Bad Behavior - Version 2.0.40

Version Description

Download this release

Release Info

Developer error
Plugin Icon wp plugin Bad Behavior
Version 2.0.40
Comparing to
See all releases

Code changes from version 2.1.9 to 2.0.40

Files changed (36) hide show
  1. README.txt +14 -3
  2. bad-behavior-generic.php +24 -24
  3. bad-behavior-lifetype.php +175 -0
  4. bad-behavior-mediawiki.php +19 -25
  5. bad-behavior-mysql.php +0 -46
  6. bad-behavior-wordpress-admin.php +4 -27
  7. bad-behavior-wordpress.php +27 -24
  8. bad-behavior/banned.inc.php +5 -16
  9. bad-behavior/blackhole.inc.php +6 -0
  10. bad-behavior/blacklist.inc.php +4 -6
  11. bad-behavior/browser.inc.php +0 -84
  12. bad-behavior/cloudflare.inc.php +0 -14
  13. bad-behavior/common_tests.inc.php +6 -10
  14. bad-behavior/core.inc.php +98 -78
  15. bad-behavior/functions.inc.php +2 -5
  16. bad-behavior/google.inc.php +13 -0
  17. bad-behavior/housekeeping.inc.php +16 -0
  18. bad-behavior/konqueror.inc.php +17 -0
  19. bad-behavior/lynx.inc.php +13 -0
  20. bad-behavior/movabletype.inc.php +2 -0
  21. bad-behavior/mozilla.inc.php +19 -0
  22. bad-behavior/msie.inc.php +26 -0
  23. bad-behavior/msnbot.inc.php +13 -0
  24. bad-behavior/opera.inc.php +13 -0
  25. bad-behavior/post.inc.php +4 -26
  26. bad-behavior/responses.inc.php +1 -3
  27. bad-behavior/roundtripdns.inc.php +0 -20
  28. bad-behavior/safari.inc.php +13 -0
  29. bad-behavior/screener.inc.php +1 -0
  30. bad-behavior/searchengine.inc.php +0 -45
  31. bad-behavior/trackback.inc.php +28 -0
  32. bad-behavior/version.inc.php +3 -0
  33. bad-behavior/whitelist.inc.php +63 -8
  34. lgpl-3.0.txt +0 -165
  35. settings.ini +0 -13
  36. whitelist.ini +0 -26
README.txt CHANGED
@@ -1,10 +1,15 @@
1
  === Bad Behavior ===
2
  Tags: comment,trackback,referrer,spam,robot,antispam
3
- Contributors: error, markjaquith, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 2.7
6
- Tested up to: 3.0.4
7
- Stable tag: 2.0.39
 
 
 
 
 
8
 
9
  Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10
  content management system free of link spam. Bad Behavior is a PHP-based
@@ -108,3 +113,9 @@ not be able to access your cached pages either.
108
  warnings when Spam Karma 2 displays its internally generated CAPTCHA. This
109
  is a design problem in Spam Karma 2. Contact the author of Spam Karma 2 for
110
  a fix.
 
 
 
 
 
 
1
  === Bad Behavior ===
2
  Tags: comment,trackback,referrer,spam,robot,antispam
3
+ Contributors: error, markjaquith, Firas, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 2.7
6
+ Tested up to: 3.1.0
7
+ Stable tag: 2.0.40
8
+
9
+ Bad Behavior prevents spammers from ever delivering their junk, and in many
10
+ cases, from ever reading your site in the first place.
11
+
12
+ == Description ==
13
 
14
  Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
15
  content management system free of link spam. Bad Behavior is a PHP-based
113
  warnings when Spam Karma 2 displays its internally generated CAPTCHA. This
114
  is a design problem in Spam Karma 2. Contact the author of Spam Karma 2 for
115
  a fix.
116
+
117
+ == Upgrade Notice ==
118
+
119
+ = 2.0.40 =
120
+
121
+ This release fixes a security issue. Upgrade as soon as possible.
bad-behavior-generic.php CHANGED
@@ -1,22 +1,28 @@
1
  <?php
2
  /*
3
  Bad Behavior - detects and blocks unwanted Web accesses
4
- Copyright (C) 2005,2006,2007,2008,2009,2010,2011 Michael Hampton
5
 
6
- Bad Behavior is free software; you can redistribute it and/or modify it under
7
- the terms of the GNU Lesser General Public License as published by the Free
8
- Software Foundation; either version 3 of the License, or (at your option) any
9
- later version.
10
 
11
- This program is distributed in the hope that it will be useful, but WITHOUT ANY
12
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13
- PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
 
14
 
15
- You should have received a copy of the GNU Lesser General Public License along
16
- with this program. If not, see <http://www.gnu.org/licenses/>.
 
 
17
 
18
- Please report any problems to bad . bots AT ioerror DOT us
19
- http://www.bad-behavior.ioerror.us/
 
 
 
20
  */
21
 
22
  ###############################################################################
@@ -26,8 +32,6 @@ define('BB2_CWD', dirname(__FILE__));
26
 
27
  // Settings you can adjust for Bad Behavior.
28
  // Most of these are unused in non-database mode.
29
- // DO NOT EDIT HERE; instead make changes in settings.ini.
30
- // These settings are used when settings.ini is not present.
31
  $bb2_settings_defaults = array(
32
  'log_table' => 'bad_behavior',
33
  'display_stats' => true,
@@ -79,24 +83,17 @@ function bb2_db_rows($result) {
79
  return $result;
80
  }
81
 
82
- // Create the SQL query for inserting a record in the database.
83
- // See example for MySQL elsewhere.
84
- function bb2_insert($settings, $package, $key)
85
- {
86
- return "--";
87
- }
88
-
89
  // Return emergency contact email address.
90
  function bb2_email() {
91
- return "example@example.com"; // You need to change this.
 
92
  }
93
 
94
  // retrieve settings from database
95
  // Settings are hard-coded for non-database use
96
  function bb2_read_settings() {
97
  global $bb2_settings_defaults;
98
- $settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
99
- return array_merge($bb2_settings_defaults, $settings);
100
  }
101
 
102
  // write settings to database
@@ -139,7 +136,10 @@ function bb2_relative_path() {
139
  }
140
 
141
  // Calls inward to Bad Behavor itself.
 
142
  require_once(BB2_CWD . "/bad-behavior/core.inc.php");
143
  bb2_install(); // FIXME: see above
144
 
145
  bb2_start(bb2_read_settings());
 
 
1
  <?php
2
  /*
3
  Bad Behavior - detects and blocks unwanted Web accesses
4
+ Copyright (C) 2005-2006 Michael Hampton
5
 
6
+ This program is free software; you can redistribute it and/or modify
7
+ it under the terms of the GNU General Public License as published by
8
+ the Free Software Foundation; either version 2 of the License, or
9
+ (at your option) any later version.
10
 
11
+ As a special exemption, you may link this program with any of the
12
+ programs listed below, regardless of the license terms of those
13
+ programs, and distribute the resulting program, without including the
14
+ source code for such programs: ExpressionEngine
15
 
16
+ This program is distributed in the hope that it will be useful,
17
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
18
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19
+ GNU General Public License for more details.
20
 
21
+ You should have received a copy of the GNU General Public License
22
+ along with this program; if not, write to the Free Software
23
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24
+
25
+ Please report any problems to badbots AT ioerror DOT us
26
  */
27
 
28
  ###############################################################################
32
 
33
  // Settings you can adjust for Bad Behavior.
34
  // Most of these are unused in non-database mode.
 
 
35
  $bb2_settings_defaults = array(
36
  'log_table' => 'bad_behavior',
37
  'display_stats' => true,
83
  return $result;
84
  }
85
 
 
 
 
 
 
 
 
86
  // Return emergency contact email address.
87
  function bb2_email() {
88
+ // return "example@example.com"; // You need to change this.
89
+ return "badbots@ioerror.us"; // You need to change this.
90
  }
91
 
92
  // retrieve settings from database
93
  // Settings are hard-coded for non-database use
94
  function bb2_read_settings() {
95
  global $bb2_settings_defaults;
96
+ return $bb2_settings_defaults;
 
97
  }
98
 
99
  // write settings to database
136
  }
137
 
138
  // Calls inward to Bad Behavor itself.
139
+ require_once(BB2_CWD . "/bad-behavior/version.inc.php");
140
  require_once(BB2_CWD . "/bad-behavior/core.inc.php");
141
  bb2_install(); // FIXME: see above
142
 
143
  bb2_start(bb2_read_settings());
144
+
145
+ ?>
bad-behavior-lifetype.php ADDED
@@ -0,0 +1,175 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /*
3
+ http://blog.markplace.net
4
+
5
+ Bad Behavior - LifeType Plugin
6
+ Copyright (C) 2006 Mark Wu http://blog.markplace.net
7
+
8
+ This program is free software; you can redistribute it and/or modify
9
+ it under the terms of the GNU General Public License as published by
10
+ the Free Software Foundation; either version 2 of the License, or
11
+ (at your option) any later version.
12
+
13
+ This program is distributed in the hope that it will be useful,
14
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ GNU General Public License for more details.
17
+
18
+ You should have received a copy of the GNU General Public License
19
+ along with this program; if not, write to the Free Software
20
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21
+ */
22
+
23
+ // This file is the entry point for Bad Behavior in LifeType.
24
+
25
+ if (!defined('PLOG_CLASS_PATH')) die('No cheating!');
26
+
27
+ // Timer start
28
+ $bb2_mtime = explode(" ", microtime());
29
+ $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
30
+
31
+ define('BB2_CWD', PLOG_CLASS_PATH . "plugins/badbehavior/" );
32
+ define('BB2_EMERGENCY_EMAIL', "admin@yourblog.com" );
33
+ define('BB2_DEFAULT_LOG_TABLE', "bad_behavior" );
34
+
35
+ // Bad Behavior callback functions.
36
+
37
+ // Return current time in the format preferred by your database.
38
+ function bb2_db_date() {
39
+ return gmdate('Y-m-d H:i:s');
40
+ }
41
+
42
+ // Return affected rows from most recent query.
43
+ function bb2_db_affected_rows() {
44
+ lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
45
+ $db =& Db::getDb();
46
+
47
+ return $db->Affected_Rows();
48
+ }
49
+
50
+ // Escape a string for database usage
51
+ function bb2_db_escape($string) {
52
+ lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
53
+
54
+ return Db::qstr($string);
55
+ }
56
+
57
+ // Return the number of rows in a particular query.
58
+ function bb2_db_num_rows($result) {
59
+ return $result->RecordCount();
60
+ }
61
+
62
+ // Run a query and return the results, if any.
63
+ // Should return FALSE if an error occurred.
64
+ function bb2_db_query($query) {
65
+ lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
66
+ $db =& Db::getDb();
67
+
68
+ $result = $db->Execute( $query );
69
+
70
+ if (!$result)
71
+ return FALSE;
72
+
73
+ return $result;
74
+ }
75
+
76
+ // Return all rows in a particular query.
77
+ // Should contain an array of all rows generated by calling mysql_fetch_assoc()
78
+ // or equivalent and appending the result of each call to an array.
79
+ function bb2_db_rows($result) {
80
+ $rows = array();
81
+ while( $row = $result->FetchRow()) {
82
+ $rows[] = $row;
83
+ }
84
+
85
+ return $rows;
86
+ }
87
+
88
+ // Return emergency contact email address.
89
+ function bb2_email() {
90
+ return BB2_EMERGENCY_EMAIL;
91
+ }
92
+
93
+ // retrieve settings from lifetype config
94
+ function bb2_read_settings() {
95
+ lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
96
+ lt_include( PLOG_CLASS_PATH."class/config/config.class.php" );
97
+ $config =& Config::getConfig();
98
+ $prefix = Db::getPrefix();
99
+ $logTable = $config->getValue( 'bb2_log_table', BB2_DEFAULT_LOG_TABLE );
100
+ $displayStats = $config->getValue( 'bb2_display_stats', true );
101
+ $strict = $config->getValue( 'bb2_strict', false );
102
+ $verbose = $config->getValue( 'bb2_verbose', false );
103
+ $isInstalled = $config->getValue( 'bb2_installed', false );
104
+ $logging = $config->getValue( 'bb2_logging', true );
105
+ $httpbl_key = $config->getValue( 'bb2_httpbl_key', '' );
106
+ $httpbl_threat = $config->getValue( 'bb2_httpbl_threat', '25' );
107
+ $httpbl_maxage = $config->getValue( 'bb2_httpbl_maxage', '30' );
108
+ $offsite_forms = $config->getValue( 'offsite_forms', false );
109
+
110
+ return array('log_table' => $prefix . $logTable,
111
+ 'display_stats' => $displayStats,
112
+ 'strict' => $strict,
113
+ 'verbose' => $verbose,
114
+ 'logging' => $logging,
115
+ 'httpbl_key' => $httpbl_key,
116
+ 'httpbl_threat' => $httpbl_threat,
117
+ 'httpbl_maxage' => $httpbl_maxage,
118
+ 'offsite_forms' => $offsite_forms,
119
+ 'is_installed' => $isInstalled );
120
+ }
121
+
122
+ // write settings to lifetype config
123
+ function bb2_write_settings($settings) {
124
+ lt_include( PLOG_CLASS_PATH."class/config/config.class.php" );
125
+ $config =& Config::getConfig();
126
+ $config->setValue( 'bb2_log_table', BB2_DEFAULT_LOG_TABLE );
127
+ $config->setValue( 'bb2_display_stats', $settings['display_stats'] );
128
+ $config->setValue( 'bb2_strict', $settings['strict'] );
129
+ $config->setValue( 'bb2_verbose', $settings['verbose'] );
130
+ $config->setValue( 'bb2_httpbl_key', $settings['httpbl_key'] );
131
+ $config->setValue( 'bb2_httpbl_threat', $settings['httpbl_threat'] );
132
+ $config->setValue( 'bb2_httpbl_maxage', $settings['httpbl_maxage'] );
133
+ $config->setValue( 'bb2_offsite_forms', $settings['offsite_forms'] );
134
+ $config->setValue( 'bb2_installed', $settings['is_installed'] );
135
+ $config->save();
136
+ }
137
+
138
+ // installation
139
+ function bb2_install() {
140
+ $settings = bb2_read_settings();
141
+ if( $settings['is_installed'] == false && $settings['logging'] )
142
+ {
143
+ bb2_db_query(bb2_table_structure($settings['log_table']));
144
+ $settings['is_installed'] = true;
145
+ bb2_write_settings( $settings );
146
+ }
147
+ }
148
+
149
+ // Return the top-level relative path of wherever we are (for cookies)
150
+ function bb2_relative_path() {
151
+ lt_include( PLOG_CLASS_PATH."class/config/config.class.php" );
152
+ $config =& Config::getConfig();
153
+
154
+ $url = parse_url( $config->getValue( 'base_url' ) );
155
+ if( empty($url['path']) )
156
+ return '/';
157
+ else {
158
+ if( substr( $url['path'], -1, 1 ) == '/' )
159
+ return $url['path'];
160
+ else
161
+ return $url['path'] . '/';
162
+ }
163
+ }
164
+
165
+ // Load Bad Behavior Core
166
+ lt_include(BB2_CWD . "bad-behavior/core.inc.php");
167
+ bb2_install();
168
+ $settings = bb2_read_settings();
169
+ bb2_start($settings);
170
+
171
+ // Time Stop
172
+ $bb2_mtime = explode(" ", microtime());
173
+ $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
174
+ $bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
175
+ ?>
bad-behavior-mediawiki.php CHANGED
@@ -1,34 +1,30 @@
1
  <?php
2
  /*
3
- Bad Behavior - detects and blocks unwanted Web accesses
4
- Copyright (C) 2005,2006,2007,2008,2009,2010,2011 Michael Hampton
5
 
6
- Bad Behavior is free software; you can redistribute it and/or modify it under
7
- the terms of the GNU Lesser General Public License as published by the Free
8
- Software Foundation; either version 3 of the License, or (at your option) any
9
- later version.
10
 
11
- This program is distributed in the hope that it will be useful, but WITHOUT ANY
12
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13
- PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
 
14
 
15
- You should have received a copy of the GNU Lesser General Public License along
16
- with this program. If not, see <http://www.gnu.org/licenses/>.
 
 
17
 
18
- Please report any problems to bad . bots AT ioerror DOT us
19
- http://www.bad-behavior.ioerror.us/
 
20
  */
21
 
22
- ###############################################################################
23
- ###############################################################################
24
-
25
  // This file is the entry point for Bad Behavior.
26
 
27
  if (!defined('MEDIAWIKI')) die();
28
 
29
  // Settings you can adjust for Bad Behavior.
30
- // DO NOT EDIT HERE; instead make changes in settings.ini.
31
- // These settings are used when settings.ini is not present.
32
  $bb2_settings_defaults = array(
33
  'log_table' => $wgDBprefix . 'bad_behavior',
34
  'display_stats' => true,
@@ -39,15 +35,11 @@ $bb2_settings_defaults = array(
39
  'httpbl_threat' => '25',
40
  'httpbl_maxage' => '30',
41
  'offsite_forms' => false,
42
- 'reverse_proxy' => false,
43
- 'reverse_proxy_header' => 'X-Forwarded-For',
44
- 'reverse_proxy_addresses' => array(),
45
  );
46
 
47
  define('BB2_CWD', dirname(__FILE__));
48
 
49
  // Bad Behavior callback functions.
50
- require_once("bad-behavior-mysql.php");
51
 
52
  // Return current time in the format preferred by your database.
53
  function bb2_db_date() {
@@ -98,8 +90,7 @@ function bb2_email() {
98
  // retrieve settings from database
99
  function bb2_read_settings() {
100
  global $bb2_settings_defaults;
101
- $settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
102
- return array_merge($bb2_settings_defaults, $settings);
103
  }
104
 
105
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
@@ -144,6 +135,7 @@ function bb2_mediawiki_entry() {
144
  $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
145
 
146
  if (php_sapi_name() != 'cli') {
 
147
  bb2_install(); // FIXME: see above
148
  $settings = bb2_read_settings();
149
  bb2_start($settings);
@@ -154,7 +146,7 @@ function bb2_mediawiki_entry() {
154
  $bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
155
  }
156
 
157
- require_once(BB2_CWD . "/bad-behavior/core.inc.php");
158
  $wgExtensionCredits['other'][] = array(
159
  'name' => 'Bad Behavior',
160
  'version' => BB2_VERSION,
@@ -165,3 +157,5 @@ $wgExtensionCredits['other'][] = array(
165
 
166
  #$wgHooks['ParserAfterTidy'][] = 'bb2_mediawiki_timer';
167
  $wgExtensionFunctions[] = 'bb2_mediawiki_entry';
 
 
1
  <?php
2
  /*
3
+ http://www.bad-behavior.ioerror.us/
 
4
 
5
+ Bad Behavior - detects and blocks unwanted Web accesses
6
+ Copyright (C) 2005 Michael Hampton
 
 
7
 
8
+ This program is free software; you can redistribute it and/or modify
9
+ it under the terms of the GNU General Public License as published by
10
+ the Free Software Foundation; either version 2 of the License, or
11
+ (at your option) any later version.
12
 
13
+ This program is distributed in the hope that it will be useful,
14
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ GNU General Public License for more details.
17
 
18
+ You should have received a copy of the GNU General Public License
19
+ along with this program; if not, write to the Free Software
20
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21
  */
22
 
 
 
 
23
  // This file is the entry point for Bad Behavior.
24
 
25
  if (!defined('MEDIAWIKI')) die();
26
 
27
  // Settings you can adjust for Bad Behavior.
 
 
28
  $bb2_settings_defaults = array(
29
  'log_table' => $wgDBprefix . 'bad_behavior',
30
  'display_stats' => true,
35
  'httpbl_threat' => '25',
36
  'httpbl_maxage' => '30',
37
  'offsite_forms' => false,
 
 
 
38
  );
39
 
40
  define('BB2_CWD', dirname(__FILE__));
41
 
42
  // Bad Behavior callback functions.
 
43
 
44
  // Return current time in the format preferred by your database.
45
  function bb2_db_date() {
90
  // retrieve settings from database
91
  function bb2_read_settings() {
92
  global $bb2_settings_defaults;
93
+ return $bb2_settings_defaults;
 
94
  }
95
 
96
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
135
  $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
136
 
137
  if (php_sapi_name() != 'cli') {
138
+ require_once(BB2_CWD . "/bad-behavior/core.inc.php");
139
  bb2_install(); // FIXME: see above
140
  $settings = bb2_read_settings();
141
  bb2_start($settings);
146
  $bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
147
  }
148
 
149
+ require_once(BB2_CWD . "/bad-behavior/version.inc.php");
150
  $wgExtensionCredits['other'][] = array(
151
  'name' => 'Bad Behavior',
152
  'version' => BB2_VERSION,
157
 
158
  #$wgHooks['ParserAfterTidy'][] = 'bb2_mediawiki_timer';
159
  $wgExtensionFunctions[] = 'bb2_mediawiki_entry';
160
+
161
+ ?>
bad-behavior-mysql.php DELETED
@@ -1,46 +0,0 @@
1
- <?php
2
-
3
- // Our log table structure
4
- function bb2_table_structure($name)
5
- {
6
- // It's not paranoia if they really are out to get you.
7
- $name_escaped = bb2_db_escape($name);
8
- return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
9
- `id` INT(11) NOT NULL auto_increment,
10
- `ip` TEXT NOT NULL,
11
- `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
12
- `request_method` TEXT NOT NULL,
13
- `request_uri` TEXT NOT NULL,
14
- `server_protocol` TEXT NOT NULL,
15
- `http_headers` TEXT NOT NULL,
16
- `user_agent` TEXT NOT NULL,
17
- `request_entity` TEXT NOT NULL,
18
- `key` TEXT NOT NULL,
19
- INDEX (`ip`(15)),
20
- INDEX (`user_agent`(10)),
21
- PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
22
- }
23
-
24
- // Insert a new record
25
- function bb2_insert($settings, $package, $key)
26
- {
27
- $ip = bb2_db_escape($package['ip']);
28
- $date = bb2_db_date();
29
- $request_method = bb2_db_escape($package['request_method']);
30
- $request_uri = bb2_db_escape($package['request_uri']);
31
- $server_protocol = bb2_db_escape($package['server_protocol']);
32
- $user_agent = bb2_db_escape($package['user_agent']);
33
- $headers = "$request_method $request_uri $server_protocol\n";
34
- foreach ($package['headers'] as $h => $v) {
35
- $headers .= bb2_db_escape("$h: $v\n");
36
- }
37
- $request_entity = "";
38
- if (!strcasecmp($request_method, "POST")) {
39
- foreach ($package['request_entity'] as $h => $v) {
40
- $request_entity .= bb2_db_escape("$h: $v\n");
41
- }
42
- }
43
- return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
44
- (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
45
- ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
46
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior-wordpress-admin.php CHANGED
@@ -179,7 +179,7 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
179
  $host .= "<br/>\n";
180
  }
181
  echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
182
- if ($httpbl) echo "<br/><br/><a href=\"http://www.projecthoneypot.org/ip_{$result['ip']}\">http:BL</a>:<br/>$httpbl\n";
183
  echo "</td>\n";
184
  $headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
185
  if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
@@ -262,21 +262,6 @@ function bb2_options()
262
  } else {
263
  $settings['offsite_forms'] = false;
264
  }
265
- if ($_POST['reverse_proxy']) {
266
- $settings['reverse_proxy'] = true;
267
- } else {
268
- $settings['reverse_proxy'] = false;
269
- }
270
- if ($_POST['reverse_proxy_header']) {
271
- $settings['reverse_proxy_header'] = uc_all($_POST['reverse_proxy_header']);
272
- } else {
273
- $settings['reverse_proxy_header'] = 'X-Forwarded-For';
274
- }
275
- if ($_POST['reverse_proxy_addresses']) {
276
- $settings['reverse_proxy_addresses'] = preg_split("/[\s,]+/m", $_POST['reverse_proxy_addresses']);
277
- } else {
278
- $settings['reverse_proxy_addresses'] = array();
279
- }
280
  bb2_write_settings($settings);
281
  ?>
282
  <div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
@@ -285,7 +270,7 @@ function bb2_options()
285
  ?>
286
  <div class="wrap">
287
  <h2><?php _e("Bad Behavior"); ?></h2>
288
- <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
289
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
290
  <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
291
 
@@ -316,16 +301,6 @@ function bb2_options()
316
  <tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_maxage" value="<?php echo $settings['httpbl_maxage']; ?>" /> Maximum Age of Data (30 is recommended)</label></td></tr>
317
  </table>
318
 
319
- <h3><?php _e('Reverse Proxy/Load Balancer'); ?></h3>
320
- <p>If you are using Bad Behavior behind a reverse proxy, load balancer, HTTP accelerator, content cache or similar technology, enable the Reverse Proxy option.</p>
321
- <p>If you have a chain of two or more reverse proxies between your server and the public Internet, you must specify <em>all</em> of the IP address ranges (in CIDR format) of all of your proxy servers, load balancers, etc. Otherwise, Bad Behavior may be unable to determine the client's true IP address.</p>
322
- <p>In addition, your reverse proxy servers must set the IP address of the Internet client from which they received the request in an HTTP header. If you don't specify a header, <a href="http://en.wikipedia.org/wiki/X-Forwarded-For">X-Forwarded-For</a> will be used. Most proxy servers already support X-Forwarded-For and you would then only need to ensure that it is enabled on your proxy servers. Some other header names in common use include <u>X-Real-Ip</u> (nginx) and <u>Cf-Connecting-Ip</u> (CloudFlare).</p>
323
- <table class="form-table">
324
- <tr><td><label><input type="checkbox" name="reverse_proxy" value="true" <?php if ($settings['reverse_proxy']) { ?>checked="checked" <?php } ?>/> <?php _e('Enable Reverse Proxy'); ?></label></td></tr>
325
- <tr><td><label><input type="text" size="32" name="reverse_proxy_header" value="<?php echo $settings['reverse_proxy_header']; ?>" /> Header containing Internet clients' IP address</label></td></tr>
326
- <tr><td><label>IP address or CIDR format address ranges for your proxy servers (one per line)<br/><textarea cols="24" rows="6" name="reverse_proxy_addresses"><?php echo implode("\n", $settings['reverse_proxy_addresses']); ?></textarea></td></tr>
327
- </table>
328
-
329
  <p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
330
  </form>
331
  </div>
@@ -343,3 +318,5 @@ function bb2_plugin_action_links($links, $file) {
343
  return $links;
344
  }
345
  add_filter("plugin_action_links", "bb2_plugin_action_links", 10, 2);
 
 
179
  $host .= "<br/>\n";
180
  }
181
  echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
182
+ if ($httpbl) echo "<br/><br/>http:BL:<br/>$httpbl\n";
183
  echo "</td>\n";
184
  $headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
185
  if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
262
  } else {
263
  $settings['offsite_forms'] = false;
264
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
265
  bb2_write_settings($settings);
266
  ?>
267
  <div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
270
  ?>
271
  <div class="wrap">
272
  <h2><?php _e("Bad Behavior"); ?></h2>
273
+ <form method="post" action="<?php echo $request_uri; ?>">
274
  <p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
275
  <p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
276
 
301
  <tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_maxage" value="<?php echo $settings['httpbl_maxage']; ?>" /> Maximum Age of Data (30 is recommended)</label></td></tr>
302
  </table>
303
 
 
 
 
 
 
 
 
 
 
 
304
  <p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
305
  </form>
306
  </div>
318
  return $links;
319
  }
320
  add_filter("plugin_action_links", "bb2_plugin_action_links", 10, 2);
321
+
322
+ ?>
bad-behavior-wordpress.php CHANGED
@@ -1,30 +1,36 @@
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
- Version: 2.1.9
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://www.bad-behavior.ioerror.us/
7
  Author: Michael Hampton
8
- Author URI: http://www.bad-behavior.ioerror.us/
9
- License: LGPLv3
10
 
11
  Bad Behavior - detects and blocks unwanted Web accesses
12
- Copyright (C) 2005,2006,2007,2008,2009,2010,2011 Michael Hampton
13
 
14
- Bad Behavior is free software; you can redistribute it and/or modify it under
15
- the terms of the GNU Lesser General Public License as published by the Free
16
- Software Foundation; either version 3 of the License, or (at your option) any
17
- later version.
18
 
19
- This program is distributed in the hope that it will be useful, but WITHOUT ANY
20
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
21
- PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
 
22
 
23
- You should have received a copy of the GNU Lesser General Public License along
24
- with this program. If not, see <http://www.gnu.org/licenses/>.
 
 
25
 
26
- Please report any problems to bad . bots AT ioerror DOT us
27
- http://www.bad-behavior.ioerror.us/
 
 
 
28
  */
29
 
30
  ###############################################################################
@@ -38,7 +44,6 @@ $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
38
  define('BB2_CWD', dirname(__FILE__));
39
 
40
  // Bad Behavior callback functions.
41
- require_once("bad-behavior-mysql.php");
42
 
43
  // Return current time in the format preferred by your database.
44
  function bb2_db_date() {
@@ -102,9 +107,7 @@ function bb2_read_settings() {
102
  // Add in default settings when they aren't yet present in WP
103
  $settings = get_settings('bad_behavior_settings');
104
  if (!$settings) $settings = array();
105
- return array_merge(array('log_table' => $wpdb->prefix . 'bad_behavior', 'display_stats' => true, 'strict' => false, 'verbose' => false, 'logging' => true, 'httpbl_key' => '', 'httpbl_threat' => '25', 'httpbl_maxage' => '30', 'offsite_forms' => false, 'reverse_proxy' => false, 'reverse_proxy_header' => 'X-Forwarded-For', 'reverse_proxy_addresses' => array(),), $settings);
106
-
107
-
108
  }
109
 
110
  // write settings to database
@@ -137,10 +140,6 @@ function bb2_insert_stats($force = false) {
137
  echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
138
  }
139
  }
140
- if (@!empty($_SESSION['BB2_RESULT'])) {
141
- echo sprintf("\n<!-- Bad Behavior result was %s! This request would have been blocked. -->\n", $_SESSION['BB2_RESULT']);
142
- unset($_SESSION['BB2_RESULT']);
143
- }
144
  }
145
 
146
  // Return the top-level relative path of wherever we are (for cookies)
@@ -149,6 +148,7 @@ function bb2_relative_path() {
149
  return $url['path'] . '/';
150
  }
151
 
 
152
  // FIXME: figure out what's wrong on 2.0 that this doesn't work
153
  // register_activation_hook(__FILE__, 'bb2_install');
154
  //add_action('activate_bb2/bad-behavior-wordpress.php', 'bb2_install');
@@ -156,6 +156,7 @@ add_action('wp_head', 'bb2_insert_head');
156
  add_action('wp_footer', 'bb2_insert_stats');
157
 
158
  // Calls inward to Bad Behavor itself.
 
159
  require_once(BB2_CWD . "/bad-behavior/core.inc.php");
160
  bb2_install(); // FIXME: see above
161
 
@@ -164,8 +165,10 @@ if (is_admin() || strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge
164
  require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
165
  }
166
 
167
- $_SESSION['BB2_RESULT'] = bb2_start(bb2_read_settings());
168
 
169
  $bb2_mtime = explode(" ", microtime());
170
  $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
171
  $bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
 
 
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
+ Version: 2.0.40
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://www.bad-behavior.ioerror.us/
7
  Author: Michael Hampton
8
+ Author URI: http://www.homelandstupidity.us/
9
+ License: GPL
10
 
11
  Bad Behavior - detects and blocks unwanted Web accesses
12
+ Copyright (C) 2005 Michael Hampton
13
 
14
+ This program is free software; you can redistribute it and/or modify
15
+ it under the terms of the GNU General Public License as published by
16
+ the Free Software Foundation; either version 2 of the License, or
17
+ (at your option) any later version.
18
 
19
+ As a special exemption, you may link this program with any of the
20
+ programs listed below, regardless of the license terms of those
21
+ programs, and distribute the resulting program, without including the
22
+ source code for such programs: ExpressionEngine
23
 
24
+ This program is distributed in the hope that it will be useful,
25
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
26
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27
+ GNU General Public License for more details.
28
 
29
+ You should have received a copy of the GNU General Public License
30
+ along with this program; if not, write to the Free Software
31
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
32
+
33
+ Please report any problems to badbots AT ioerror DOT us
34
  */
35
 
36
  ###############################################################################
44
  define('BB2_CWD', dirname(__FILE__));
45
 
46
  // Bad Behavior callback functions.
 
47
 
48
  // Return current time in the format preferred by your database.
49
  function bb2_db_date() {
107
  // Add in default settings when they aren't yet present in WP
108
  $settings = get_settings('bad_behavior_settings');
109
  if (!$settings) $settings = array();
110
+ return array_merge(array('log_table' => $wpdb->prefix . 'bad_behavior', 'display_stats' => true, 'strict' => false, 'verbose' => false, 'logging' => true, 'httpbl_key' => '', 'httpbl_threat' => '25', 'httpbl_maxage' => '30', 'offsite_forms' => false), $settings);
 
 
111
  }
112
 
113
  // write settings to database
140
  echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
141
  }
142
  }
 
 
 
 
143
  }
144
 
145
  // Return the top-level relative path of wherever we are (for cookies)
148
  return $url['path'] . '/';
149
  }
150
 
151
+ // FIXME: some sort of hack to run install on 1.5 (and older?) blogs
152
  // FIXME: figure out what's wrong on 2.0 that this doesn't work
153
  // register_activation_hook(__FILE__, 'bb2_install');
154
  //add_action('activate_bb2/bad-behavior-wordpress.php', 'bb2_install');
156
  add_action('wp_footer', 'bb2_insert_stats');
157
 
158
  // Calls inward to Bad Behavor itself.
159
+ require_once(BB2_CWD . "/bad-behavior/version.inc.php");
160
  require_once(BB2_CWD . "/bad-behavior/core.inc.php");
161
  bb2_install(); // FIXME: see above
162
 
165
  require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
166
  }
167
 
168
+ bb2_start(bb2_read_settings());
169
 
170
  $bb2_mtime = explode(" ", microtime());
171
  $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
172
  $bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
173
+
174
+ ?>
bad-behavior/banned.inc.php CHANGED
@@ -5,20 +5,7 @@
5
 
6
  require_once(BB2_CORE . "/responses.inc.php");
7
 
8
- function bb2_housekeeping($settings, $package)
9
- {
10
- // FIXME Yes, the interval's hard coded (again) for now.
11
- $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
12
- bb2_db_query($query);
13
-
14
- // Waste a bunch more of the spammer's time, sometimes.
15
- if (rand(1,1000) == 1) {
16
- $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
17
- bb2_db_query($query);
18
- }
19
- }
20
-
21
- function bb2_display_denial($settings, $package, $key, $previous_key = false)
22
  {
23
  define('DONOTCACHEPAGE', true); // WP Super Cache
24
  if (!$previous_key) $previous_key = $key;
@@ -26,7 +13,7 @@ function bb2_display_denial($settings, $package, $key, $previous_key = false)
26
  // FIXME: lookup the real key
27
  }
28
  // Create support key
29
- $ip = explode(".", $package['ip']);
30
  $ip_hex = "";
31
  foreach ($ip as $octet) {
32
  $ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
@@ -37,7 +24,7 @@ function bb2_display_denial($settings, $package, $key, $previous_key = false)
37
  $response = bb2_get_response($previous_key);
38
  header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
39
  header("Status: " . $response['response'] . " Bad Behavior");
40
- $request_uri = $_SERVER["REQUEST_URI"];
41
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
42
  ?>
43
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -61,3 +48,5 @@ function bb2_log_denial($settings, $package, $key, $previous_key=false)
61
  if (!$settings['logging']) return;
62
  bb2_db_query(bb2_insert($settings, $package, $key));
63
  }
 
 
5
 
6
  require_once(BB2_CORE . "/responses.inc.php");
7
 
8
+ function bb2_display_denial($settings, $key, $previous_key = false)
 
 
 
 
 
 
 
 
 
 
 
 
 
9
  {
10
  define('DONOTCACHEPAGE', true); // WP Super Cache
11
  if (!$previous_key) $previous_key = $key;
13
  // FIXME: lookup the real key
14
  }
15
  // Create support key
16
+ $ip = explode(".", $_SERVER['REMOTE_ADDR']);
17
  $ip_hex = "";
18
  foreach ($ip as $octet) {
19
  $ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
24
  $response = bb2_get_response($previous_key);
25
  header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
26
  header("Status: " . $response['response'] . " Bad Behavior");
27
+ $request_uri = $_SERVER['REQUEST_URI'];
28
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
29
  ?>
30
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
48
  if (!$settings['logging']) return;
49
  bb2_db_query(bb2_insert($settings, $package, $key));
50
  }
51
+
52
+ ?>
bad-behavior/blackhole.inc.php CHANGED
@@ -1,5 +1,10 @@
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
 
 
 
 
 
3
  // Look up address on various blackhole lists.
4
  // These should not be used for GET requests under any circumstances!
5
  // FIXME: Note that this code is no longer in use
@@ -61,3 +66,4 @@ function bb2_httpbl($settings, $package) {
61
  }
62
  return false;
63
  }
 
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
3
+ // Quick and dirty check for an IPv6 address
4
+ function is_ipv6($address) {
5
+ return (strpos($address, ":")) ? TRUE : FALSE;
6
+ }
7
+
8
  // Look up address on various blackhole lists.
9
  // These should not be used for GET requests under any circumstances!
10
  // FIXME: Note that this code is no longer in use
66
  }
67
  return false;
68
  }
69
+ ?>
bad-behavior/blacklist.inc.php CHANGED
@@ -18,7 +18,6 @@ function bb2_blacklist($package) {
18
  "EmailCollector", // spam harvester
19
  "Email Siphon", // spam harvester
20
  "EmailSiphon", // spam harvester
21
- "Forum Poster", // forum spambot
22
  "grub crawler", // misc comment/email spam
23
  "HttpProxy", // misc comment/email spam
24
  "Internet Explorer", // XMLRPC exploits seen
@@ -43,9 +42,8 @@ function bb2_blacklist($package) {
43
  "psycheclone", // spam harvester
44
  "PussyCat ", // misc comment spam
45
  "PycURL", // misc comment spam
46
- "Python-urllib", // commonly abused
47
- // WP 2.5 now has Flash; FIXME
48
  // "Shockwave Flash", // spam harvester
 
49
  "Super Happy Fun ", // spam harvester
50
  "TrackBack/", // trackback spam
51
  "user", // suspicious harvester
@@ -71,12 +69,11 @@ function bb2_blacklist($package) {
71
  "grub-client", // search engine ignores robots.txt
72
  "hanzoweb", // very badly behaved crawler
73
  "Indy Library", // misc comment/email spam
74
- "MSIE 7.0; Windows NT 5.2", // Cyveillance
75
  "Murzillo compatible", // comment spam bot
76
  ".NET CLR 1)", // free poker, etc.
77
  "POE-Component-Client", // free poker, etc.
78
  "Turing Machine", // www.anonymizer.com abuse
79
- "unspecified.mail", // stealth harvesters
80
  "User-agent: ", // spam harvester/splogger
81
  "WebaltBot", // spam harvester
82
  "WISEbot", // spam harvester
@@ -86,7 +83,6 @@ function bb2_blacklist($package) {
86
  "Windows NT 5.1;)", // wikispam bot
87
  "Windows XP 5", // spam harvester
88
  "WordPress/4.01", // pingback spam
89
- "Xedant Human Emulator",// spammer script engine
90
  "\\\\)", // spam harvester
91
  );
92
 
@@ -125,3 +121,5 @@ function bb2_blacklist($package) {
125
 
126
  return FALSE;
127
  }
 
 
18
  "EmailCollector", // spam harvester
19
  "Email Siphon", // spam harvester
20
  "EmailSiphon", // spam harvester
 
21
  "grub crawler", // misc comment/email spam
22
  "HttpProxy", // misc comment/email spam
23
  "Internet Explorer", // XMLRPC exploits seen
42
  "psycheclone", // spam harvester
43
  "PussyCat ", // misc comment spam
44
  "PycURL", // misc comment spam
 
 
45
  // "Shockwave Flash", // spam harvester
46
+ // WP 2.5 now has Flash; FIXME
47
  "Super Happy Fun ", // spam harvester
48
  "TrackBack/", // trackback spam
49
  "user", // suspicious harvester
69
  "grub-client", // search engine ignores robots.txt
70
  "hanzoweb", // very badly behaved crawler
71
  "Indy Library", // misc comment/email spam
72
+ "larbin@unspecified", // stealth harvesters
73
  "Murzillo compatible", // comment spam bot
74
  ".NET CLR 1)", // free poker, etc.
75
  "POE-Component-Client", // free poker, etc.
76
  "Turing Machine", // www.anonymizer.com abuse
 
77
  "User-agent: ", // spam harvester/splogger
78
  "WebaltBot", // spam harvester
79
  "WISEbot", // spam harvester
83
  "Windows NT 5.1;)", // wikispam bot
84
  "Windows XP 5", // spam harvester
85
  "WordPress/4.01", // pingback spam
 
86
  "\\\\)", // spam harvester
87
  );
88
 
121
 
122
  return FALSE;
123
  }
124
+
125
+ ?>
bad-behavior/browser.inc.php DELETED
@@ -1,84 +0,0 @@
1
- <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
-
3
- // Analyze user agents claiming to be Konqueror
4
-
5
- function bb2_konqueror($package)
6
- {
7
- // CafeKelsa is a dev project at Yahoo which indexes job listings for
8
- // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
9
- if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
10
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
11
- return "17566707";
12
- }
13
- }
14
- return false;
15
- }
16
-
17
- // Analyze user agents claiming to be Lynx
18
-
19
- function bb2_lynx($package)
20
- {
21
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
22
- return "17566707";
23
- }
24
- return false;
25
- }
26
-
27
- // Analyze user agents claiming to be Mozilla
28
-
29
- function bb2_mozilla($package)
30
- {
31
- // First off, workaround for Google Desktop, until they fix it FIXME
32
- // Google Desktop fixed it, but apparently some old versions are
33
- // still out there. :(
34
- // Always check accept header for Mozilla user agents
35
- if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
36
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
37
- return "17566707";
38
- }
39
- }
40
- return false;
41
- }
42
-
43
- // Analyze user agents claiming to be MSIE
44
-
45
- function bb2_msie($package)
46
- {
47
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
48
- return "17566707";
49
- }
50
-
51
- // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
52
- if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
53
- return "a1084bad";
54
- }
55
-
56
- // MSIE does NOT send Connection: TE but Akamai does
57
- // Bypass this test when Akamai detected
58
- // The latest version of IE for Windows CE also uses Connection: TE
59
- if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
60
- return "2b90f772";
61
- }
62
-
63
- return false;
64
- }
65
-
66
- // Analyze user agents claiming to be Opera
67
-
68
- function bb2_opera($package)
69
- {
70
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
71
- return "17566707";
72
- }
73
- return false;
74
- }
75
-
76
- // Analyze user agents claiming to be Safari
77
-
78
- function bb2_safari($package)
79
- {
80
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
81
- return "17566707";
82
- }
83
- return false;
84
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior/cloudflare.inc.php DELETED
@@ -1,14 +0,0 @@
1
- <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
-
3
- // Analyze requests claiming to be from CloudFlare
4
-
5
- require_once(BB2_CORE . "/roundtripdns.inc.php");
6
-
7
- function bb2_cloudflare($package)
8
- {
9
- # Disabled due to http://bugs.php.net/bug.php?id=53092
10
- # if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
11
- # return '70e45496';
12
- # }
13
- return false;
14
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior/common_tests.inc.php CHANGED
@@ -4,7 +4,8 @@
4
 
5
  function bb2_protocol($settings, $package)
6
  {
7
- // We should never see Expect: for HTTP/1.0 requests
 
8
  if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
9
  return "a0105122";
10
  }
@@ -40,8 +41,6 @@ function bb2_misc_headers($settings, $package)
40
 
41
  // Broken spambots send URLs with various invalid characters
42
  // Some broken browsers send the #vector in the referer field :(
43
- // Worse yet, some Javascript client-side apps do the same in
44
- // blatant violation of the protocol and good sense.
45
  // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
46
  if (strpos($package['request_uri'], "#") !== FALSE) {
47
  return "dfd9b1ad";
@@ -70,6 +69,7 @@ function bb2_misc_headers($settings, $package)
70
  // Lowercase via is used by open proxies/referrer spammers
71
  // Exceptions: Clearswift uses lowercase via (refuses to fix;
72
  // may be blocked again in the future)
 
73
  if (array_key_exists('via', $package['headers']) &&
74
  strpos($package['headers']['via'],'Clearswift') === FALSE &&
75
  strpos($ua,'CoralWebPrx') === FALSE) {
@@ -106,10 +106,6 @@ function bb2_misc_headers($settings, $package)
106
  if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
107
  return "a52f0448";
108
  }
109
- // Keep-Alive format in RFC 2068; some bots mangle these headers
110
- if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
111
- return "b0924802";
112
- }
113
  }
114
 
115
 
@@ -118,8 +114,6 @@ function bb2_misc_headers($settings, $package)
118
  return "b9cc1d86";
119
  }
120
  // Proxy-Connection does not exist and should never be seen in the wild
121
- // http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html
122
- // http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html
123
  if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
124
  return "b7830251";
125
  }
@@ -132,7 +126,7 @@ function bb2_misc_headers($settings, $package)
132
 
133
  // Referer, if it exists, must contain a :
134
  // While a relative URL is technically valid in Referer, all known
135
- // legitimate user-agents send an absolute URL
136
  if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
137
  return "45b35e30";
138
  }
@@ -146,3 +140,5 @@ function bb2_misc_headers($settings, $package)
146
 
147
  return false;
148
  }
 
 
4
 
5
  function bb2_protocol($settings, $package)
6
  {
7
+ // Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
8
+ // Always run this test; we should never see Expect:
9
  if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
10
  return "a0105122";
11
  }
41
 
42
  // Broken spambots send URLs with various invalid characters
43
  // Some broken browsers send the #vector in the referer field :(
 
 
44
  // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
45
  if (strpos($package['request_uri'], "#") !== FALSE) {
46
  return "dfd9b1ad";
69
  // Lowercase via is used by open proxies/referrer spammers
70
  // Exceptions: Clearswift uses lowercase via (refuses to fix;
71
  // may be blocked again in the future)
72
+ // Coral CDN uses lowercase via
73
  if (array_key_exists('via', $package['headers']) &&
74
  strpos($package['headers']['via'],'Clearswift') === FALSE &&
75
  strpos($ua,'CoralWebPrx') === FALSE) {
106
  if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
107
  return "a52f0448";
108
  }
 
 
 
 
109
  }
110
 
111
 
114
  return "b9cc1d86";
115
  }
116
  // Proxy-Connection does not exist and should never be seen in the wild
 
 
117
  if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
118
  return "b7830251";
119
  }
126
 
127
  // Referer, if it exists, must contain a :
128
  // While a relative URL is technically valid in Referer, all known
129
+ // legit user-agents send an absolute URL
130
  if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
131
  return "45b35e30";
132
  }
140
 
141
  return false;
142
  }
143
+
144
+ ?>
bad-behavior/core.inc.php CHANGED
@@ -1,7 +1,6 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
- define('BB2_VERSION', "2.1.9");
3
 
4
- // Bad Behavior entry point is bb2_start()
5
  // If you're reading this, you are probably lost.
6
  // Go read the bad-behavior-generic.php file.
7
 
@@ -10,6 +9,51 @@ define('BB2_COOKIE', 'bb2_screener_');
10
 
11
  require_once(BB2_CORE . "/functions.inc.php");
12
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
13
  // Kill 'em all!
14
  function bb2_banned($settings, $package, $key, $previous_key=false)
15
  {
@@ -17,12 +61,13 @@ function bb2_banned($settings, $package, $key, $previous_key=false)
17
  sleep(2);
18
 
19
  require_once(BB2_CORE . "/banned.inc.php");
20
- bb2_display_denial($settings, $package, $key, $previous_key);
21
  bb2_log_denial($settings, $package, $key, $previous_key);
22
  if (is_callable('bb2_banned_callback')) {
23
  bb2_banned_callback($settings, $package, $key);
24
  }
25
  // Penalize the spammers some more
 
26
  bb2_housekeeping($settings, $package);
27
  die();
28
  }
@@ -40,27 +85,26 @@ function bb2_approved($settings, $package)
40
  }
41
  }
42
 
43
- // If this is reverse-proxied or load balanced, obtain the actual client IP
44
- function bb2_reverse_proxy($settings, $headers_mixed)
 
45
  {
46
- $addrs = array_reverse(preg_split("/[\s,]+/", $headers_mixed[$settings['reverse_proxy_header']]));
47
- if (!empty($settings['reverse_proxy_addresses'])) {
48
- foreach ($addrs as $addr) {
49
- if (!match_cidr($addr, $settings['reverse_proxy_addresses'])) {
50
- return $addr;
51
- }
52
- }
53
  }
54
- return $addrs[0];
55
  }
56
 
 
57
  // Let God sort 'em out!
58
  function bb2_start($settings)
59
  {
60
  // Gather up all the information we need, first of all.
61
  $headers = bb2_load_headers();
62
  // Postprocess the headers to mixed-case
63
- // TODO: get the world to stop using PHP as CGI
64
  $headers_mixed = array();
65
  foreach ($headers as $h => $v) {
66
  $headers_mixed[uc_all($h)] = $v;
@@ -68,116 +112,91 @@ function bb2_start($settings)
68
 
69
  // IPv6 - IPv4 compatibility mode hack
70
  $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
 
 
 
 
 
 
 
71
 
72
  // Reconstruct the HTTP entity, if present.
73
  $request_entity = array();
74
- if (!strcasecmp($_SERVER['REQUEST_METHOD'], "POST") || !strcasecmp($_SERVER['REQUEST_METHOD'], "PUT")) {
75
  foreach ($_POST as $h => $v) {
76
  $request_entity[$h] = $v;
77
  }
78
  }
79
 
80
- $request_uri = $_SERVER["REQUEST_URI"];
81
- if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
82
-
83
- if ($settings['reverse_proxy']) {
84
- $headers['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
85
- $headers_mixed['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
86
- $ip = bb2_reverse_proxy($settings, $headers_mixed);
87
- } else {
88
- $ip = $_SERVER['REMOTE_ADDR'];
89
- }
90
-
91
- @$package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false,);
92
-
93
- $result = bb2_screen($settings, $package);
94
- if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
95
- return $result;
96
- }
97
 
98
- function bb2_screen($settings, $package)
99
- {
100
- // Please proceed to the security checkpoint, have your identification
101
- // and boarding pass ready, and prepare to be nakedized or fondled.
102
-
103
- // Check for CloudFlare CDN since IP to be screened may be different
104
- // Thanks to butchs at Simple Machines
105
- if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
106
- require_once(BB2_CORE . "/cloudflare.inc.php");
107
- $r = bb2_cloudflare($package);
108
- if ($r !== false && $r != $package['ip']) return $r;
109
- # FIXME: For Cloudflare we are bypassing all checks for now
110
- # See cloudflare.inc.php for more detail
111
- bb2_approved($settings, $package);
112
- return false;
113
- }
114
 
115
  // First check the whitelist
116
  require_once(BB2_CORE . "/whitelist.inc.php");
117
  if (!bb2_whitelist($package)) {
118
  // Now check the blacklist
119
  require_once(BB2_CORE . "/blacklist.inc.php");
120
- if ($r = bb2_blacklist($package)) return $r;
121
 
122
  // Check the http:BL
123
  require_once(BB2_CORE . "/blackhole.inc.php");
124
- if ($r = bb2_httpbl($settings, $package)) return $r;
125
 
126
  // Check for common stuff
127
  require_once(BB2_CORE . "/common_tests.inc.php");
128
- if ($r = bb2_protocol($settings, $package)) return $r;
129
- if ($r = bb2_cookies($settings, $package)) return $r;
130
- if ($r = bb2_misc_headers($settings, $package)) return $r;
131
 
132
  // Specific checks
133
- @$ua = $package['user_agent'];
134
  // MSIE checks
135
- if (stripos($ua, "; MSIE") !== FALSE) {
136
  $package['is_browser'] = true;
137
- require_once(BB2_CORE . "/browser.inc.php");
138
  if (stripos($ua, "Opera") !== FALSE) {
139
- if ($r = bb2_opera($package)) return $r;
 
140
  } else {
141
- if ($r = bb2_msie($package)) return $r;
 
142
  }
143
  } elseif (stripos($ua, "Konqueror") !== FALSE) {
144
  $package['is_browser'] = true;
145
- require_once(BB2_CORE . "/browser.inc.php");
146
- if ($r = bb2_konqueror($package)) return $r;
147
  } elseif (stripos($ua, "Opera") !== FALSE) {
148
  $package['is_browser'] = true;
149
- require_once(BB2_CORE . "/browser.inc.php");
150
- if ($r = bb2_opera($package)) return $r;
151
  } elseif (stripos($ua, "Safari") !== FALSE) {
152
  $package['is_browser'] = true;
153
- require_once(BB2_CORE . "/browser.inc.php");
154
- if ($r = bb2_safari($package)) return $r;
155
  } elseif (stripos($ua, "Lynx") !== FALSE) {
156
  $package['is_browser'] = true;
157
- require_once(BB2_CORE . "/browser.inc.php");
158
- if ($r = bb2_lynx($package)) return $r;
159
  } elseif (stripos($ua, "MovableType") !== FALSE) {
160
  require_once(BB2_CORE . "/movabletype.inc.php");
161
- if ($r = bb2_movabletype($package)) return $r;
162
  } elseif (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
163
- require_once(BB2_CORE . "/searchengine.inc.php");
164
- if ($r = bb2_msnbot($package)) return $r;
165
  } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
166
- require_once(BB2_CORE . "/searchengine.inc.php");
167
- if ($r = bb2_google($package)) return $r;
168
- } elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
169
- require_once(BB2_CORE . "/searchengine.inc.php");
170
- if ($r = bb2_yahoo($package)) return $r;
171
  } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
172
  $package['is_browser'] = true;
173
- require_once(BB2_CORE . "/browser.inc.php");
174
- if ($r = bb2_mozilla($package)) return $r;
175
  }
176
 
177
  // More intensive screening applies to POST requests
178
  if (!strcasecmp('POST', $package['request_method'])) {
179
  require_once(BB2_CORE . "/post.inc.php");
180
- if ($r = bb2_post($settings, $package)) return $r;
181
  }
182
  }
183
 
@@ -187,5 +206,6 @@ function bb2_screen($settings, $package)
187
 
188
  // And that's about it.
189
  bb2_approved($settings, $package);
190
- return false;
191
  }
 
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
 
2
 
3
+ // Bad Behavior entry point is start_bad_behavior().
4
  // If you're reading this, you are probably lost.
5
  // Go read the bad-behavior-generic.php file.
6
 
9
 
10
  require_once(BB2_CORE . "/functions.inc.php");
11
 
12
+ // Our log table structure
13
+ function bb2_table_structure($name)
14
+ {
15
+ // It's not paranoia if they really are out to get you.
16
+ $name_escaped = bb2_db_escape($name);
17
+ return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
18
+ `id` INT(11) NOT NULL auto_increment,
19
+ `ip` TEXT NOT NULL,
20
+ `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
21
+ `request_method` TEXT NOT NULL,
22
+ `request_uri` TEXT NOT NULL,
23
+ `server_protocol` TEXT NOT NULL,
24
+ `http_headers` TEXT NOT NULL,
25
+ `user_agent` TEXT NOT NULL,
26
+ `request_entity` TEXT NOT NULL,
27
+ `key` TEXT NOT NULL,
28
+ INDEX (`ip`(15)),
29
+ INDEX (`user_agent`(10)),
30
+ PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
31
+ }
32
+
33
+ // Insert a new record
34
+ function bb2_insert($settings, $package, $key)
35
+ {
36
+ $ip = bb2_db_escape($package['ip']);
37
+ $date = bb2_db_date();
38
+ $request_method = bb2_db_escape($package['request_method']);
39
+ $request_uri = bb2_db_escape($package['request_uri']);
40
+ $server_protocol = bb2_db_escape($package['server_protocol']);
41
+ $user_agent = bb2_db_escape($package['user_agent']);
42
+ $headers = "$request_method $request_uri $server_protocol\n";
43
+ foreach ($package['headers'] as $h => $v) {
44
+ $headers .= bb2_db_escape("$h: $v\n");
45
+ }
46
+ $request_entity = "";
47
+ if (!strcasecmp($request_method, "POST")) {
48
+ foreach ($package['request_entity'] as $h => $v) {
49
+ $request_entity .= bb2_db_escape("$h: $v\n");
50
+ }
51
+ }
52
+ return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
53
+ (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
54
+ ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
55
+ }
56
+
57
  // Kill 'em all!
58
  function bb2_banned($settings, $package, $key, $previous_key=false)
59
  {
61
  sleep(2);
62
 
63
  require_once(BB2_CORE . "/banned.inc.php");
64
+ bb2_display_denial($settings, $key, $previous_key);
65
  bb2_log_denial($settings, $package, $key, $previous_key);
66
  if (is_callable('bb2_banned_callback')) {
67
  bb2_banned_callback($settings, $package, $key);
68
  }
69
  // Penalize the spammers some more
70
+ require_once(BB2_CORE . "/housekeeping.inc.php");
71
  bb2_housekeeping($settings, $package);
72
  die();
73
  }
85
  }
86
  }
87
 
88
+ // Check the results of a particular test; see below for usage
89
+ // Returns FALSE if test passed (yes this is backwards)
90
+ function bb2_test($settings, $package, $result)
91
  {
92
+ if ($result !== FALSE)
93
+ {
94
+ bb2_banned($settings, $package, $result);
95
+ return TRUE;
 
 
 
96
  }
97
+ return FALSE;
98
  }
99
 
100
+
101
  // Let God sort 'em out!
102
  function bb2_start($settings)
103
  {
104
  // Gather up all the information we need, first of all.
105
  $headers = bb2_load_headers();
106
  // Postprocess the headers to mixed-case
107
+ // FIXME: get the world to stop using PHP as CGI
108
  $headers_mixed = array();
109
  foreach ($headers as $h => $v) {
110
  $headers_mixed[uc_all($h)] = $v;
112
 
113
  // IPv6 - IPv4 compatibility mode hack
114
  $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
115
+ // We use these frequently. Keep a copy close at hand.
116
+ $ip = $_SERVER['REMOTE_ADDR'];
117
+ $request_method = $_SERVER['REQUEST_METHOD'];
118
+ $request_uri = $_SERVER['REQUEST_URI'];
119
+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
120
+ $server_protocol = $_SERVER['SERVER_PROTOCOL'];
121
+ @$user_agent = $_SERVER['HTTP_USER_AGENT'];
122
 
123
  // Reconstruct the HTTP entity, if present.
124
  $request_entity = array();
125
+ if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
126
  foreach ($_POST as $h => $v) {
127
  $request_entity[$h] = $v;
128
  }
129
  }
130
 
131
+ $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
132
 
133
+ // Please proceed to the security checkpoint and have your
134
+ // identification and boarding pass ready.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
135
 
136
  // First check the whitelist
137
  require_once(BB2_CORE . "/whitelist.inc.php");
138
  if (!bb2_whitelist($package)) {
139
  // Now check the blacklist
140
  require_once(BB2_CORE . "/blacklist.inc.php");
141
+ bb2_test($settings, $package, bb2_blacklist($package));
142
 
143
  // Check the http:BL
144
  require_once(BB2_CORE . "/blackhole.inc.php");
145
+ bb2_test($settings, $package, bb2_httpbl($settings, $package));
146
 
147
  // Check for common stuff
148
  require_once(BB2_CORE . "/common_tests.inc.php");
149
+ bb2_test($settings, $package, bb2_protocol($settings, $package));
150
+ bb2_test($settings, $package, bb2_cookies($settings, $package));
151
+ bb2_test($settings, $package, bb2_misc_headers($settings, $package));
152
 
153
  // Specific checks
154
+ @$ua = $headers_mixed['User-Agent'];
155
  // MSIE checks
156
+ if (stripos($ua, "MSIE") !== FALSE) {
157
  $package['is_browser'] = true;
 
158
  if (stripos($ua, "Opera") !== FALSE) {
159
+ require_once(BB2_CORE . "/opera.inc.php");
160
+ bb2_test($settings, $package, bb2_opera($package));
161
  } else {
162
+ require_once(BB2_CORE . "/msie.inc.php");
163
+ bb2_test($settings, $package, bb2_msie($package));
164
  }
165
  } elseif (stripos($ua, "Konqueror") !== FALSE) {
166
  $package['is_browser'] = true;
167
+ require_once(BB2_CORE . "/konqueror.inc.php");
168
+ bb2_test($settings, $package, bb2_konqueror($package));
169
  } elseif (stripos($ua, "Opera") !== FALSE) {
170
  $package['is_browser'] = true;
171
+ require_once(BB2_CORE . "/opera.inc.php");
172
+ bb2_test($settings, $package, bb2_opera($package));
173
  } elseif (stripos($ua, "Safari") !== FALSE) {
174
  $package['is_browser'] = true;
175
+ require_once(BB2_CORE . "/safari.inc.php");
176
+ bb2_test($settings, $package, bb2_safari($package));
177
  } elseif (stripos($ua, "Lynx") !== FALSE) {
178
  $package['is_browser'] = true;
179
+ require_once(BB2_CORE . "/lynx.inc.php");
180
+ bb2_test($settings, $package, bb2_lynx($package));
181
  } elseif (stripos($ua, "MovableType") !== FALSE) {
182
  require_once(BB2_CORE . "/movabletype.inc.php");
183
+ bb2_test($settings, $package, bb2_movabletype($package));
184
  } elseif (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
185
+ require_once(BB2_CORE . "/msnbot.inc.php");
186
+ bb2_test($settings, $package, bb2_msnbot($package));
187
  } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
188
+ require_once(BB2_CORE . "/google.inc.php");
189
+ bb2_test($settings, $package, bb2_google($package));
 
 
 
190
  } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
191
  $package['is_browser'] = true;
192
+ require_once(BB2_CORE . "/mozilla.inc.php");
193
+ bb2_test($settings, $package, bb2_mozilla($package));
194
  }
195
 
196
  // More intensive screening applies to POST requests
197
  if (!strcasecmp('POST', $package['request_method'])) {
198
  require_once(BB2_CORE . "/post.inc.php");
199
+ bb2_test($settings, $package, bb2_post($settings, $package));
200
  }
201
  }
202
 
206
 
207
  // And that's about it.
208
  bb2_approved($settings, $package);
209
+ return true;
210
  }
211
+ ?>
bad-behavior/functions.inc.php CHANGED
@@ -2,11 +2,6 @@
2
 
3
  // Miscellaneous helper functions.
4
 
5
- // Quick and dirty check for an IPv6 address
6
- function is_ipv6($address) {
7
- return (strpos($address, ":")) ? TRUE : FALSE;
8
- }
9
-
10
  // stripos() needed because stripos is only present on PHP 5
11
  if (!function_exists('stripos')) {
12
  function stripos($haystack,$needle,$offset = 0) {
@@ -72,3 +67,5 @@ function bb2_load_headers() {
72
  }
73
  return $headers;
74
  }
 
 
2
 
3
  // Miscellaneous helper functions.
4
 
 
 
 
 
 
5
  // stripos() needed because stripos is only present on PHP 5
6
  if (!function_exists('stripos')) {
7
  function stripos($haystack,$needle,$offset = 0) {
67
  }
68
  return $headers;
69
  }
70
+
71
+ ?>
bad-behavior/google.inc.php ADDED
@@ -0,0 +1,13 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Googlebot
4
+
5
+ function bb2_google($package)
6
+ {
7
+ if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
8
+ return "f1182195";
9
+ }
10
+ return false;
11
+ }
12
+
13
+ ?>
bad-behavior/housekeeping.inc.php ADDED
@@ -0,0 +1,16 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ function bb2_housekeeping($settings, $package)
4
+ {
5
+ // FIXME Yes, the interval's hard coded (again) for now.
6
+ $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
7
+ bb2_db_query($query);
8
+
9
+ // Waste a bunch more of the spammer's time, sometimes.
10
+ if (rand(1,1000) == 1) {
11
+ $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
12
+ bb2_db_query($query);
13
+ }
14
+ }
15
+
16
+ ?>
bad-behavior/konqueror.inc.php ADDED
@@ -0,0 +1,17 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Konqueror
4
+
5
+ function bb2_konqueror($package)
6
+ {
7
+ // CafeKelsa is a dev project at Yahoo which indexes job listings for
8
+ // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
9
+ if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
10
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
11
+ return "17566707";
12
+ }
13
+ }
14
+ return false;
15
+ }
16
+
17
+ ?>
bad-behavior/lynx.inc.php ADDED
@@ -0,0 +1,13 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Lynx
4
+
5
+ function bb2_lynx($package)
6
+ {
7
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
8
+ return "17566707";
9
+ }
10
+ return false;
11
+ }
12
+
13
+ ?>
bad-behavior/movabletype.inc.php CHANGED
@@ -10,3 +10,5 @@ function bb2_movabletype($package)
10
  }
11
  return false;
12
  }
 
 
10
  }
11
  return false;
12
  }
13
+
14
+ ?>
bad-behavior/mozilla.inc.php ADDED
@@ -0,0 +1,19 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Mozilla
4
+
5
+ function bb2_mozilla($package)
6
+ {
7
+ // First off, workaround for Google Desktop, until they fix it FIXME
8
+ // Google Desktop fixed it, but apparently some old versions are
9
+ // still out there. :(
10
+ // Always check accept header for Mozilla user agents
11
+ if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
12
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
13
+ return "17566707";
14
+ }
15
+ }
16
+ return false;
17
+ }
18
+
19
+ ?>
bad-behavior/msie.inc.php ADDED
@@ -0,0 +1,26 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be MSIE
4
+
5
+ function bb2_msie($package)
6
+ {
7
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
8
+ return "17566707";
9
+ }
10
+
11
+ // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
12
+ if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
13
+ return "a1084bad";
14
+ }
15
+
16
+ // MSIE does NOT send Connection: TE but Akamai does
17
+ // Bypass this test when Akamai detected
18
+ // The latest version of IE for Windows CE also uses Connection: TE
19
+ if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
20
+ return "2b90f772";
21
+ }
22
+
23
+ return false;
24
+ }
25
+
26
+ ?>
bad-behavior/msnbot.inc.php ADDED
@@ -0,0 +1,13 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be msnbot
4
+
5
+ function bb2_msnbot($package)
6
+ {
7
+ if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
8
+ return "e4de0453";
9
+ }
10
+ return false;
11
+ }
12
+
13
+ ?>
bad-behavior/opera.inc.php ADDED
@@ -0,0 +1,13 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Opera
4
+
5
+ function bb2_opera($package)
6
+ {
7
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
8
+ return "17566707";
9
+ }
10
+ return false;
11
+ }
12
+
13
+ ?>
bad-behavior/post.inc.php CHANGED
@@ -1,36 +1,11 @@
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
3
- // Specialized screening for trackbacks
4
- function bb2_trackback($package)
5
- {
6
- // Web browsers don't send trackbacks
7
- if ($package['is_browser']) {
8
- return 'f0dcb3fd';
9
- }
10
-
11
- // Proxy servers don't send trackbacks either
12
- if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
13
- return 'd60b87c7';
14
- }
15
-
16
- // Fake WordPress trackbacks
17
- // Real ones do not contain Accept:, and have a charset defined
18
- // Real WP trackbacks may contain Accept: depending on the HTTP
19
- // transport being used by the sending host
20
- if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
21
- if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
22
- return 'e3990b47';
23
- }
24
- }
25
- return false;
26
- }
27
-
28
  // All tests which apply specifically to POST requests
29
  function bb2_post($settings, $package)
30
  {
31
  // Check blackhole lists for known spam/malicious activity
32
  // require_once(BB2_CORE . "/blackhole.inc.php");
33
- // if ($r = bb2_blackhole($package)) return $r;
34
 
35
  // MovableType needs specialized screening
36
  if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
@@ -42,6 +17,7 @@ function bb2_post($settings, $package)
42
  // Trackbacks need special screening
43
  $request_entity = $package['request_entity'];
44
  if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
 
45
  return bb2_trackback($package);
46
  }
47
 
@@ -100,3 +76,5 @@ function bb2_post($settings, $package)
100
 
101
  return false;
102
  }
 
 
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3
  // All tests which apply specifically to POST requests
4
  function bb2_post($settings, $package)
5
  {
6
  // Check blackhole lists for known spam/malicious activity
7
  // require_once(BB2_CORE . "/blackhole.inc.php");
8
+ // bb2_test($settings, $package, bb2_blackhole($package));
9
 
10
  // MovableType needs specialized screening
11
  if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
17
  // Trackbacks need special screening
18
  $request_entity = $package['request_entity'];
19
  if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
20
+ require_once(BB2_CORE . "/trackback.inc.php");
21
  return bb2_trackback($package);
22
  }
23
 
76
 
77
  return false;
78
  }
79
+
80
+ ?>
bad-behavior/responses.inc.php CHANGED
@@ -19,8 +19,6 @@ function bb2_get_response($key) {
19
  '582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
20
  '69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
21
  '6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
22
- '70e45496' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User agent claimed to be CloudFlare, claim appears false'),
23
- '71436a15' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Yahoo, claim appears to be false'),
24
  '799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
25
  '7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
26
  '7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
@@ -30,7 +28,6 @@ function bb2_get_response($key) {
30
  'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
31
  'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
32
  'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
33
- 'b0924802' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by malicious software on your computer.', 'log' => 'Incorrect form of HTTP/1.0 Keep-Alive'),
34
  'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
35
  'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
36
  'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
@@ -49,3 +46,4 @@ function bb2_get_response($key) {
49
  if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
50
  return array('00000000');
51
  }
 
19
  '582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
20
  '69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
21
  '6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
 
 
22
  '799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
23
  '7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
24
  '7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
28
  'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
29
  'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
30
  'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
 
31
  'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
32
  'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
33
  'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
46
  if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
47
  return array('00000000');
48
  }
49
+ ?>
bad-behavior/roundtripdns.inc.php DELETED
@@ -1,20 +0,0 @@
1
- <?php if (!defined('BB2_CORE')) die("I said no cheating!");
2
-
3
- # Round trip DNS verification
4
-
5
- # Returns TRUE if DNS matches; FALSE on mismatch
6
- # Returns $ip if an error occurs
7
- # TODO: Not IPv6 safe
8
- # FIXME: Returns false on DNS server failure; PHP provides no distinction
9
- # between no records and error condition
10
- function bb2_roundtripdns($ip,$domain)
11
- {
12
- if (@is_ipv6($ip)) return $ip;
13
-
14
- $host = gethostbyaddr($ip);
15
- $host_result = strpos(strrev($host), strrev($domain));
16
- if ($host_result === false || $host_result > 0) return false;
17
- $addrs = gethostbynamel($host);
18
- if (in_array($ip, $addrs)) return true;
19
- return false;
20
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior/safari.inc.php ADDED
@@ -0,0 +1,13 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze user agents claiming to be Safari
4
+
5
+ function bb2_safari($package)
6
+ {
7
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
8
+ return "17566707";
9
+ }
10
+ return false;
11
+ }
12
+
13
+ ?>
bad-behavior/screener.inc.php CHANGED
@@ -60,3 +60,4 @@ function bb2_screener($settings, $package)
60
  bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
61
  bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
62
  }
 
60
  bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
61
  bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
62
  }
63
+ ?>
bad-behavior/searchengine.inc.php DELETED
@@ -1,45 +0,0 @@
1
- <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
-
3
- require_once(BB2_CORE . "/roundtripdns.inc.php");
4
-
5
- // Analyze user agents claiming to be Googlebot
6
-
7
- function bb2_google($package)
8
- {
9
- if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18")) === FALSE) {
10
- return "f1182195";
11
- }
12
- # Disabled due to http://bugs.php.net/bug.php?id=53092
13
- # if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
14
- # return "f1182195";
15
- # }
16
- return false;
17
- }
18
-
19
- // Analyze user agents claiming to be msnbot
20
-
21
- function bb2_msnbot($package)
22
- {
23
- if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
24
- return "e4de0453";
25
- }
26
- # Disabled due to http://bugs.php.net/bug.php?id=53092
27
- # if (!bb2_roundtripdns($package['ip'], "msn.com")) {
28
- # return "e4de0453";
29
- # }
30
- return false;
31
- }
32
-
33
- // Analyze user agents claiming to be Yahoo!
34
-
35
- function bb2_yahoo($package)
36
- {
37
- if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14")) === FALSE) {
38
- return '71436a15';
39
- }
40
- # Disabled due to http://bugs.php.net/bug.php?id=53092
41
- # if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
42
- # return "71436a15";
43
- # }
44
- return false;
45
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bad-behavior/trackback.inc.php ADDED
@@ -0,0 +1,28 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Specialized screening for trackbacks
4
+ function bb2_trackback($package)
5
+ {
6
+ // Web browsers don't send trackbacks
7
+ if ($package['is_browser']) {
8
+ return 'f0dcb3fd';
9
+ }
10
+
11
+ // Proxy servers don't send trackbacks either
12
+ if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
13
+ return 'd60b87c7';
14
+ }
15
+
16
+ // Fake WordPress trackbacks
17
+ // Real ones do not contain Accept:, and have a charset defined
18
+ // Real WP trackbacks may contain Accept: depending on the HTTP
19
+ // transport being used by the sending host
20
+ if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
21
+ if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
22
+ return 'e3990b47';
23
+ }
24
+ }
25
+ return false;
26
+ }
27
+
28
+ ?>
bad-behavior/version.inc.php ADDED
@@ -0,0 +1,3 @@
 
 
 
1
+ <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
+ define('BB2_VERSION', "2.0.40");
3
+ ?>
bad-behavior/whitelist.inc.php CHANGED
@@ -2,27 +2,82 @@
2
 
3
  function bb2_whitelist($package)
4
  {
5
- $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
6
 
7
- if (@!empty($whitelists['ip'])) {
8
- foreach ($whitelists['ip'] as $range) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
9
  if (match_cidr($package['ip'], $range)) return true;
10
  }
11
  }
12
- if (@!empty($whitelists['useragent'])) {
13
- foreach ($whitelists['useragent'] as $user_agent) {
14
  if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
15
  }
16
  }
17
- if (@!empty($whitelists['url'])) {
18
  if (strpos($package['request_uri'], "?") === FALSE) {
19
  $request_uri = $package['request_uri'];
20
  } else {
21
- $request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
22
  }
23
- foreach ($whitelists['url'] as $url) {
24
  if (!strcmp($request_uri, $url)) return true;
25
  }
26
  }
27
  return false;
28
  }
 
 
2
 
3
  function bb2_whitelist($package)
4
  {
5
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
6
 
7
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
8
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
9
+ // are 100% CERTAIN that you should.
10
+
11
+ // IP address ranges use the CIDR format.
12
+
13
+ // Includes four examples of whitelisting by IP address and netblock.
14
+ $bb2_whitelist_ip_ranges = array(
15
+ "64.191.203.34", // Digg whitelisted as of 2.0.12
16
+ "208.67.217.130", // Digg whitelisted as of 2.0.12
17
+ "10.0.0.0/8",
18
+ "172.16.0.0/12",
19
+ "192.168.0.0/16",
20
+ // "127.0.0.1",
21
+ );
22
+
23
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
24
+
25
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
26
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
27
+ // are 100% CERTAIN that you should.
28
+
29
+ // You should not whitelist search engines by user agent. Use the IP
30
+ // netblock for the search engine instead. See http://whois.arin.net/
31
+ // to locate the netblocks for an IP.
32
+
33
+ // User agents are matched by exact match only.
34
+
35
+ // Includes one example of whitelisting by user agent.
36
+ // All are commented out.
37
+ $bb2_whitelist_user_agents = array(
38
+ // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
39
+ );
40
+
41
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
42
+
43
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
44
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
45
+ // are 100% CERTAIN that you should.
46
+
47
+ // URLs are matched from the first / after the server name up to,
48
+ // but not including, the ? (if any).
49
+
50
+ // Includes two examples of whitelisting by URL.
51
+ $bb2_whitelist_urls = array(
52
+ // "/example.php",
53
+ // "/openid/server",
54
+ );
55
+
56
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
57
+
58
+ // Do not edit below this line
59
+
60
+ if (!empty($bb2_whitelist_ip_ranges)) {
61
+ foreach ($bb2_whitelist_ip_ranges as $range) {
62
  if (match_cidr($package['ip'], $range)) return true;
63
  }
64
  }
65
+ if (!empty($bb2_whitelist_user_agents)) {
66
+ foreach ($bb2_whitelist_user_agents as $user_agent) {
67
  if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
68
  }
69
  }
70
+ if (!empty($bb2_whitelist_urls)) {
71
  if (strpos($package['request_uri'], "?") === FALSE) {
72
  $request_uri = $package['request_uri'];
73
  } else {
74
+ $request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
75
  }
76
+ foreach ($bb2_whitelist_urls as $url) {
77
  if (!strcmp($request_uri, $url)) return true;
78
  }
79
  }
80
  return false;
81
  }
82
+
83
+ ?>
lgpl-3.0.txt DELETED
@@ -1,165 +0,0 @@
1
- GNU LESSER GENERAL PUBLIC LICENSE
2
- Version 3, 29 June 2007
3
-
4
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
5
- Everyone is permitted to copy and distribute verbatim copies
6
- of this license document, but changing it is not allowed.
7
-
8
-
9
- This version of the GNU Lesser General Public License incorporates
10
- the terms and conditions of version 3 of the GNU General Public
11
- License, supplemented by the additional permissions listed below.
12
-
13
- 0. Additional Definitions.
14
-
15
- As used herein, "this License" refers to version 3 of the GNU Lesser
16
- General Public License, and the "GNU GPL" refers to version 3 of the GNU
17
- General Public License.
18
-
19
- "The Library" refers to a covered work governed by this License,
20
- other than an Application or a Combined Work as defined below.
21
-
22
- An "Application" is any work that makes use of an interface provided
23
- by the Library, but which is not otherwise based on the Library.
24
- Defining a subclass of a class defined by the Library is deemed a mode
25
- of using an interface provided by the Library.
26
-
27
- A "Combined Work" is a work produced by combining or linking an
28
- Application with the Library. The particular version of the Library
29
- with which the Combined Work was made is also called the "Linked
30
- Version".
31
-
32
- The "Minimal Corresponding Source" for a Combined Work means the
33
- Corresponding Source for the Combined Work, excluding any source code
34
- for portions of the Combined Work that, considered in isolation, are
35
- based on the Application, and not on the Linked Version.
36
-
37
- The "Corresponding Application Code" for a Combined Work means the
38
- object code and/or source code for the Application, including any data
39
- and utility programs needed for reproducing the Combined Work from the
40
- Application, but excluding the System Libraries of the Combined Work.
41
-
42
- 1. Exception to Section 3 of the GNU GPL.
43
-
44
- You may convey a covered work under sections 3 and 4 of this License
45
- without being bound by section 3 of the GNU GPL.
46
-
47
- 2. Conveying Modified Versions.
48
-
49
- If you modify a copy of the Library, and, in your modifications, a
50
- facility refers to a function or data to be supplied by an Application
51
- that uses the facility (other than as an argument passed when the
52
- facility is invoked), then you may convey a copy of the modified
53
- version:
54
-
55
- a) under this License, provided that you make a good faith effort to
56
- ensure that, in the event an Application does not supply the
57
- function or data, the facility still operates, and performs
58
- whatever part of its purpose remains meaningful, or
59
-
60
- b) under the GNU GPL, with none of the additional permissions of
61
- this License applicable to that copy.
62
-
63
- 3. Object Code Incorporating Material from Library Header Files.
64
-
65
- The object code form of an Application may incorporate material from
66
- a header file that is part of the Library. You may convey such object
67
- code under terms of your choice, provided that, if the incorporated
68
- material is not limited to numerical parameters, data structure
69
- layouts and accessors, or small macros, inline functions and templates
70
- (ten or fewer lines in length), you do both of the following:
71
-
72
- a) Give prominent notice with each copy of the object code that the
73
- Library is used in it and that the Library and its use are
74
- covered by this License.
75
-
76
- b) Accompany the object code with a copy of the GNU GPL and this license
77
- document.
78
-
79
- 4. Combined Works.
80
-
81
- You may convey a Combined Work under terms of your choice that,
82
- taken together, effectively do not restrict modification of the
83
- portions of the Library contained in the Combined Work and reverse
84
- engineering for debugging such modifications, if you also do each of
85
- the following:
86
-
87
- a) Give prominent notice with each copy of the Combined Work that
88
- the Library is used in it and that the Library and its use are
89
- covered by this License.
90
-
91
- b) Accompany the Combined Work with a copy of the GNU GPL and this license
92
- document.
93
-
94
- c) For a Combined Work that displays copyright notices during
95
- execution, include the copyright notice for the Library among
96
- these notices, as well as a reference directing the user to the
97
- copies of the GNU GPL and this license document.
98
-
99
- d) Do one of the following:
100
-
101
- 0) Convey the Minimal Corresponding Source under the terms of this
102
- License, and the Corresponding Application Code in a form
103
- suitable for, and under terms that permit, the user to
104
- recombine or relink the Application with a modified version of
105
- the Linked Version to produce a modified Combined Work, in the
106
- manner specified by section 6 of the GNU GPL for conveying
107
- Corresponding Source.
108
-
109
- 1) Use a suitable shared library mechanism for linking with the
110
- Library. A suitable mechanism is one that (a) uses at run time
111
- a copy of the Library already present on the user's computer
112
- system, and (b) will operate properly with a modified version
113
- of the Library that is interface-compatible with the Linked
114
- Version.
115
-
116
- e) Provide Installation Information, but only if you would otherwise
117
- be required to provide such information under section 6 of the
118
- GNU GPL, and only to the extent that such information is
119
- necessary to install and execute a modified version of the
120
- Combined Work produced by recombining or relinking the
121
- Application with a modified version of the Linked Version. (If
122
- you use option 4d0, the Installation Information must accompany
123
- the Minimal Corresponding Source and Corresponding Application
124
- Code. If you use option 4d1, you must provide the Installation
125
- Information in the manner specified by section 6 of the GNU GPL
126
- for conveying Corresponding Source.)
127
-
128
- 5. Combined Libraries.
129
-
130
- You may place library facilities that are a work based on the
131
- Library side by side in a single library together with other library
132
- facilities that are not Applications and are not covered by this
133
- License, and convey such a combined library under terms of your
134
- choice, if you do both of the following:
135
-
136
- a) Accompany the combined library with a copy of the same work based
137
- on the Library, uncombined with any other library facilities,
138
- conveyed under the terms of this License.
139
-
140
- b) Give prominent notice with the combined library that part of it
141
- is a work based on the Library, and explaining where to find the
142
- accompanying uncombined form of the same work.
143
-
144
- 6. Revised Versions of the GNU Lesser General Public License.
145
-
146
- The Free Software Foundation may publish revised and/or new versions
147
- of the GNU Lesser General Public License from time to time. Such new
148
- versions will be similar in spirit to the present version, but may
149
- differ in detail to address new problems or concerns.
150
-
151
- Each version is given a distinguishing version number. If the
152
- Library as you received it specifies that a certain numbered version
153
- of the GNU Lesser General Public License "or any later version"
154
- applies to it, you have the option of following the terms and
155
- conditions either of that published version or of any later version
156
- published by the Free Software Foundation. If the Library as you
157
- received it does not specify a version number of the GNU Lesser
158
- General Public License, you may choose any version of the GNU Lesser
159
- General Public License ever published by the Free Software Foundation.
160
-
161
- If the Library as you received it specifies that a proxy can decide
162
- whether future versions of the GNU Lesser General Public License shall
163
- apply, that proxy's public statement of acceptance of any version is
164
- permanent authorization for you to choose that version for the
165
- Library.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
settings.ini DELETED
@@ -1,13 +0,0 @@
1
- [settings]
2
- display_stats = true
3
- strict = false
4
- verbose = false
5
- logging = true
6
- httpbl_key = ""
7
- httpbl_threat = 25
8
- httpbl_maxage = 30
9
- offsite_forms = false
10
- reverse_proxy = false
11
- reverse_proxy_header = "X-Forwarded-For"
12
- ;reverse_proxy_addresses[] =
13
- ;reverse_proxy_addresses[] =
 
 
 
 
 
 
 
 
 
 
 
 
 
whitelist.ini DELETED
@@ -1,26 +0,0 @@
1
- ; Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior
2
- ; to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN
3
- ; that you should.
4
-
5
- ; IP address ranges use the CIDR format.
6
-
7
- [ip]
8
- ; Digg whitelisted as of 2.0.12
9
- ip[] = "64.191.203.34"
10
- ip[] = "208.67.217.130"
11
- ; RFC 1918 addresses
12
- ip[] = "10.0.0.0/8"
13
- ip[] = "172.16.0.0/12"
14
- ip[] = "192.168.0.0/16"
15
-
16
- ; User agents are matched by exact match only.
17
-
18
- [useragent]
19
- useragent[] = "Mozilla/4.0 (It's me, let me in)"
20
-
21
- ; URLs are matched from the first / after the server name up to, but not
22
- ; including, the ? (if any). The URL to be whitelisted is a URL on YOUR site.
23
-
24
- [url]
25
- url[] = "/example.php"
26
- url[] = "/openid/server"