_agent = bb2_db_escape($package['user_agent']);
42
+ $headers = "$request_method $request_uri $server_protocol\n";
43
+ foreach ($package['headers'] as $h => $v) {
44
+ $headers .= bb2_db_escape("$h: $v\n");
45
+ }
46
+ $request_entity = "";
47
+ if (!strcasecmp($request_method, "POST")) {
48
+ foreach ($package['request_entity'] as $h => $v) {
49
+ $request_entity .= bb2_db_escape("$h: $v\n");
50
+ }
51
+ }
52
+ return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
53
+ (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
54
+ ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
55
+ }
56
+
57
  // Kill 'em all!
58
  function bb2_banned($settings, $package, $key, $previous_key=false)
59
  {
61
  sleep(2);
62
 
63
  require_once(BB2_CORE . "/banned.inc.php");
64
+ bb2_display_denial($settings, $key, $previous_key);
65
  bb2_log_denial($settings, $package, $key, $previous_key);
66
  if (is_callable('bb2_banned_callback')) {
67
  bb2_banned_callback($settings, $package, $key);
85
  }
86
  }
87
 
88
+ // Check the results of a particular test; see below for usage
89
+ // Returns FALSE if test passed (yes this is backwards)
90
+ function bb2_test($settings, $package, $result)
91
+ {
92
+ if ($result !== FALSE)
93
+ {
94
+ bb2_banned($settings, $package, $result);
95
+ return TRUE;
96
+ }
97
+ return FALSE;
98
+ }
99
+
100
 
101
  // Let God sort 'em out!
102
  function bb2_start($settings)
104
  // Gather up all the information we need, first of all.
105
  $headers = bb2_load_headers();
106
  // Postprocess the headers to mixed-case
107
+ // FIXME: get the world to stop using PHP as CGI
108
  $headers_mixed = array();
109
  foreach ($headers as $h => $v) {
110
  $headers_mixed[uc_all($h)] = $v;
112
 
113
  // IPv6 - IPv4 compatibility mode hack
114
  $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
115
+ // We use these frequently. Keep a copy close at hand.
116
+ $ip = $_SERVER['REMOTE_ADDR'];
117
+ $request_method = $_SERVER['REQUEST_METHOD'];
118
+ $request_uri = $_SERVER['REQUEST_URI'];
119
+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
120
+ $server_protocol = $_SERVER['SERVER_PROTOCOL'];
121
+ @$user_agent = $_SERVER['HTTP_USER_AGENT'];
122
 
123
  // Reconstruct the HTTP entity, if present.
124
  $request_entity = array();
125
+ if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
126
  foreach ($_POST as $h => $v) {
127
  $request_entity[$h] = $v;
128
  }
129
  }
130
 
131
+ $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
 
 
 
 
 
 
 
132
 
 
 
 
 
 
 
 
133
  // Please proceed to the security checkpoint and have your
134
  // identification and boarding pass ready.
135
 
 
 
 
 
 
 
 
 
136
  // First check the whitelist
137
  require_once(BB2_CORE . "/whitelist.inc.php");
138
  if (!bb2_whitelist($package)) {
139
  // Now check the blacklist
140
  require_once(BB2_CORE . "/blacklist.inc.php");
141
+ bb2_test($settings, $package, bb2_blacklist($package));
142
 
143
  // Check the http:BL
144
  require_once(BB2_CORE . "/blackhole.inc.php");
145
+ bb2_test($settings, $package, bb2_httpbl($settings, $package));
146
 
147
  // Check for common stuff
148
  require_once(BB2_CORE . "/common_tests.inc.php");
149
+ bb2_test($settings, $package, bb2_protocol($settings, $package));
150
+ bb2_test($settings, $package, bb2_cookies($settings, $package));
151
+ bb2_test($settings, $package, bb2_misc_headers($settings, $package));
152
 
153
  // Specific checks
154
+ @$ua = $headers_mixed['User-Agent'];
155
  // MSIE checks
156
+ if (stripos($ua, "MSIE") !== FALSE) {
157
  $package['is_browser'] = true;
158
  if (stripos($ua, "Opera") !== FALSE) {
159
  require_once(BB2_CORE . "/opera.inc.php");
160
+ bb2_test($settings, $package, bb2_opera($package));
161
  } else {
162
  require_once(BB2_CORE . "/msie.inc.php");
163
+ bb2_test($settings, $package, bb2_msie($package));
164
  }
165
  } elseif (stripos($ua, "Konqueror") !== FALSE) {
166
  $package['is_browser'] = true;
167
  require_once(BB2_CORE . "/konqueror.inc.php");
168
+ bb2_test($settings, $package, bb2_konqueror($package));
169
  } elseif (stripos($ua, "Opera") !== FALSE) {
170
  $package['is_browser'] = true;
171
  require_once(BB2_CORE . "/opera.inc.php");
172
+ bb2_test($settings, $package, bb2_opera($package));
173
  } elseif (stripos($ua, "Safari") !== FALSE) {
174
  $package['is_browser'] = true;
175
  require_once(BB2_CORE . "/safari.inc.php");
176
+ bb2_test($settings, $package, bb2_safari($package));
177
  } elseif (stripos($ua, "Lynx") !== FALSE) {
178
  $package['is_browser'] = true;
179
  require_once(BB2_CORE . "/lynx.inc.php");
180
+ bb2_test($settings, $package, bb2_lynx($package));
181
  } elseif (stripos($ua, "MovableType") !== FALSE) {
182
  require_once(BB2_CORE . "/movabletype.inc.php");
183
+ bb2_test($settings, $package, bb2_movabletype($package));
184
  } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
185
  require_once(BB2_CORE . "/msnbot.inc.php");
186
+ bb2_test($settings, $package, bb2_msnbot($package));
187
  } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
188
  require_once(BB2_CORE . "/google.inc.php");
189
+ bb2_test($settings, $package, bb2_google($package));
190
  } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
191
  $package['is_browser'] = true;
192
  require_once(BB2_CORE . "/mozilla.inc.php");
193
+ bb2_test($settings, $package, bb2_mozilla($package));
194
  }
195
 
196
  // More intensive screening applies to POST requests
197
  if (!strcasecmp('POST', $package['request_method'])) {
198
  require_once(BB2_CORE . "/post.inc.php");
199
+ bb2_test($settings, $package, bb2_post($settings, $package));
200
  }
201
  }
202
 
206
 
207
  // And that's about it.
208
  bb2_approved($settings, $package);
209
+ return true;
210
  }
211
  ?>
bad-behavior/functions.inc.php CHANGED
@@ -2,11 +2,6 @@
2
 
3
  // Miscellaneous helper functions.
4
 
5
- // Quick and dirty check for an IPv6 address
6
- function is_ipv6($address) {
7
- return (strpos($address, ":")) ? TRUE : FALSE;
8
- }
9
-
10
  // stripos() needed because stripos is only present on PHP 5
11
  if (!function_exists('stripos')) {
12
  function stripos($haystack,$needle,$offset = 0) {
@@ -64,7 +59,7 @@ function bb2_load_headers() {
64
  if (!is_callable('getallheaders')) {
65
  $headers = array();
66
  foreach ($_SERVER as $h => $v)
67
- if (ereg('HTTP_(.+)', $h, $hp))
68
  $headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
69
  } else {
70
  $headers = getallheaders();
2
 
3
  // Miscellaneous helper functions.
4
 
 
 
 
 
 
5
  // stripos() needed because stripos is only present on PHP 5
6
  if (!function_exists('stripos')) {
7
  function stripos($haystack,$needle,$offset = 0) {
59
  if (!is_callable('getallheaders')) {
60
  $headers = array();
61
  foreach ($_SERVER as $h => $v)
62
+ if (preg_match('/HTTP_(.+)/', $h, $hp))
63
  $headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
64
  } else {
65
  $headers = getallheaders();
bad-behavior/google.inc.php CHANGED
@@ -2,14 +2,9 @@
2
 
3
  // Analyze user agents claiming to be Googlebot
4
 
5
- require_once(BB2_CORE . "/roundtripdns.inc.php");
6
-
7
  function bb2_google($package)
8
  {
9
- # if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
10
- # return "f1182195";
11
- # }
12
- if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
13
  return "f1182195";
14
  }
15
  return false;
2
 
3
  // Analyze user agents claiming to be Googlebot
4
 
 
 
5
  function bb2_google($package)
6
  {
7
+ if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
 
 
 
8
  return "f1182195";
9
  }
10
  return false;
bad-behavior/msnbot.inc.php CHANGED
@@ -2,14 +2,9 @@
2
 
3
  // Analyze user agents claiming to be msnbot
4
 
5
- require_once(BB2_CORE . "/roundtripdns.inc.php");
6
-
7
  function bb2_msnbot($package)
8
  {
9
- # if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
10
- # return "e4de0453";
11
- # }
12
- if (!bb2_roundtripdns($package['ip'], "msn.com")) {
13
  return "e4de0453";
14
  }
15
  return false;
2
 
3
  // Analyze user agents claiming to be msnbot
4
 
 
 
5
  function bb2_msnbot($package)
6
  {
7
+ if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
 
 
 
8
  return "e4de0453";
9
  }
10
  return false;
bad-behavior/post.inc.php CHANGED
@@ -5,7 +5,7 @@ function bb2_post($settings, $package)
5
  {
6
  // Check blackhole lists for known spam/malicious activity
7
  // require_once(BB2_CORE . "/blackhole.inc.php");
8
- // if ($r = bb2_blackhole($package)) return $r;
9
 
10
  // MovableType needs specialized screening
11
  if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
5
  {
6
  // Check blackhole lists for known spam/malicious activity
7
  // require_once(BB2_CORE . "/blackhole.inc.php");
8
+ // bb2_test($settings, $package, bb2_blackhole($package));
9
 
10
  // MovableType needs specialized screening
11
  if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
bad-behavior/responses.inc.php CHANGED
@@ -19,7 +19,6 @@ function bb2_get_response($key) {
19
  '582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
20
  '69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
21
  '6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
22
- '70e45496' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User agent claimed to be CloudFlare, claim appears false'),
23
  '799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
24
  '7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
25
  '7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
@@ -29,7 +28,6 @@ function bb2_get_response($key) {
29
  'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
30
  'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
31
  'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
32
- 'b0924802' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by malicious software on your computer.', 'log' => 'Incorrect form of HTTP/1.0 Keep-Alive'),
33
  'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
34
  'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
35
  'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
19
  '582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
20
  '69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
21
  '6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
 
22
  '799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
23
  '7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
24
  '7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
28
  'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
29
  'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
30
  'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
 
31
  'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
32
  'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
33
  'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
bad-behavior/roundtripdns.inc.php DELETED
@@ -1,20 +0,0 @@
1
- <?php if (!defined('BB2_CORE')) die("I said no cheating!");
2
-
3
- # Round trip DNS verification
4
-
5
- # Returns TRUE if DNS matches; FALSE on mismatch
6
- # Returns $ip if an error occurs
7
- # TODO: Not IPv6 safe
8
- # FIXME: Returns false on DNS server failure; PHP provides no distinction
9
- # between no records and error condition
10
- function bb2_roundtripdns($ip,$domain)
11
- {
12
- if (@is_ipv6($ip)) return $ip;
13
-
14
- $host = gethostbyaddr($ip);
15
- $host_result = strpos(strrev($host), strrev($domain));
16
- if ($host_result === false || $host_result > 0) return false;
17
- $addrs = gethostbynamel($host);
18
- if (in_array($ip, $addrs)) return true;
19
- return false;
20
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior/version.inc.php CHANGED
@@ -1,3 +1,3 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
- define('BB2_VERSION', "2.1.7");
3
  ?>
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
+ define('BB2_VERSION', "2.0.39");
3
  ?>
bad-behavior/whitelist.inc.php CHANGED
@@ -2,25 +2,78 @@
2
 
3
  function bb2_whitelist($package)
4
  {
5
- $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
6
 
7
- if (@!empty($whitelists['ip'])) {
8
- foreach ($whitelists['ip'] as $range) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
9
  if (match_cidr($package['ip'], $range)) return true;
10
  }
11
  }
12
- if (@!empty($whitelists['useragent'])) {
13
- foreach ($whitelists['useragent'] as $user_agent) {
14
  if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
15
  }
16
  }
17
- if (@!empty($whitelists['url'])) {
18
  if (strpos($package['request_uri'], "?") === FALSE) {
19
  $request_uri = $package['request_uri'];
20
  } else {
21
- $request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
22
  }
23
- foreach ($whitelists['url'] as $url) {
24
  if (!strcmp($request_uri, $url)) return true;
25
  }
26
  }
2
 
3
  function bb2_whitelist($package)
4
  {
5
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
6
 
7
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
8
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
9
+ // are 100% CERTAIN that you should.
10
+
11
+ // IP address ranges use the CIDR format.
12
+
13
+ // Includes four examples of whitelisting by IP address and netblock.
14
+ $bb2_whitelist_ip_ranges = array(
15
+ "64.191.203.34", // Digg whitelisted as of 2.0.12
16
+ "208.67.217.130", // Digg whitelisted as of 2.0.12
17
+ "10.0.0.0/8",
18
+ "172.16.0.0/12",
19
+ "192.168.0.0/16",
20
+ // "127.0.0.1",
21
+ );
22
+
23
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
24
+
25
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
26
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
27
+ // are 100% CERTAIN that you should.
28
+
29
+ // You should not whitelist search engines by user agent. Use the IP
30
+ // netblock for the search engine instead. See http://whois.arin.net/
31
+ // to locate the netblocks for an IP.
32
+
33
+ // User agents are matched by exact match only.
34
+
35
+ // Includes one example of whitelisting by user agent.
36
+ // All are commented out.
37
+ $bb2_whitelist_user_agents = array(
38
+ // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
39
+ );
40
+
41
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
42
+
43
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
44
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
45
+ // are 100% CERTAIN that you should.
46
+
47
+ // URLs are matched from the first / after the server name up to,
48
+ // but not including, the ? (if any).
49
+
50
+ // Includes two examples of whitelisting by URL.
51
+ $bb2_whitelist_urls = array(
52
+ // "/example.php",
53
+ // "/openid/server",
54
+ );
55
+
56
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
57
+
58
+ // Do not edit below this line
59
+
60
+ if (!empty($bb2_whitelist_ip_ranges)) {
61
+ foreach ($bb2_whitelist_ip_ranges as $range) {
62
  if (match_cidr($package['ip'], $range)) return true;
63
  }
64
  }
65
+ if (!empty($bb2_whitelist_user_agents)) {
66
+ foreach ($bb2_whitelist_user_agents as $user_agent) {
67
  if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
68
  }
69
  }
70
+ if (!empty($bb2_whitelist_urls)) {
71
  if (strpos($package['request_uri'], "?") === FALSE) {
72
  $request_uri = $package['request_uri'];
73
  } else {
74
+ $request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
75
  }
76
+ foreach ($bb2_whitelist_urls as $url) {
77
  if (!strcmp($request_uri, $url)) return true;
78
  }
79
  }
settings.ini DELETED
@@ -1,9 +0,0 @@
1
- [settings]
2
- display_stats = true
3
- strict = false
4
- verbose = false
5
- logging = true
6
- httpbl_key = ""
7
- httpbl_threat = 25
8
- httpbl_maxage = 30
9
- offsite_forms = false
 
 
 
 
 
 
 
 
 
whitelist.ini DELETED
@@ -1,26 +0,0 @@
1
- ; Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior
2
- ; to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN
3
- ; that you should.
4
-
5
- ; IP address ranges use the CIDR format.
6
-
7
- [ip]
8
- ; Digg whitelisted as of 2.0.12
9
- ip[] = "64.191.203.34"
10
- ip[] = "208.67.217.130"
11
- ; RFC 1918 addresses
12
- ip[] = "10.0.0.0/8"
13
- ip[] = "172.16.0.0/12"
14
- ip[] = "192.168.0.0/16"
15
-
16
- ; User agents are matched by exact match only.
17
-
18
- [useragent]
19
- useragent[] = "Mozilla/4.0 (It's me, let me in)"
20
-
21
- ; URLs are matched from the first / after the server name up to, but not
22
- ; including, the ? (if any). The URL to be whitelisted is a URL on YOUR site.
23
-
24
- [url]
25
- url[] = "/example.php"
26
- url[] = "/openid/server"