Version Description
Download this release
Release Info
Developer | error |
Plugin | Bad Behavior |
Version | 2.0.48 |
Comparing to | |
See all releases |
Code changes from version 2.2.5 to 2.0.48
- README.txt +1 -1
- bad-behavior-generic.php +24 -33
- bad-behavior-lifetype.php +175 -0
- bad-behavior-mediawiki.php +29 -61
- bad-behavior-mysql.php +0 -47
- bad-behavior-wordpress-admin.php +42 -163
- bad-behavior-wordpress.php +29 -59
- bad-behavior/banned.inc.php +5 -16
- bad-behavior/blackhole.inc.php +7 -0
- bad-behavior/blacklist.inc.php +4 -6
- bad-behavior/browser.inc.php +0 -84
- bad-behavior/cloudflare.inc.php +0 -14
- bad-behavior/common_tests.inc.php +6 -10
- bad-behavior/core.inc.php +113 -101
- bad-behavior/functions.inc.php +2 -9
- bad-behavior/google.inc.php +13 -0
- bad-behavior/housekeeping.inc.php +16 -0
- bad-behavior/konqueror.inc.php +17 -0
- bad-behavior/lynx.inc.php +13 -0
- bad-behavior/movabletype.inc.php +2 -0
- bad-behavior/mozilla.inc.php +19 -0
- bad-behavior/msie.inc.php +26 -0
- bad-behavior/msnbot.inc.php +13 -0
- bad-behavior/opera.inc.php +13 -0
- bad-behavior/post.inc.php +6 -33
- bad-behavior/responses.inc.php +1 -2
- bad-behavior/roundtripdns.inc.php +0 -20
- bad-behavior/safari.inc.php +13 -0
- bad-behavior/screener.inc.php +1 -0
- bad-behavior/searchengine.inc.php +0 -45
- bad-behavior/trackback.inc.php +28 -0
- bad-behavior/version.inc.php +3 -0
- bad-behavior/whitelist.inc.php +64 -15
- bad-behavior/yahoo.inc.php +11 -0
- gpl-2.0.txt +339 -0
- gpl-3.0.txt +0 -674
- lgpl-3.0.txt +0 -165
- settings-sample.ini +0 -16
- whitelist-sample.ini +0 -31
README.txt
CHANGED
@@ -4,7 +4,7 @@ Contributors: error, markjaquith, skeltoac
|
|
4 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
|
5 |
Requires at least: 3.1
|
6 |
Tested up to: 3.3.2
|
7 |
-
Stable tag: 2.2.
|
8 |
|
9 |
Bad Behavior prevents spammers from ever delivering their junk, and in many
|
10 |
cases, from ever reading your site in the first place.
|
4 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
|
5 |
Requires at least: 3.1
|
6 |
Tested up to: 3.3.2
|
7 |
+
Stable tag: 2.2.6
|
8 |
|
9 |
Bad Behavior prevents spammers from ever delivering their junk, and in many
|
10 |
cases, from ever reading your site in the first place.
|
bad-behavior-generic.php
CHANGED
@@ -1,22 +1,28 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
Bad Behavior - detects and blocks unwanted Web accesses
|
4 |
-
Copyright (C) 2005
|
5 |
|
6 |
-
|
7 |
-
the terms of the GNU
|
8 |
-
Software Foundation; either version
|
9 |
-
later version.
|
10 |
|
11 |
-
|
12 |
-
|
13 |
-
|
|
|
14 |
|
15 |
-
|
16 |
-
|
|
|
|
|
17 |
|
18 |
-
|
19 |
-
|
|
|
|
|
|
|
20 |
*/
|
21 |
|
22 |
###############################################################################
|
@@ -26,8 +32,6 @@ define('BB2_CWD', dirname(__FILE__));
|
|
26 |
|
27 |
// Settings you can adjust for Bad Behavior.
|
28 |
// Most of these are unused in non-database mode.
|
29 |
-
// DO NOT EDIT HERE; instead make changes in settings.ini.
|
30 |
-
// These settings are used when settings.ini is not present.
|
31 |
$bb2_settings_defaults = array(
|
32 |
'log_table' => 'bad_behavior',
|
33 |
'display_stats' => false,
|
@@ -39,9 +43,6 @@ $bb2_settings_defaults = array(
|
|
39 |
'httpbl_maxage' => '30',
|
40 |
'offsite_forms' => false,
|
41 |
'eu_cookie' => false,
|
42 |
-
'reverse_proxy' => false,
|
43 |
-
'reverse_proxy_header' => 'X-Forwarded-For',
|
44 |
-
'reverse_proxy_addresses' => array(),
|
45 |
);
|
46 |
|
47 |
// Bad Behavior callback functions.
|
@@ -83,30 +84,17 @@ function bb2_db_rows($result) {
|
|
83 |
return $result;
|
84 |
}
|
85 |
|
86 |
-
// Create the SQL query for inserting a record in the database.
|
87 |
-
// See example for MySQL elsewhere.
|
88 |
-
function bb2_insert($settings, $package, $key)
|
89 |
-
{
|
90 |
-
return "--";
|
91 |
-
}
|
92 |
-
|
93 |
// Return emergency contact email address.
|
94 |
function bb2_email() {
|
95 |
-
return "example@example.com"; // You need to change this.
|
96 |
-
|
97 |
-
|
98 |
-
// retrieve whitelist
|
99 |
-
function bb2_read_whitelist() {
|
100 |
-
return @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
|
101 |
}
|
102 |
|
103 |
// retrieve settings from database
|
104 |
// Settings are hard-coded for non-database use
|
105 |
function bb2_read_settings() {
|
106 |
global $bb2_settings_defaults;
|
107 |
-
$
|
108 |
-
if (!$settings) $settings = array();
|
109 |
-
return @array_merge($bb2_settings_defaults, $settings);
|
110 |
}
|
111 |
|
112 |
// write settings to database
|
@@ -149,7 +137,10 @@ function bb2_relative_path() {
|
|
149 |
}
|
150 |
|
151 |
// Calls inward to Bad Behavor itself.
|
|
|
152 |
require_once(BB2_CWD . "/bad-behavior/core.inc.php");
|
153 |
bb2_install(); // FIXME: see above
|
154 |
|
155 |
bb2_start(bb2_read_settings());
|
|
|
|
1 |
<?php
|
2 |
/*
|
3 |
Bad Behavior - detects and blocks unwanted Web accesses
|
4 |
+
Copyright (C) 2005-2006 Michael Hampton
|
5 |
|
6 |
+
This program is free software; you can redistribute it and/or modify
|
7 |
+
it under the terms of the GNU General Public License as published by
|
8 |
+
the Free Software Foundation; either version 2 of the License, or
|
9 |
+
(at your option) any later version.
|
10 |
|
11 |
+
As a special exemption, you may link this program with any of the
|
12 |
+
programs listed below, regardless of the license terms of those
|
13 |
+
programs, and distribute the resulting program, without including the
|
14 |
+
source code for such programs: ExpressionEngine; Simple Machines Forum
|
15 |
|
16 |
+
This program is distributed in the hope that it will be useful,
|
17 |
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
18 |
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
19 |
+
GNU General Public License for more details.
|
20 |
|
21 |
+
You should have received a copy of the GNU General Public License
|
22 |
+
along with this program; if not, write to the Free Software
|
23 |
+
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
24 |
+
|
25 |
+
Please report any problems to badbots AT ioerror DOT us
|
26 |
*/
|
27 |
|
28 |
###############################################################################
|
32 |
|
33 |
// Settings you can adjust for Bad Behavior.
|
34 |
// Most of these are unused in non-database mode.
|
|
|
|
|
35 |
$bb2_settings_defaults = array(
|
36 |
'log_table' => 'bad_behavior',
|
37 |
'display_stats' => false,
|
43 |
'httpbl_maxage' => '30',
|
44 |
'offsite_forms' => false,
|
45 |
'eu_cookie' => false,
|
|
|
|
|
|
|
46 |
);
|
47 |
|
48 |
// Bad Behavior callback functions.
|
84 |
return $result;
|
85 |
}
|
86 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
87 |
// Return emergency contact email address.
|
88 |
function bb2_email() {
|
89 |
+
// return "example@example.com"; // You need to change this.
|
90 |
+
return "badbots@ioerror.us"; // You need to change this.
|
|
|
|
|
|
|
|
|
91 |
}
|
92 |
|
93 |
// retrieve settings from database
|
94 |
// Settings are hard-coded for non-database use
|
95 |
function bb2_read_settings() {
|
96 |
global $bb2_settings_defaults;
|
97 |
+
return $bb2_settings_defaults;
|
|
|
|
|
98 |
}
|
99 |
|
100 |
// write settings to database
|
137 |
}
|
138 |
|
139 |
// Calls inward to Bad Behavor itself.
|
140 |
+
require_once(BB2_CWD . "/bad-behavior/version.inc.php");
|
141 |
require_once(BB2_CWD . "/bad-behavior/core.inc.php");
|
142 |
bb2_install(); // FIXME: see above
|
143 |
|
144 |
bb2_start(bb2_read_settings());
|
145 |
+
|
146 |
+
?>
|
bad-behavior-lifetype.php
ADDED
@@ -0,0 +1,175 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/*
|
3 |
+
http://blog.markplace.net
|
4 |
+
|
5 |
+
Bad Behavior - LifeType Plugin
|
6 |
+
Copyright (C) 2006 Mark Wu http://blog.markplace.net
|
7 |
+
|
8 |
+
This program is free software; you can redistribute it and/or modify
|
9 |
+
it under the terms of the GNU General Public License as published by
|
10 |
+
the Free Software Foundation; either version 2 of the License, or
|
11 |
+
(at your option) any later version.
|
12 |
+
|
13 |
+
This program is distributed in the hope that it will be useful,
|
14 |
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15 |
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16 |
+
GNU General Public License for more details.
|
17 |
+
|
18 |
+
You should have received a copy of the GNU General Public License
|
19 |
+
along with this program; if not, write to the Free Software
|
20 |
+
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
21 |
+
*/
|
22 |
+
|
23 |
+
// This file is the entry point for Bad Behavior in LifeType.
|
24 |
+
|
25 |
+
if (!defined('PLOG_CLASS_PATH')) die('No cheating!');
|
26 |
+
|
27 |
+
// Timer start
|
28 |
+
$bb2_mtime = explode(" ", microtime());
|
29 |
+
$bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
|
30 |
+
|
31 |
+
define('BB2_CWD', PLOG_CLASS_PATH . "plugins/badbehavior/" );
|
32 |
+
define('BB2_EMERGENCY_EMAIL', "admin@yourblog.com" );
|
33 |
+
define('BB2_DEFAULT_LOG_TABLE', "bad_behavior" );
|
34 |
+
|
35 |
+
// Bad Behavior callback functions.
|
36 |
+
|
37 |
+
// Return current time in the format preferred by your database.
|
38 |
+
function bb2_db_date() {
|
39 |
+
return gmdate('Y-m-d H:i:s');
|
40 |
+
}
|
41 |
+
|
42 |
+
// Return affected rows from most recent query.
|
43 |
+
function bb2_db_affected_rows() {
|
44 |
+
lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
|
45 |
+
$db =& Db::getDb();
|
46 |
+
|
47 |
+
return $db->Affected_Rows();
|
48 |
+
}
|
49 |
+
|
50 |
+
// Escape a string for database usage
|
51 |
+
function bb2_db_escape($string) {
|
52 |
+
lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
|
53 |
+
|
54 |
+
return Db::qstr($string);
|
55 |
+
}
|
56 |
+
|
57 |
+
// Return the number of rows in a particular query.
|
58 |
+
function bb2_db_num_rows($result) {
|
59 |
+
return $result->RecordCount();
|
60 |
+
}
|
61 |
+
|
62 |
+
// Run a query and return the results, if any.
|
63 |
+
// Should return FALSE if an error occurred.
|
64 |
+
function bb2_db_query($query) {
|
65 |
+
lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
|
66 |
+
$db =& Db::getDb();
|
67 |
+
|
68 |
+
$result = $db->Execute( $query );
|
69 |
+
|
70 |
+
if (!$result)
|
71 |
+
return FALSE;
|
72 |
+
|
73 |
+
return $result;
|
74 |
+
}
|
75 |
+
|
76 |
+
// Return all rows in a particular query.
|
77 |
+
// Should contain an array of all rows generated by calling mysql_fetch_assoc()
|
78 |
+
// or equivalent and appending the result of each call to an array.
|
79 |
+
function bb2_db_rows($result) {
|
80 |
+
$rows = array();
|
81 |
+
while( $row = $result->FetchRow()) {
|
82 |
+
$rows[] = $row;
|
83 |
+
}
|
84 |
+
|
85 |
+
return $rows;
|
86 |
+
}
|
87 |
+
|
88 |
+
// Return emergency contact email address.
|
89 |
+
function bb2_email() {
|
90 |
+
return BB2_EMERGENCY_EMAIL;
|
91 |
+
}
|
92 |
+
|
93 |
+
// retrieve settings from lifetype config
|
94 |
+
function bb2_read_settings() {
|
95 |
+
lt_include( PLOG_CLASS_PATH."class/database/db.class.php" );
|
96 |
+
lt_include( PLOG_CLASS_PATH."class/config/config.class.php" );
|
97 |
+
$config =& Config::getConfig();
|
98 |
+
$prefix = Db::getPrefix();
|
99 |
+
$logTable = $config->getValue( 'bb2_log_table', BB2_DEFAULT_LOG_TABLE );
|
100 |
+
$displayStats = $config->getValue( 'bb2_display_stats', false );
|
101 |
+
$strict = $config->getValue( 'bb2_strict', false );
|
102 |
+
$verbose = $config->getValue( 'bb2_verbose', false );
|
103 |
+
$isInstalled = $config->getValue( 'bb2_installed', false );
|
104 |
+
$logging = $config->getValue( 'bb2_logging', true );
|
105 |
+
$httpbl_key = $config->getValue( 'bb2_httpbl_key', '' );
|
106 |
+
$httpbl_threat = $config->getValue( 'bb2_httpbl_threat', '25' );
|
107 |
+
$httpbl_maxage = $config->getValue( 'bb2_httpbl_maxage', '30' );
|
108 |
+
$offsite_forms = $config->getValue( 'offsite_forms', false );
|
109 |
+
|
110 |
+
return array('log_table' => $prefix . $logTable,
|
111 |
+
'display_stats' => $displayStats,
|
112 |
+
'strict' => $strict,
|
113 |
+
'verbose' => $verbose,
|
114 |
+
'logging' => $logging,
|
115 |
+
'httpbl_key' => $httpbl_key,
|
116 |
+
'httpbl_threat' => $httpbl_threat,
|
117 |
+
'httpbl_maxage' => $httpbl_maxage,
|
118 |
+
'offsite_forms' => $offsite_forms,
|
119 |
+
'is_installed' => $isInstalled );
|
120 |
+
}
|
121 |
+
|
122 |
+
// write settings to lifetype config
|
123 |
+
function bb2_write_settings($settings) {
|
124 |
+
lt_include( PLOG_CLASS_PATH."class/config/config.class.php" );
|
125 |
+
$config =& Config::getConfig();
|
126 |
+
$config->setValue( 'bb2_log_table', BB2_DEFAULT_LOG_TABLE );
|
127 |
+
$config->setValue( 'bb2_display_stats', $settings['display_stats'] );
|
128 |
+
$config->setValue( 'bb2_strict', $settings['strict'] );
|
129 |
+
$config->setValue( 'bb2_verbose', $settings['verbose'] );
|
130 |
+
$config->setValue( 'bb2_httpbl_key', $settings['httpbl_key'] );
|
131 |
+
$config->setValue( 'bb2_httpbl_threat', $settings['httpbl_threat'] );
|
132 |
+
$config->setValue( 'bb2_httpbl_maxage', $settings['httpbl_maxage'] );
|
133 |
+
$config->setValue( 'bb2_offsite_forms', $settings['offsite_forms'] );
|
134 |
+
$config->setValue( 'bb2_installed', $settings['is_installed'] );
|
135 |
+
$config->save();
|
136 |
+
}
|
137 |
+
|
138 |
+
// installation
|
139 |
+
function bb2_install() {
|
140 |
+
$settings = bb2_read_settings();
|
141 |
+
if( $settings['is_installed'] == false && $settings['logging'] )
|
142 |
+
{
|
143 |
+
bb2_db_query(bb2_table_structure($settings['log_table']));
|
144 |
+
$settings['is_installed'] = true;
|
145 |
+
bb2_write_settings( $settings );
|
146 |
+
}
|
147 |
+
}
|
148 |
+
|
149 |
+
// Return the top-level relative path of wherever we are (for cookies)
|
150 |
+
function bb2_relative_path() {
|
151 |
+
lt_include( PLOG_CLASS_PATH."class/config/config.class.php" );
|
152 |
+
$config =& Config::getConfig();
|
153 |
+
|
154 |
+
$url = parse_url( $config->getValue( 'base_url' ) );
|
155 |
+
if( empty($url['path']) )
|
156 |
+
return '/';
|
157 |
+
else {
|
158 |
+
if( substr( $url['path'], -1, 1 ) == '/' )
|
159 |
+
return $url['path'];
|
160 |
+
else
|
161 |
+
return $url['path'] . '/';
|
162 |
+
}
|
163 |
+
}
|
164 |
+
|
165 |
+
// Load Bad Behavior Core
|
166 |
+
lt_include(BB2_CWD . "bad-behavior/core.inc.php");
|
167 |
+
bb2_install();
|
168 |
+
$settings = bb2_read_settings();
|
169 |
+
bb2_start($settings);
|
170 |
+
|
171 |
+
// Time Stop
|
172 |
+
$bb2_mtime = explode(" ", microtime());
|
173 |
+
$bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
|
174 |
+
$bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
|
175 |
+
?>
|
bad-behavior-mediawiki.php
CHANGED
@@ -1,36 +1,30 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
-
|
4 |
-
Copyright (C) 2005,2006,2007,2008,2009,2010,2011,2012 Michael Hampton
|
5 |
|
6 |
-
Bad Behavior
|
7 |
-
|
8 |
-
Software Foundation; either version 3 of the License, or (at your option) any
|
9 |
-
later version.
|
10 |
|
11 |
-
This program is
|
12 |
-
|
13 |
-
|
|
|
14 |
|
15 |
-
|
16 |
-
|
|
|
|
|
17 |
|
18 |
-
|
19 |
-
|
|
|
20 |
*/
|
21 |
|
22 |
-
###############################################################################
|
23 |
-
###############################################################################
|
24 |
-
|
25 |
// This file is the entry point for Bad Behavior.
|
26 |
|
27 |
if (!defined('MEDIAWIKI')) die();
|
28 |
|
29 |
-
$wgBadBehaviorTimer = false;
|
30 |
-
|
31 |
// Settings you can adjust for Bad Behavior.
|
32 |
-
// DO NOT EDIT HERE; instead make changes in settings.ini.
|
33 |
-
// These settings are used when settings.ini is not present.
|
34 |
$bb2_settings_defaults = array(
|
35 |
'log_table' => $wgDBprefix . 'bad_behavior',
|
36 |
'display_stats' => false,
|
@@ -42,15 +36,11 @@ $bb2_settings_defaults = array(
|
|
42 |
'httpbl_maxage' => '30',
|
43 |
'offsite_forms' => false,
|
44 |
'eu_cookie' => false,
|
45 |
-
'reverse_proxy' => false,
|
46 |
-
'reverse_proxy_header' => 'X-Forwarded-For',
|
47 |
-
'reverse_proxy_addresses' => array(),
|
48 |
);
|
49 |
|
50 |
define('BB2_CWD', dirname(__FILE__));
|
51 |
|
52 |
// Bad Behavior callback functions.
|
53 |
-
require_once("bad-behavior-mysql.php");
|
54 |
|
55 |
// Return current time in the format preferred by your database.
|
56 |
function bb2_db_date() {
|
@@ -59,31 +49,24 @@ function bb2_db_date() {
|
|
59 |
|
60 |
// Return affected rows from most recent query.
|
61 |
function bb2_db_affected_rows($result) {
|
62 |
-
|
63 |
-
return $db->affectedRows();
|
64 |
}
|
65 |
|
66 |
// Escape a string for database usage
|
67 |
function bb2_db_escape($string) {
|
68 |
-
//
|
69 |
return addslashes($string);
|
70 |
}
|
71 |
|
72 |
// Return the number of rows in a particular query.
|
73 |
function bb2_db_num_rows($result) {
|
74 |
-
return $result
|
75 |
}
|
76 |
|
77 |
// Run a query and return the results, if any.
|
78 |
// Should return FALSE if an error occurred.
|
79 |
function bb2_db_query($query) {
|
80 |
-
$
|
81 |
-
try {
|
82 |
-
$bb2_last_query = $db->query($query);
|
83 |
-
} catch (DBQueryError $e) {
|
84 |
-
trigger_error("Bad Behavior DBQueryError " . $e->getMessage(), E_USER_WARNING);
|
85 |
-
return false;
|
86 |
-
}
|
87 |
return $bb2_last_query;
|
88 |
}
|
89 |
|
@@ -92,12 +75,8 @@ function bb2_db_query($query) {
|
|
92 |
// or equivalent and appending the result of each call to an array.
|
93 |
function bb2_db_rows($result) {
|
94 |
$rows = array();
|
95 |
-
|
96 |
-
|
97 |
-
$rows[] = $row;
|
98 |
-
}
|
99 |
-
} catch (DBUnexpectedError $e) {
|
100 |
-
trigger_error("Bad Behavior DBUnexpectedError " . $e->getMessage(), E_USER_WARNING);
|
101 |
}
|
102 |
return $rows;
|
103 |
}
|
@@ -108,18 +87,11 @@ function bb2_email() {
|
|
108 |
return $wgEmergencyContact;
|
109 |
}
|
110 |
|
111 |
-
// retrieve whitelist
|
112 |
-
function bb2_read_whitelist() {
|
113 |
-
return @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
|
114 |
-
}
|
115 |
-
|
116 |
// This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
|
117 |
// retrieve settings from database
|
118 |
function bb2_read_settings() {
|
119 |
global $bb2_settings_defaults;
|
120 |
-
$
|
121 |
-
if (!$settings) $settings = array();
|
122 |
-
return @array_merge($bb2_settings_defaults, $settings);
|
123 |
}
|
124 |
|
125 |
// This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
|
@@ -152,10 +124,8 @@ function bb2_relative_path() {
|
|
152 |
|
153 |
// Cute timer display
|
154 |
function bb2_mediawiki_timer(&$parser, &$text) {
|
155 |
-
global $bb2_timer_total
|
156 |
-
|
157 |
-
$text .= "<!-- Bad Behavior " . BB2_VERSION . " run time: " . number_format(1000 * $bb2_timer_total, 3) . " ms -->";
|
158 |
-
}
|
159 |
return true;
|
160 |
}
|
161 |
|
@@ -166,13 +136,9 @@ function bb2_mediawiki_entry() {
|
|
166 |
$bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
|
167 |
|
168 |
if (php_sapi_name() != 'cli') {
|
|
|
169 |
bb2_install(); // FIXME: see above
|
170 |
$settings = bb2_read_settings();
|
171 |
-
// FIXME: Need to make this multi-DB compatible eventually
|
172 |
-
$dbr = wfGetDB(DB_SLAVE);
|
173 |
-
if (get_class($dbr) != "DatabaseMysql") {
|
174 |
-
$settings['logging'] = false;
|
175 |
-
}
|
176 |
bb2_start($settings);
|
177 |
}
|
178 |
|
@@ -181,14 +147,16 @@ function bb2_mediawiki_entry() {
|
|
181 |
$bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
|
182 |
}
|
183 |
|
184 |
-
require_once(BB2_CWD . "/bad-behavior/
|
185 |
$wgExtensionCredits['other'][] = array(
|
186 |
'name' => 'Bad Behavior',
|
187 |
'version' => BB2_VERSION,
|
188 |
'author' => 'Michael Hampton',
|
189 |
'description' => 'Detects and blocks unwanted Web accesses',
|
190 |
-
'url' => 'http://bad-behavior.ioerror.us/'
|
191 |
);
|
192 |
|
193 |
-
|
194 |
$wgExtensionFunctions[] = 'bb2_mediawiki_entry';
|
|
|
|
1 |
<?php
|
2 |
/*
|
3 |
+
http://www.bad-behavior.ioerror.us/
|
|
|
4 |
|
5 |
+
Bad Behavior - detects and blocks unwanted Web accesses
|
6 |
+
Copyright (C) 2005 Michael Hampton
|
|
|
|
|
7 |
|
8 |
+
This program is free software; you can redistribute it and/or modify
|
9 |
+
it under the terms of the GNU General Public License as published by
|
10 |
+
the Free Software Foundation; either version 2 of the License, or
|
11 |
+
(at your option) any later version.
|
12 |
|
13 |
+
This program is distributed in the hope that it will be useful,
|
14 |
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15 |
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16 |
+
GNU General Public License for more details.
|
17 |
|
18 |
+
You should have received a copy of the GNU General Public License
|
19 |
+
along with this program; if not, write to the Free Software
|
20 |
+
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
21 |
*/
|
22 |
|
|
|
|
|
|
|
23 |
// This file is the entry point for Bad Behavior.
|
24 |
|
25 |
if (!defined('MEDIAWIKI')) die();
|
26 |
|
|
|
|
|
27 |
// Settings you can adjust for Bad Behavior.
|
|
|
|
|
28 |
$bb2_settings_defaults = array(
|
29 |
'log_table' => $wgDBprefix . 'bad_behavior',
|
30 |
'display_stats' => false,
|
36 |
'httpbl_maxage' => '30',
|
37 |
'offsite_forms' => false,
|
38 |
'eu_cookie' => false,
|
|
|
|
|
|
|
39 |
);
|
40 |
|
41 |
define('BB2_CWD', dirname(__FILE__));
|
42 |
|
43 |
// Bad Behavior callback functions.
|
|
|
44 |
|
45 |
// Return current time in the format preferred by your database.
|
46 |
function bb2_db_date() {
|
49 |
|
50 |
// Return affected rows from most recent query.
|
51 |
function bb2_db_affected_rows($result) {
|
52 |
+
return wfAffectedRows($result);
|
|
|
53 |
}
|
54 |
|
55 |
// Escape a string for database usage
|
56 |
function bb2_db_escape($string) {
|
57 |
+
// FIXME SECURITY: Get a straight answer from somebody on how MW escapes stuff
|
58 |
return addslashes($string);
|
59 |
}
|
60 |
|
61 |
// Return the number of rows in a particular query.
|
62 |
function bb2_db_num_rows($result) {
|
63 |
+
return wfNumRows($result);
|
64 |
}
|
65 |
|
66 |
// Run a query and return the results, if any.
|
67 |
// Should return FALSE if an error occurred.
|
68 |
function bb2_db_query($query) {
|
69 |
+
$bb2_last_query = wfQuery($query, DB_WRITE);
|
|
|
|
|
|
|
|
|
|
|
|
|
70 |
return $bb2_last_query;
|
71 |
}
|
72 |
|
75 |
// or equivalent and appending the result of each call to an array.
|
76 |
function bb2_db_rows($result) {
|
77 |
$rows = array();
|
78 |
+
while ($row = wfFetchRow($result)) {
|
79 |
+
$rows[] = $row;
|
|
|
|
|
|
|
|
|
80 |
}
|
81 |
return $rows;
|
82 |
}
|
87 |
return $wgEmergencyContact;
|
88 |
}
|
89 |
|
|
|
|
|
|
|
|
|
|
|
90 |
// This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
|
91 |
// retrieve settings from database
|
92 |
function bb2_read_settings() {
|
93 |
global $bb2_settings_defaults;
|
94 |
+
return $bb2_settings_defaults;
|
|
|
|
|
95 |
}
|
96 |
|
97 |
// This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
|
124 |
|
125 |
// Cute timer display
|
126 |
function bb2_mediawiki_timer(&$parser, &$text) {
|
127 |
+
global $bb2_timer_total;
|
128 |
+
$text = "<!-- Bad Behavior " . BB2_VERSION . " run time: " . number_format(1000 * $bb2_timer_total, 3) . " ms -->" . $text;
|
|
|
|
|
129 |
return true;
|
130 |
}
|
131 |
|
136 |
$bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
|
137 |
|
138 |
if (php_sapi_name() != 'cli') {
|
139 |
+
require_once(BB2_CWD . "/bad-behavior/core.inc.php");
|
140 |
bb2_install(); // FIXME: see above
|
141 |
$settings = bb2_read_settings();
|
|
|
|
|
|
|
|
|
|
|
142 |
bb2_start($settings);
|
143 |
}
|
144 |
|
147 |
$bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
|
148 |
}
|
149 |
|
150 |
+
require_once(BB2_CWD . "/bad-behavior/version.inc.php");
|
151 |
$wgExtensionCredits['other'][] = array(
|
152 |
'name' => 'Bad Behavior',
|
153 |
'version' => BB2_VERSION,
|
154 |
'author' => 'Michael Hampton',
|
155 |
'description' => 'Detects and blocks unwanted Web accesses',
|
156 |
+
'url' => 'http://www.bad-behavior.ioerror.us/'
|
157 |
);
|
158 |
|
159 |
+
#$wgHooks['ParserAfterTidy'][] = 'bb2_mediawiki_timer';
|
160 |
$wgExtensionFunctions[] = 'bb2_mediawiki_entry';
|
161 |
+
|
162 |
+
?>
|
bad-behavior-mysql.php
DELETED
@@ -1,47 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
// Our log table structure
|
4 |
-
function bb2_table_structure($name)
|
5 |
-
{
|
6 |
-
// It's not paranoia if they really are out to get you.
|
7 |
-
$name_escaped = bb2_db_escape($name);
|
8 |
-
return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
|
9 |
-
`id` INT(11) NOT NULL auto_increment,
|
10 |
-
`ip` TEXT NOT NULL,
|
11 |
-
`date` DATETIME NOT NULL default '0000-00-00 00:00:00',
|
12 |
-
`request_method` TEXT NOT NULL,
|
13 |
-
`request_uri` TEXT NOT NULL,
|
14 |
-
`server_protocol` TEXT NOT NULL,
|
15 |
-
`http_headers` TEXT NOT NULL,
|
16 |
-
`user_agent` TEXT NOT NULL,
|
17 |
-
`request_entity` TEXT NOT NULL,
|
18 |
-
`key` TEXT NOT NULL,
|
19 |
-
INDEX (`ip`(15)),
|
20 |
-
INDEX (`user_agent`(10)),
|
21 |
-
PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
|
22 |
-
}
|
23 |
-
|
24 |
-
// Insert a new record
|
25 |
-
function bb2_insert($settings, $package, $key)
|
26 |
-
{
|
27 |
-
if (!$settings['logging']) return "";
|
28 |
-
$ip = bb2_db_escape($package['ip']);
|
29 |
-
$date = bb2_db_date();
|
30 |
-
$request_method = bb2_db_escape($package['request_method']);
|
31 |
-
$request_uri = bb2_db_escape($package['request_uri']);
|
32 |
-
$server_protocol = bb2_db_escape($package['server_protocol']);
|
33 |
-
$user_agent = bb2_db_escape($package['user_agent']);
|
34 |
-
$headers = "$request_method $request_uri $server_protocol\n";
|
35 |
-
foreach ($package['headers'] as $h => $v) {
|
36 |
-
$headers .= bb2_db_escape("$h: $v\n");
|
37 |
-
}
|
38 |
-
$request_entity = "";
|
39 |
-
if (!strcasecmp($request_method, "POST")) {
|
40 |
-
foreach ($package['request_entity'] as $h => $v) {
|
41 |
-
$request_entity .= bb2_db_escape("$h: $v\n");
|
42 |
-
}
|
43 |
-
}
|
44 |
-
return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
|
45 |
-
(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
|
46 |
-
('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
|
47 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bad-behavior-wordpress-admin.php
CHANGED
@@ -5,10 +5,24 @@ require_once("bad-behavior/responses.inc.php");
|
|
5 |
function bb2_admin_pages() {
|
6 |
global $wp_db_version;
|
7 |
|
8 |
-
if (
|
9 |
-
|
10 |
-
|
11 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12 |
@session_start();
|
13 |
}
|
14 |
}
|
@@ -80,39 +94,6 @@ function bb2_httpbl_lookup($ip) {
|
|
80 |
return $d;
|
81 |
}
|
82 |
|
83 |
-
function bb2_donate_button($thispage) {
|
84 |
-
return
|
85 |
-
' <div style="float: right; clear: right; width: 200px; border: 1px solid #e6db55; color: #333; background-color: lightYellow; padding: 0 10px">
|
86 |
-
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
|
87 |
-
<p>Bad Behavior is an important tool in the fight against web spam. Show your support by donating<br/>
|
88 |
-
<select name="amount">
|
89 |
-
<option value="2.99">$2.99 USD</option>
|
90 |
-
<option value="4.99">$4.99 USD</option>
|
91 |
-
<option value="9.99">$9.99 USD</option>
|
92 |
-
<option value="19.99">$19.99 USD</option>
|
93 |
-
<option value="">Other...</option>
|
94 |
-
</select><br/>
|
95 |
-
<input type="hidden" name="cmd" value="_donations">
|
96 |
-
<input type="hidden" name="business" value="EAZGZZV7RE4QJ">
|
97 |
-
<input type="hidden" name="lc" value="US">
|
98 |
-
<input type="hidden" name="item_name" value="Bad Behavior '.BB2_VERSION.' (WordPress)">
|
99 |
-
<input type="hidden" name="currency_code" value="USD">
|
100 |
-
<input type="hidden" name="no_note" value="0">
|
101 |
-
<input type="hidden" name="cn" value="Comments about Bad Behavior">
|
102 |
-
<input type="hidden" name="no_shipping" value="1">
|
103 |
-
<input type="hidden" name="rm" value="1">
|
104 |
-
<input type="hidden" name="return" value="'.$thispage.'">
|
105 |
-
<input type="hidden" name="cancel_return" value="'.$thispage.'">
|
106 |
-
<input type="hidden" name="currency_code" value="USD">
|
107 |
-
<input type="hidden" name="bn" value="PP-DonationsBF:btn_donate_LG.gif:NonHosted">
|
108 |
-
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
|
109 |
-
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
|
110 |
-
</p>
|
111 |
-
</form>
|
112 |
-
</div>
|
113 |
-
';
|
114 |
-
}
|
115 |
-
|
116 |
function bb2_manage() {
|
117 |
global $wpdb;
|
118 |
|
@@ -126,18 +107,17 @@ function bb2_manage() {
|
|
126 |
$paged = 0 + $_GET['paged']; if (!$paged) $paged = 1;
|
127 |
if ($_GET['key']) $where .= "AND `key` = '" . $wpdb->escape($_GET['key']) . "' ";
|
128 |
if ($_GET['blocked']) $where .= "AND `key` != '00000000' ";
|
129 |
-
else if ($_GET['permitted']) $where .= "AND `key` = '00000000' ";
|
130 |
if ($_GET['ip']) $where .= "AND `ip` = '" . $wpdb->escape($_GET['ip']) . "' ";
|
131 |
if ($_GET['user_agent']) $where .= "AND `user_agent` = '" . $wpdb->escape($_GET['user_agent']) . "' ";
|
132 |
if ($_GET['request_method']) $where .= "AND `request_method` = '" . $wpdb->escape($_GET['request_method']) . "' ";
|
133 |
|
134 |
// Query the DB based on variables selected
|
135 |
-
$r = bb2_db_query("SELECT COUNT(
|
136 |
$results = bb2_db_rows($r);
|
137 |
-
$totalcount = $results[0]["COUNT(
|
138 |
-
$r = bb2_db_query("SELECT COUNT(
|
139 |
$results = bb2_db_rows($r);
|
140 |
-
$count = $results[0]["COUNT(
|
141 |
$pages = ceil($count / 100);
|
142 |
$r = bb2_db_query("SELECT * FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where . "ORDER BY `date` DESC LIMIT " . ($paged - 1) * $rows_per_page . "," . $rows_per_page);
|
143 |
$results = bb2_db_rows($r);
|
@@ -145,13 +125,11 @@ function bb2_manage() {
|
|
145 |
// Display rows to the user
|
146 |
?>
|
147 |
<div class="wrap">
|
148 |
-
|
149 |
-
|
150 |
-
?>
|
151 |
-
<h2><?php _e("Bad Behavior Log"); ?></h2>
|
152 |
-
<form method="post" action="<?php echo admin_url("tools.php?page=bb2_manage") ?>">
|
153 |
<p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
|
154 |
-
<p>
|
|
|
155 |
<div class="tablenav">
|
156 |
<?php
|
157 |
$page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
|
@@ -160,17 +138,15 @@ function bb2_manage() {
|
|
160 |
<div class="alignleft">
|
161 |
<?php if ($count < $totalcount): ?>
|
162 |
Displaying <strong><?php echo $count; ?></strong> of <strong><?php echo $totalcount; ?></strong> records filtered by:<br/>
|
163 |
-
<?php if ($_GET['key']) echo "Status [<a href=\"" . esc_url(
|
164 |
-
<?php if ($_GET['blocked']) echo "Blocked [<a href=\"" . esc_url(
|
165 |
-
<?php if ($_GET['
|
166 |
-
<?php if ($_GET['
|
167 |
-
<?php if ($_GET['
|
168 |
-
<?php if ($_GET['request_method']) echo "GET/POST [<a href=\"" . esc_url( remove_query_arg(array("paged", "request_method"), $request_uri) ) . "\">X</a>] "; ?>
|
169 |
<?php else: ?>
|
170 |
Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
|
171 |
<?php endif; ?>
|
172 |
-
<?php if (!$_GET['key'] && !$_GET['blocked']) { ?><a href="<?php echo esc_url(
|
173 |
-
<?php if (!$_GET['key'] && !$_GET['permitted']) { ?><a href="<?php echo esc_url( add_query_arg(array("permitted" => "1", "blocked" => "0", "paged" => false), $request_uri) ); ?>">Show Permitted</a> <?php } ?>
|
174 |
</div>
|
175 |
</div>
|
176 |
|
@@ -196,18 +172,18 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
|
|
196 |
}
|
197 |
echo "<th scope=\"row\" class=\"check-column\"><input type=\"checkbox\" name=\"submit[]\" value=\"" . $result["id"] . "\" /></th>\n";
|
198 |
$httpbl = bb2_httpbl_lookup($result["ip"]);
|
199 |
-
$host =
|
200 |
if (!strcmp($host, $result["ip"])) {
|
201 |
$host = "";
|
202 |
} else {
|
203 |
$host .= "<br/>\n";
|
204 |
}
|
205 |
-
echo "<td><a href=\"" . esc_url(
|
206 |
-
if ($httpbl) echo "<br/><br
|
207 |
echo "</td>\n";
|
208 |
$headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
|
209 |
-
if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . esc_url(
|
210 |
-
if (@strpos($headers, $result['request_method']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . esc_url(
|
211 |
echo "<td>$headers</td>\n";
|
212 |
echo "<td>" . str_replace("\n", "<br/>\n", htmlspecialchars($result["request_entity"])) . "</td>\n";
|
213 |
echo "</tr>\n";
|
@@ -228,74 +204,6 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
|
|
228 |
<?php
|
229 |
}
|
230 |
|
231 |
-
|
232 |
-
function bb2_whitelist()
|
233 |
-
{
|
234 |
-
$whitelists = bb2_read_whitelist();
|
235 |
-
if (empty($whitelists)) {
|
236 |
-
$whitelists = array();
|
237 |
-
$whitelists['ip'] = array();
|
238 |
-
$whitelists['url'] = array();
|
239 |
-
$whitelists['useragent'] = array();
|
240 |
-
}
|
241 |
-
|
242 |
-
$request_uri = $_SERVER["REQUEST_URI"];
|
243 |
-
if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
|
244 |
-
|
245 |
-
if ($_POST) {
|
246 |
-
$_POST = array_map('stripslashes_deep', $_POST);
|
247 |
-
if ($_POST['ip']) {
|
248 |
-
$whitelists['ip'] = preg_split("/\s+/m", $_POST['ip']);
|
249 |
-
} else {
|
250 |
-
$whitelists['ip'] = array();
|
251 |
-
}
|
252 |
-
if ($_POST['url']) {
|
253 |
-
$whitelists['url'] = preg_split("/\s+/m", $_POST['url']);
|
254 |
-
} else {
|
255 |
-
$whitelists['url'] = array();
|
256 |
-
}
|
257 |
-
if ($_POST['useragent']) {
|
258 |
-
$whitelists['useragent'] = preg_split("/[\r\n]+/m", $_POST['useragent']);
|
259 |
-
} else {
|
260 |
-
$whitelists['useragent'] = array();
|
261 |
-
}
|
262 |
-
update_option('bad_behavior_whitelist', $whitelists);
|
263 |
-
?>
|
264 |
-
<div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
|
265 |
-
<?php
|
266 |
-
}
|
267 |
-
?>
|
268 |
-
<div class="wrap">
|
269 |
-
<?php
|
270 |
-
echo bb2_donate_button(admin_url("options-general.php?page=bb2_whitelist"));
|
271 |
-
?>
|
272 |
-
<h2><?php _e("Bad Behavior Whitelist"); ?></h2>
|
273 |
-
<form method="post" action="<?php echo admin_url("options-general.php?page=bb2_whitelist"); ?>">
|
274 |
-
<p>Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN that you should.</p>
|
275 |
-
<p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
|
276 |
-
<p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options") ?>">Settings</a> | <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">Log</a></p>
|
277 |
-
|
278 |
-
<h3><?php _e('IP Address'); ?></h3>
|
279 |
-
<table class="form-table">
|
280 |
-
<tr><td><label>IP address or CIDR format address ranges to be whitelisted (one per line)<br/><textarea cols="24" rows="6" name="ip"><?php echo implode("\n", $whitelists['ip']); ?></textarea></td></tr>
|
281 |
-
</table>
|
282 |
-
|
283 |
-
<h3><?php _e('URL'); ?></h3>
|
284 |
-
<table class="form-table">
|
285 |
-
<tr><td><label>URL fragments beginning with the / after your web site hostname (one per line)<br/><textarea cols="48" rows="6" name="url"><?php echo implode("\n", $whitelists['url']); ?></textarea></td></tr>
|
286 |
-
</table>
|
287 |
-
|
288 |
-
<h3><?php _e('User Agent'); ?></h3>
|
289 |
-
<table class="form-table">
|
290 |
-
<tr><td><label>User agent strings to be whitelisted (one per line)<br/><textarea cols="48" rows="6" name="useragent"><?php echo implode("\n", $whitelists['useragent']); ?></textarea></td></tr>
|
291 |
-
</table>
|
292 |
-
|
293 |
-
<p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update »'); ?>" /></p>
|
294 |
-
</form>
|
295 |
-
<?php
|
296 |
-
}
|
297 |
-
|
298 |
-
|
299 |
function bb2_options()
|
300 |
{
|
301 |
$settings = bb2_read_settings();
|
@@ -304,7 +212,6 @@ function bb2_options()
|
|
304 |
if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
|
305 |
|
306 |
if ($_POST) {
|
307 |
-
$_POST = array_map('stripslashes_deep', $_POST);
|
308 |
if ($_POST['display_stats']) {
|
309 |
$settings['display_stats'] = true;
|
310 |
} else {
|
@@ -336,7 +243,7 @@ function bb2_options()
|
|
336 |
$settings['logging'] = false;
|
337 |
}
|
338 |
if ($_POST['httpbl_key']) {
|
339 |
-
if (preg_match("/^[
|
340 |
$settings['httpbl_key'] = $_POST['httpbl_key'];
|
341 |
} else {
|
342 |
$settings['httpbl_key'] = '';
|
@@ -364,22 +271,6 @@ function bb2_options()
|
|
364 |
} else {
|
365 |
$settings['eu_cookie'] = false;
|
366 |
}
|
367 |
-
if ($_POST['reverse_proxy']) {
|
368 |
-
$settings['reverse_proxy'] = true;
|
369 |
-
} else {
|
370 |
-
$settings['reverse_proxy'] = false;
|
371 |
-
}
|
372 |
-
if ($_POST['reverse_proxy_header']) {
|
373 |
-
$settings['reverse_proxy_header'] = sanitize_text_field(uc_all($_POST['reverse_proxy_header']));
|
374 |
-
} else {
|
375 |
-
$settings['reverse_proxy_header'] = 'X-Forwarded-For';
|
376 |
-
}
|
377 |
-
if ($_POST['reverse_proxy_addresses']) {
|
378 |
-
$settings['reverse_proxy_addresses'] = preg_split("/[\s,]+/m", $_POST['reverse_proxy_addresses']);
|
379 |
-
$settings['reverse_proxy_addresses'] = array_map('sanitize_text_field', $settings['reverse_proxy_addresses']);
|
380 |
-
} else {
|
381 |
-
$settings['reverse_proxy_addresses'] = array();
|
382 |
-
}
|
383 |
bb2_write_settings($settings);
|
384 |
?>
|
385 |
<div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
|
@@ -387,13 +278,10 @@ function bb2_options()
|
|
387 |
}
|
388 |
?>
|
389 |
<div class="wrap">
|
390 |
-
<?php
|
391 |
-
echo bb2_donate_button(admin_url("options-general.php?page=bb2_options"));
|
392 |
-
?>
|
393 |
<h2><?php _e("Bad Behavior"); ?></h2>
|
394 |
<form method="post" action="<?php echo admin_url("options-general.php?page=bb2_options"); ?>">
|
395 |
<p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
|
396 |
-
<p>
|
397 |
|
398 |
<h3><?php _e('Statistics'); ?></h3>
|
399 |
<?php bb2_insert_stats(true); ?>
|
@@ -428,16 +316,6 @@ function bb2_options()
|
|
428 |
<tr><td><label><input type="checkbox" name="eu_cookie" value="true" <?php if ($settings['eu_cookie']) { ?>checked="checked" <?php } ?>/> <?php _e('EU cookie handling'); ?></label></td></tr>
|
429 |
</table>
|
430 |
|
431 |
-
<h3><?php _e('Reverse Proxy/Load Balancer'); ?></h3>
|
432 |
-
<p>If you are using Bad Behavior behind a reverse proxy, load balancer, HTTP accelerator, content cache or similar technology, enable the Reverse Proxy option.</p>
|
433 |
-
<p>If you have a chain of two or more reverse proxies between your server and the public Internet, you must specify <em>all</em> of the IP address ranges (in CIDR format) of all of your proxy servers, load balancers, etc. Otherwise, Bad Behavior may be unable to determine the client's true IP address.</p>
|
434 |
-
<p>In addition, your reverse proxy servers must set the IP address of the Internet client from which they received the request in an HTTP header. If you don't specify a header, <a href="http://en.wikipedia.org/wiki/X-Forwarded-For">X-Forwarded-For</a> will be used. Most proxy servers already support X-Forwarded-For and you would then only need to ensure that it is enabled on your proxy servers. Some other header names in common use include <u>X-Real-Ip</u> (nginx) and <u>Cf-Connecting-Ip</u> (CloudFlare).</p>
|
435 |
-
<table class="form-table">
|
436 |
-
<tr><td><label><input type="checkbox" name="reverse_proxy" value="true" <?php if ($settings['reverse_proxy']) { ?>checked="checked" <?php } ?>/> <?php _e('Enable Reverse Proxy'); ?></label></td></tr>
|
437 |
-
<tr><td><label><input type="text" size="32" name="reverse_proxy_header" value="<?php echo sanitize_text_field($settings['reverse_proxy_header']); ?>" /> Header containing Internet clients' IP address</label></td></tr>
|
438 |
-
<tr><td><label>IP address or CIDR format address ranges for your proxy servers (one per line)<br/><textarea cols="24" rows="6" name="reverse_proxy_addresses"><?php echo esc_textarea(implode("\n", $settings['reverse_proxy_addresses'])); ?></textarea></td></tr>
|
439 |
-
</table>
|
440 |
-
|
441 |
<p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update »'); ?>" /></p>
|
442 |
</form>
|
443 |
</div>
|
@@ -450,9 +328,10 @@ function bb2_plugin_action_links($links, $file) {
|
|
450 |
if ($file == "bad-behavior/bad-behavior-wordpress.php" && function_exists("admin_url")) {
|
451 |
$log_link = '<a href="' . admin_url("tools.php?page=bb2_manage") . '">Log</a>';
|
452 |
$settings_link = '<a href="' . admin_url("options-general.php?page=bb2_options") . '">Settings</a>';
|
453 |
-
$
|
454 |
-
array_unshift($links, $settings_link, $log_link, $whitelist_link);
|
455 |
}
|
456 |
return $links;
|
457 |
}
|
458 |
add_filter("plugin_action_links", "bb2_plugin_action_links", 10, 2);
|
|
|
|
5 |
function bb2_admin_pages() {
|
6 |
global $wp_db_version;
|
7 |
|
8 |
+
if (function_exists('current_user_can')) {
|
9 |
+
// The new 2.x way
|
10 |
+
if (current_user_can('manage_options')) {
|
11 |
+
$bb2_is_admin = true;
|
12 |
+
}
|
13 |
+
} else {
|
14 |
+
// The old 1.x way
|
15 |
+
global $user_ID;
|
16 |
+
if (user_can_edit_user($user_ID, 0)) {
|
17 |
+
$bb2_is_admin = true;
|
18 |
+
}
|
19 |
+
}
|
20 |
+
|
21 |
+
if ($bb2_is_admin) {
|
22 |
+
add_options_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_options', 'bb2_options');
|
23 |
+
if ($wp_db_version >= 4772) { // Version 2.1 or later
|
24 |
+
add_management_page(__("Bad Behavior"), __("Bad Behavior"), 8, 'bb2_manage', 'bb2_manage');
|
25 |
+
}
|
26 |
@session_start();
|
27 |
}
|
28 |
}
|
94 |
return $d;
|
95 |
}
|
96 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
97 |
function bb2_manage() {
|
98 |
global $wpdb;
|
99 |
|
107 |
$paged = 0 + $_GET['paged']; if (!$paged) $paged = 1;
|
108 |
if ($_GET['key']) $where .= "AND `key` = '" . $wpdb->escape($_GET['key']) . "' ";
|
109 |
if ($_GET['blocked']) $where .= "AND `key` != '00000000' ";
|
|
|
110 |
if ($_GET['ip']) $where .= "AND `ip` = '" . $wpdb->escape($_GET['ip']) . "' ";
|
111 |
if ($_GET['user_agent']) $where .= "AND `user_agent` = '" . $wpdb->escape($_GET['user_agent']) . "' ";
|
112 |
if ($_GET['request_method']) $where .= "AND `request_method` = '" . $wpdb->escape($_GET['request_method']) . "' ";
|
113 |
|
114 |
// Query the DB based on variables selected
|
115 |
+
$r = bb2_db_query("SELECT COUNT(*) FROM `" . $settings['log_table']);
|
116 |
$results = bb2_db_rows($r);
|
117 |
+
$totalcount = $results[0]["COUNT(*)"];
|
118 |
+
$r = bb2_db_query("SELECT COUNT(*) FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where);
|
119 |
$results = bb2_db_rows($r);
|
120 |
+
$count = $results[0]["COUNT(*)"];
|
121 |
$pages = ceil($count / 100);
|
122 |
$r = bb2_db_query("SELECT * FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where . "ORDER BY `date` DESC LIMIT " . ($paged - 1) * $rows_per_page . "," . $rows_per_page);
|
123 |
$results = bb2_db_rows($r);
|
125 |
// Display rows to the user
|
126 |
?>
|
127 |
<div class="wrap">
|
128 |
+
<h2><?php _e("Bad Behavior"); ?></h2>
|
129 |
+
<form method="post" action="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">
|
|
|
|
|
|
|
130 |
<p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
|
131 |
+
<p>If you find Bad Behavior valuable, please consider <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">donating</a> to help further development of Bad Behavior.</p>
|
132 |
+
|
133 |
<div class="tablenav">
|
134 |
<?php
|
135 |
$page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
|
138 |
<div class="alignleft">
|
139 |
<?php if ($count < $totalcount): ?>
|
140 |
Displaying <strong><?php echo $count; ?></strong> of <strong><?php echo $totalcount; ?></strong> records filtered by:<br/>
|
141 |
+
<?php if ($_GET['key']) echo "Status [<a href=\"" . esc_url(remove_query_arg(array("paged", "key"), $request_uri)) . "\">X</a>] "; ?>
|
142 |
+
<?php if ($_GET['blocked']) echo "Blocked [<a href=\"" . esc_url(remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">X</a>] "; ?>
|
143 |
+
<?php if ($_GET['ip']) echo "IP [<a href=\"" . esc_url(remove_query_arg(array("paged", "ip"), $request_uri)) . "\">X</a>] "; ?>
|
144 |
+
<?php if ($_GET['user_agent']) echo "User Agent [<a href=\"" . esc_url(remove_query_arg(array("paged", "user_agent"), $request_uri)) . "\">X</a>] "; ?>
|
145 |
+
<?php if ($_GET['request_method']) echo "GET/POST [<a href=\"" . esc_url(remove_query_arg(array("paged", "request_method"), $request_uri)) . "\">X</a>] "; ?>
|
|
|
146 |
<?php else: ?>
|
147 |
Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
|
148 |
<?php endif; ?>
|
149 |
+
<?php if (!$_GET['key'] && !$_GET['blocked']) { ?><a href="<?php echo esc_url(add_query_arg(array("blocked" => "true", "paged" => false), $request_uri)); ?>">Show Blocked</a><?php } ?>
|
|
|
150 |
</div>
|
151 |
</div>
|
152 |
|
172 |
}
|
173 |
echo "<th scope=\"row\" class=\"check-column\"><input type=\"checkbox\" name=\"submit[]\" value=\"" . $result["id"] . "\" /></th>\n";
|
174 |
$httpbl = bb2_httpbl_lookup($result["ip"]);
|
175 |
+
$host = gethostbyaddr($result["ip"]);
|
176 |
if (!strcmp($host, $result["ip"])) {
|
177 |
$host = "";
|
178 |
} else {
|
179 |
$host .= "<br/>\n";
|
180 |
}
|
181 |
+
echo "<td><a href=\"" . esc_url(add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri))) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . esc_url(add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri))) . "\">" . $key["log"] . "</a>\n";
|
182 |
+
if ($httpbl) echo "<br/><br/>http:BL:<br/>$httpbl\n";
|
183 |
echo "</td>\n";
|
184 |
$headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
|
185 |
+
if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . esc_url(add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri))) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
|
186 |
+
if (@strpos($headers, $result['request_method']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . esc_url(add_query_arg("request_method", rawurlencode($result["request_method"]), remove_query_arg("paged", $request_uri))) . "\">" . $result['request_method'] . "</a>", strpos($headers, $result['request_method']), strlen($result['request_method']));
|
187 |
echo "<td>$headers</td>\n";
|
188 |
echo "<td>" . str_replace("\n", "<br/>\n", htmlspecialchars($result["request_entity"])) . "</td>\n";
|
189 |
echo "</tr>\n";
|
204 |
<?php
|
205 |
}
|
206 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
207 |
function bb2_options()
|
208 |
{
|
209 |
$settings = bb2_read_settings();
|
212 |
if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
|
213 |
|
214 |
if ($_POST) {
|
|
|
215 |
if ($_POST['display_stats']) {
|
216 |
$settings['display_stats'] = true;
|
217 |
} else {
|
243 |
$settings['logging'] = false;
|
244 |
}
|
245 |
if ($_POST['httpbl_key']) {
|
246 |
+
if (preg_match("/^[a-z]{12}$/", $_POST['httpbl_key'])) {
|
247 |
$settings['httpbl_key'] = $_POST['httpbl_key'];
|
248 |
} else {
|
249 |
$settings['httpbl_key'] = '';
|
271 |
} else {
|
272 |
$settings['eu_cookie'] = false;
|
273 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
274 |
bb2_write_settings($settings);
|
275 |
?>
|
276 |
<div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
|
278 |
}
|
279 |
?>
|
280 |
<div class="wrap">
|
|
|
|
|
|
|
281 |
<h2><?php _e("Bad Behavior"); ?></h2>
|
282 |
<form method="post" action="<?php echo admin_url("options-general.php?page=bb2_options"); ?>">
|
283 |
<p>For more information please visit the <a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
|
284 |
+
<p>If you find Bad Behavior valuable, please consider making a <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20<?php echo BB2_VERSION; ?>%20%28From%20Admin%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8">financial contribution</a> to further development of Bad Behavior.</p>
|
285 |
|
286 |
<h3><?php _e('Statistics'); ?></h3>
|
287 |
<?php bb2_insert_stats(true); ?>
|
316 |
<tr><td><label><input type="checkbox" name="eu_cookie" value="true" <?php if ($settings['eu_cookie']) { ?>checked="checked" <?php } ?>/> <?php _e('EU cookie handling'); ?></label></td></tr>
|
317 |
</table>
|
318 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
319 |
<p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update »'); ?>" /></p>
|
320 |
</form>
|
321 |
</div>
|
328 |
if ($file == "bad-behavior/bad-behavior-wordpress.php" && function_exists("admin_url")) {
|
329 |
$log_link = '<a href="' . admin_url("tools.php?page=bb2_manage") . '">Log</a>';
|
330 |
$settings_link = '<a href="' . admin_url("options-general.php?page=bb2_options") . '">Settings</a>';
|
331 |
+
array_unshift($links, $settings_link, $log_link);
|
|
|
332 |
}
|
333 |
return $links;
|
334 |
}
|
335 |
add_filter("plugin_action_links", "bb2_plugin_action_links", 10, 2);
|
336 |
+
|
337 |
+
?>
|
bad-behavior-wordpress.php
CHANGED
@@ -1,30 +1,36 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: Bad Behavior
|
4 |
-
Version: 2.
|
5 |
Description: Deny automated spambots access to your PHP-based Web site.
|
6 |
-
Plugin URI: http://bad-behavior.ioerror.us/
|
7 |
Author: Michael Hampton
|
8 |
-
Author URI: http://
|
9 |
-
License:
|
10 |
|
11 |
Bad Behavior - detects and blocks unwanted Web accesses
|
12 |
-
Copyright (C) 2005
|
13 |
|
14 |
-
|
15 |
-
the terms of the GNU
|
16 |
-
Software Foundation; either version
|
17 |
-
later version.
|
18 |
|
19 |
-
|
20 |
-
|
21 |
-
|
|
|
22 |
|
23 |
-
|
24 |
-
|
|
|
|
|
25 |
|
26 |
-
|
27 |
-
|
|
|
|
|
|
|
28 |
*/
|
29 |
|
30 |
###############################################################################
|
@@ -32,15 +38,12 @@ http://www.bad-behavior.ioerror.us/
|
|
32 |
|
33 |
if (!defined('ABSPATH')) die("No cheating!");
|
34 |
|
35 |
-
global $bb2_result;
|
36 |
-
|
37 |
$bb2_mtime = explode(" ", microtime());
|
38 |
$bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
|
39 |
|
40 |
define('BB2_CWD', dirname(__FILE__));
|
41 |
|
42 |
// Bad Behavior callback functions.
|
43 |
-
require_once("bad-behavior-mysql.php");
|
44 |
|
45 |
// Return current time in the format preferred by your database.
|
46 |
function bb2_db_date() {
|
@@ -97,11 +100,6 @@ function bb2_email() {
|
|
97 |
return get_bloginfo('admin_email');
|
98 |
}
|
99 |
|
100 |
-
// retrieve whitelist
|
101 |
-
function bb2_read_whitelist() {
|
102 |
-
return get_option('bad_behavior_whitelist');
|
103 |
-
}
|
104 |
-
|
105 |
// retrieve settings from database
|
106 |
function bb2_read_settings() {
|
107 |
global $wpdb;
|
@@ -109,9 +107,7 @@ function bb2_read_settings() {
|
|
109 |
// Add in default settings when they aren't yet present in WP
|
110 |
$settings = get_option('bad_behavior_settings');
|
111 |
if (!$settings) $settings = array();
|
112 |
-
return array_merge(array('log_table' => $wpdb->prefix . 'bad_behavior', 'display_stats' =>
|
113 |
-
|
114 |
-
|
115 |
}
|
116 |
|
117 |
// write settings to database
|
@@ -134,30 +130,8 @@ function bb2_insert_head() {
|
|
134 |
echo $bb2_javascript;
|
135 |
}
|
136 |
|
137 |
-
function bb2_approved_callback($settings, $package) {
|
138 |
-
global $bb2_package;
|
139 |
-
|
140 |
-
// Save package for possible later use
|
141 |
-
$bb2_package = $package;
|
142 |
-
}
|
143 |
-
|
144 |
-
// Capture missed spam and log it
|
145 |
-
function bb2_capture_spam($id, $comment) {
|
146 |
-
global $bb2_package;
|
147 |
-
|
148 |
-
// Capture only spam
|
149 |
-
if ('spam' != $comment->comment_approved) return;
|
150 |
-
|
151 |
-
// Don't capture if HTTP request no longer active
|
152 |
-
if (array_key_exists("request_entity", $bb2_package) && array_key_exists("author", $bb2_package['request_entity']) && $bb2_package['request_entity']['author'] == $comment->comment_author) {
|
153 |
-
bb2_db_query(bb2_insert(bb2_read_settings(), $bb2_package, "00000000"));
|
154 |
-
}
|
155 |
-
}
|
156 |
-
|
157 |
// Display stats?
|
158 |
function bb2_insert_stats($force = false) {
|
159 |
-
global $bb2_result;
|
160 |
-
|
161 |
$settings = bb2_read_settings();
|
162 |
|
163 |
if ($force || $settings['display_stats']) {
|
@@ -166,29 +140,23 @@ function bb2_insert_stats($force = false) {
|
|
166 |
echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
|
167 |
}
|
168 |
}
|
169 |
-
if (@!empty($bb2_result)) {
|
170 |
-
echo sprintf("\n<!-- Bad Behavior result was %s! This request would have been blocked. -->\n", $bb2_result);
|
171 |
-
unset($bb2_result);
|
172 |
-
}
|
173 |
}
|
174 |
|
175 |
// Return the top-level relative path of wherever we are (for cookies)
|
176 |
function bb2_relative_path() {
|
177 |
$url = parse_url(get_bloginfo('url'));
|
178 |
-
|
179 |
-
return $url['path'] . '/';
|
180 |
-
}
|
181 |
-
return '/';
|
182 |
}
|
183 |
|
|
|
184 |
// FIXME: figure out what's wrong on 2.0 that this doesn't work
|
185 |
// register_activation_hook(__FILE__, 'bb2_install');
|
186 |
//add_action('activate_bb2/bad-behavior-wordpress.php', 'bb2_install');
|
187 |
add_action('wp_head', 'bb2_insert_head');
|
188 |
add_action('wp_footer', 'bb2_insert_stats');
|
189 |
-
add_action('wp_insert_comment', 'bb2_capture_spam', 99, 2);
|
190 |
|
191 |
// Calls inward to Bad Behavor itself.
|
|
|
192 |
require_once(BB2_CWD . "/bad-behavior/core.inc.php");
|
193 |
bb2_install(); // FIXME: see above
|
194 |
|
@@ -197,8 +165,10 @@ if (is_admin() || strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge
|
|
197 |
require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
|
198 |
}
|
199 |
|
200 |
-
|
201 |
|
202 |
$bb2_mtime = explode(" ", microtime());
|
203 |
$bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
|
204 |
$bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
|
|
|
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: Bad Behavior
|
4 |
+
Version: 2.0.48
|
5 |
Description: Deny automated spambots access to your PHP-based Web site.
|
6 |
+
Plugin URI: http://www.bad-behavior.ioerror.us/
|
7 |
Author: Michael Hampton
|
8 |
+
Author URI: http://www.homelandstupidity.us/
|
9 |
+
License: GPL
|
10 |
|
11 |
Bad Behavior - detects and blocks unwanted Web accesses
|
12 |
+
Copyright (C) 2005 Michael Hampton
|
13 |
|
14 |
+
This program is free software; you can redistribute it and/or modify
|
15 |
+
it under the terms of the GNU General Public License as published by
|
16 |
+
the Free Software Foundation; either version 2 of the License, or
|
17 |
+
(at your option) any later version.
|
18 |
|
19 |
+
As a special exemption, you may link this program with any of the
|
20 |
+
programs listed below, regardless of the license terms of those
|
21 |
+
programs, and distribute the resulting program, without including the
|
22 |
+
source code for such programs: ExpressionEngine; Simple Machines Forum
|
23 |
|
24 |
+
This program is distributed in the hope that it will be useful,
|
25 |
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
26 |
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
27 |
+
GNU General Public License for more details.
|
28 |
|
29 |
+
You should have received a copy of the GNU General Public License
|
30 |
+
along with this program; if not, write to the Free Software
|
31 |
+
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
32 |
+
|
33 |
+
Please report any problems to badbots AT ioerror DOT us
|
34 |
*/
|
35 |
|
36 |
###############################################################################
|
38 |
|
39 |
if (!defined('ABSPATH')) die("No cheating!");
|
40 |
|
|
|
|
|
41 |
$bb2_mtime = explode(" ", microtime());
|
42 |
$bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
|
43 |
|
44 |
define('BB2_CWD', dirname(__FILE__));
|
45 |
|
46 |
// Bad Behavior callback functions.
|
|
|
47 |
|
48 |
// Return current time in the format preferred by your database.
|
49 |
function bb2_db_date() {
|
100 |
return get_bloginfo('admin_email');
|
101 |
}
|
102 |
|
|
|
|
|
|
|
|
|
|
|
103 |
// retrieve settings from database
|
104 |
function bb2_read_settings() {
|
105 |
global $wpdb;
|
107 |
// Add in default settings when they aren't yet present in WP
|
108 |
$settings = get_option('bad_behavior_settings');
|
109 |
if (!$settings) $settings = array();
|
110 |
+
return array_merge(array('log_table' => $wpdb->prefix . 'bad_behavior', 'display_stats' => false, 'strict' => false, 'verbose' => false, 'logging' => true, 'httpbl_key' => '', 'httpbl_threat' => '25', 'httpbl_maxage' => '30', 'offsite_forms' => false, 'eu_cookie' => false), $settings);
|
|
|
|
|
111 |
}
|
112 |
|
113 |
// write settings to database
|
130 |
echo $bb2_javascript;
|
131 |
}
|
132 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
133 |
// Display stats?
|
134 |
function bb2_insert_stats($force = false) {
|
|
|
|
|
135 |
$settings = bb2_read_settings();
|
136 |
|
137 |
if ($force || $settings['display_stats']) {
|
140 |
echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
|
141 |
}
|
142 |
}
|
|
|
|
|
|
|
|
|
143 |
}
|
144 |
|
145 |
// Return the top-level relative path of wherever we are (for cookies)
|
146 |
function bb2_relative_path() {
|
147 |
$url = parse_url(get_bloginfo('url'));
|
148 |
+
return $url['path'] . '/';
|
|
|
|
|
|
|
149 |
}
|
150 |
|
151 |
+
// FIXME: some sort of hack to run install on 1.5 (and older?) blogs
|
152 |
// FIXME: figure out what's wrong on 2.0 that this doesn't work
|
153 |
// register_activation_hook(__FILE__, 'bb2_install');
|
154 |
//add_action('activate_bb2/bad-behavior-wordpress.php', 'bb2_install');
|
155 |
add_action('wp_head', 'bb2_insert_head');
|
156 |
add_action('wp_footer', 'bb2_insert_stats');
|
|
|
157 |
|
158 |
// Calls inward to Bad Behavor itself.
|
159 |
+
require_once(BB2_CWD . "/bad-behavior/version.inc.php");
|
160 |
require_once(BB2_CWD . "/bad-behavior/core.inc.php");
|
161 |
bb2_install(); // FIXME: see above
|
162 |
|
165 |
require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
|
166 |
}
|
167 |
|
168 |
+
bb2_start(bb2_read_settings());
|
169 |
|
170 |
$bb2_mtime = explode(" ", microtime());
|
171 |
$bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
|
172 |
$bb2_timer_total = $bb2_timer_stop - $bb2_timer_start;
|
173 |
+
|
174 |
+
?>
|
bad-behavior/banned.inc.php
CHANGED
@@ -5,20 +5,7 @@
|
|
5 |
|
6 |
require_once(BB2_CORE . "/responses.inc.php");
|
7 |
|
8 |
-
function
|
9 |
-
{
|
10 |
-
// FIXME Yes, the interval's hard coded (again) for now.
|
11 |
-
$query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
|
12 |
-
bb2_db_query($query);
|
13 |
-
|
14 |
-
// Waste a bunch more of the spammer's time, sometimes.
|
15 |
-
if (rand(1,1000) == 1) {
|
16 |
-
$query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
|
17 |
-
bb2_db_query($query);
|
18 |
-
}
|
19 |
-
}
|
20 |
-
|
21 |
-
function bb2_display_denial($settings, $package, $key, $previous_key = false)
|
22 |
{
|
23 |
define('DONOTCACHEPAGE', true); // WP Super Cache
|
24 |
if (!$previous_key) $previous_key = $key;
|
@@ -26,7 +13,7 @@ function bb2_display_denial($settings, $package, $key, $previous_key = false)
|
|
26 |
// FIXME: lookup the real key
|
27 |
}
|
28 |
// Create support key
|
29 |
-
$ip = explode(".", $
|
30 |
$ip_hex = "";
|
31 |
foreach ($ip as $octet) {
|
32 |
$ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
|
@@ -37,7 +24,7 @@ function bb2_display_denial($settings, $package, $key, $previous_key = false)
|
|
37 |
$response = bb2_get_response($previous_key);
|
38 |
header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
|
39 |
header("Status: " . $response['response'] . " Bad Behavior");
|
40 |
-
$request_uri = $_SERVER[
|
41 |
if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
|
42 |
?>
|
43 |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
@@ -61,3 +48,5 @@ function bb2_log_denial($settings, $package, $key, $previous_key=false)
|
|
61 |
if (!$settings['logging']) return;
|
62 |
bb2_db_query(bb2_insert($settings, $package, $key));
|
63 |
}
|
|
|
|
5 |
|
6 |
require_once(BB2_CORE . "/responses.inc.php");
|
7 |
|
8 |
+
function bb2_display_denial($settings, $key, $previous_key = false)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9 |
{
|
10 |
define('DONOTCACHEPAGE', true); // WP Super Cache
|
11 |
if (!$previous_key) $previous_key = $key;
|
13 |
// FIXME: lookup the real key
|
14 |
}
|
15 |
// Create support key
|
16 |
+
$ip = explode(".", $_SERVER['REMOTE_ADDR']);
|
17 |
$ip_hex = "";
|
18 |
foreach ($ip as $octet) {
|
19 |
$ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
|
24 |
$response = bb2_get_response($previous_key);
|
25 |
header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
|
26 |
header("Status: " . $response['response'] . " Bad Behavior");
|
27 |
+
$request_uri = $_SERVER['REQUEST_URI'];
|
28 |
if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
|
29 |
?>
|
30 |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
48 |
if (!$settings['logging']) return;
|
49 |
bb2_db_query(bb2_insert($settings, $package, $key));
|
50 |
}
|
51 |
+
|
52 |
+
?>
|
bad-behavior/blackhole.inc.php
CHANGED
@@ -1,5 +1,10 @@
|
|
1 |
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
|
|
|
|
|
|
|
|
|
|
|
3 |
// Look up address on various blackhole lists.
|
4 |
// These should not be used for GET requests under any circumstances!
|
5 |
// FIXME: Note that this code is no longer in use
|
@@ -55,6 +60,7 @@ function bb2_httpbl($settings, $package) {
|
|
55 |
$result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org.");
|
56 |
if (!empty($result)) {
|
57 |
$ip = explode('.', $result[0]);
|
|
|
58 |
if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) {
|
59 |
return '2b021b1f';
|
60 |
}
|
@@ -65,3 +71,4 @@ function bb2_httpbl($settings, $package) {
|
|
65 |
}
|
66 |
return false;
|
67 |
}
|
|
1 |
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
|
3 |
+
// Quick and dirty check for an IPv6 address
|
4 |
+
function is_ipv6($address) {
|
5 |
+
return (strpos($address, ":")) ? TRUE : FALSE;
|
6 |
+
}
|
7 |
+
|
8 |
// Look up address on various blackhole lists.
|
9 |
// These should not be used for GET requests under any circumstances!
|
10 |
// FIXME: Note that this code is no longer in use
|
60 |
$result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org.");
|
61 |
if (!empty($result)) {
|
62 |
$ip = explode('.', $result[0]);
|
63 |
+
// Check if threat
|
64 |
if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] <= $settings['httpbl_maxage']) {
|
65 |
return '2b021b1f';
|
66 |
}
|
71 |
}
|
72 |
return false;
|
73 |
}
|
74 |
+
?>
|
bad-behavior/blacklist.inc.php
CHANGED
@@ -18,7 +18,6 @@ function bb2_blacklist($package) {
|
|
18 |
"EmailCollector", // spam harvester
|
19 |
"Email Siphon", // spam harvester
|
20 |
"EmailSiphon", // spam harvester
|
21 |
-
"Forum Poster", // forum spambot
|
22 |
"grub crawler", // misc comment/email spam
|
23 |
"HttpProxy", // misc comment/email spam
|
24 |
"Internet Explorer", // XMLRPC exploits seen
|
@@ -43,9 +42,8 @@ function bb2_blacklist($package) {
|
|
43 |
"psycheclone", // spam harvester
|
44 |
"PussyCat ", // misc comment spam
|
45 |
"PycURL", // misc comment spam
|
46 |
-
"Python-urllib", // commonly abused
|
47 |
-
// WP 2.5 now has Flash; FIXME
|
48 |
// "Shockwave Flash", // spam harvester
|
|
|
49 |
"Super Happy Fun ", // spam harvester
|
50 |
"TrackBack/", // trackback spam
|
51 |
"user", // suspicious harvester
|
@@ -71,12 +69,11 @@ function bb2_blacklist($package) {
|
|
71 |
"grub-client", // search engine ignores robots.txt
|
72 |
"hanzoweb", // very badly behaved crawler
|
73 |
"Indy Library", // misc comment/email spam
|
74 |
-
"
|
75 |
"Murzillo compatible", // comment spam bot
|
76 |
".NET CLR 1)", // free poker, etc.
|
77 |
"POE-Component-Client", // free poker, etc.
|
78 |
"Turing Machine", // www.anonymizer.com abuse
|
79 |
-
"unspecified.mail", // stealth harvesters
|
80 |
"User-agent: ", // spam harvester/splogger
|
81 |
"WebaltBot", // spam harvester
|
82 |
"WISEbot", // spam harvester
|
@@ -86,7 +83,6 @@ function bb2_blacklist($package) {
|
|
86 |
"Windows NT 5.1;)", // wikispam bot
|
87 |
"Windows XP 5", // spam harvester
|
88 |
"WordPress/4.01", // pingback spam
|
89 |
-
"Xedant Human Emulator",// spammer script engine
|
90 |
"\\\\)", // spam harvester
|
91 |
);
|
92 |
|
@@ -125,3 +121,5 @@ function bb2_blacklist($package) {
|
|
125 |
|
126 |
return FALSE;
|
127 |
}
|
|
|
|
18 |
"EmailCollector", // spam harvester
|
19 |
"Email Siphon", // spam harvester
|
20 |
"EmailSiphon", // spam harvester
|
|
|
21 |
"grub crawler", // misc comment/email spam
|
22 |
"HttpProxy", // misc comment/email spam
|
23 |
"Internet Explorer", // XMLRPC exploits seen
|
42 |
"psycheclone", // spam harvester
|
43 |
"PussyCat ", // misc comment spam
|
44 |
"PycURL", // misc comment spam
|
|
|
|
|
45 |
// "Shockwave Flash", // spam harvester
|
46 |
+
// WP 2.5 now has Flash; FIXME
|
47 |
"Super Happy Fun ", // spam harvester
|
48 |
"TrackBack/", // trackback spam
|
49 |
"user", // suspicious harvester
|
69 |
"grub-client", // search engine ignores robots.txt
|
70 |
"hanzoweb", // very badly behaved crawler
|
71 |
"Indy Library", // misc comment/email spam
|
72 |
+
"larbin@unspecified", // stealth harvesters
|
73 |
"Murzillo compatible", // comment spam bot
|
74 |
".NET CLR 1)", // free poker, etc.
|
75 |
"POE-Component-Client", // free poker, etc.
|
76 |
"Turing Machine", // www.anonymizer.com abuse
|
|
|
77 |
"User-agent: ", // spam harvester/splogger
|
78 |
"WebaltBot", // spam harvester
|
79 |
"WISEbot", // spam harvester
|
83 |
"Windows NT 5.1;)", // wikispam bot
|
84 |
"Windows XP 5", // spam harvester
|
85 |
"WordPress/4.01", // pingback spam
|
|
|
86 |
"\\\\)", // spam harvester
|
87 |
);
|
88 |
|
121 |
|
122 |
return FALSE;
|
123 |
}
|
124 |
+
|
125 |
+
?>
|
bad-behavior/browser.inc.php
DELETED
@@ -1,84 +0,0 @@
|
|
1 |
-
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
-
|
3 |
-
// Analyze user agents claiming to be Konqueror
|
4 |
-
|
5 |
-
function bb2_konqueror($package)
|
6 |
-
{
|
7 |
-
// CafeKelsa is a dev project at Yahoo which indexes job listings for
|
8 |
-
// Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
|
9 |
-
if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
|
10 |
-
if (!array_key_exists('Accept', $package['headers_mixed'])) {
|
11 |
-
return "17566707";
|
12 |
-
}
|
13 |
-
}
|
14 |
-
return false;
|
15 |
-
}
|
16 |
-
|
17 |
-
// Analyze user agents claiming to be Lynx
|
18 |
-
|
19 |
-
function bb2_lynx($package)
|
20 |
-
{
|
21 |
-
if (!array_key_exists('Accept', $package['headers_mixed'])) {
|
22 |
-
return "17566707";
|
23 |
-
}
|
24 |
-
return false;
|
25 |
-
}
|
26 |
-
|
27 |
-
// Analyze user agents claiming to be Mozilla
|
28 |
-
|
29 |
-
function bb2_mozilla($package)
|
30 |
-
{
|
31 |
-
// First off, workaround for Google Desktop, until they fix it FIXME
|
32 |
-
// Google Desktop fixed it, but apparently some old versions are
|
33 |
-
// still out there. :(
|
34 |
-
// Always check accept header for Mozilla user agents
|
35 |
-
if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
|
36 |
-
if (!array_key_exists('Accept', $package['headers_mixed'])) {
|
37 |
-
return "17566707";
|
38 |
-
}
|
39 |
-
}
|
40 |
-
return false;
|
41 |
-
}
|
42 |
-
|
43 |
-
// Analyze user agents claiming to be MSIE
|
44 |
-
|
45 |
-
function bb2_msie($package)
|
46 |
-
{
|
47 |
-
if (!array_key_exists('Accept', $package['headers_mixed'])) {
|
48 |
-
return "17566707";
|
49 |
-
}
|
50 |
-
|
51 |
-
// MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
|
52 |
-
if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
|
53 |
-
return "a1084bad";
|
54 |
-
}
|
55 |
-
|
56 |
-
// MSIE does NOT send Connection: TE but Akamai does
|
57 |
-
// Bypass this test when Akamai detected
|
58 |
-
// The latest version of IE for Windows CE also uses Connection: TE
|
59 |
-
if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
|
60 |
-
return "2b90f772";
|
61 |
-
}
|
62 |
-
|
63 |
-
return false;
|
64 |
-
}
|
65 |
-
|
66 |
-
// Analyze user agents claiming to be Opera
|
67 |
-
|
68 |
-
function bb2_opera($package)
|
69 |
-
{
|
70 |
-
if (!array_key_exists('Accept', $package['headers_mixed'])) {
|
71 |
-
return "17566707";
|
72 |
-
}
|
73 |
-
return false;
|
74 |
-
}
|
75 |
-
|
76 |
-
// Analyze user agents claiming to be Safari
|
77 |
-
|
78 |
-
function bb2_safari($package)
|
79 |
-
{
|
80 |
-
if (!array_key_exists('Accept', $package['headers_mixed'])) {
|
81 |
-
return "17566707";
|
82 |
-
}
|
83 |
-
return false;
|
84 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bad-behavior/cloudflare.inc.php
DELETED
@@ -1,14 +0,0 @@
|
|
1 |
-
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
-
|
3 |
-
// Analyze requests claiming to be from CloudFlare
|
4 |
-
|
5 |
-
require_once(BB2_CORE . "/roundtripdns.inc.php");
|
6 |
-
|
7 |
-
function bb2_cloudflare($package)
|
8 |
-
{
|
9 |
-
# Disabled due to http://bugs.php.net/bug.php?id=53092
|
10 |
-
# if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
|
11 |
-
# return '70e45496';
|
12 |
-
# }
|
13 |
-
return false;
|
14 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bad-behavior/common_tests.inc.php
CHANGED
@@ -4,7 +4,8 @@
|
|
4 |
|
5 |
function bb2_protocol($settings, $package)
|
6 |
{
|
7 |
-
//
|
|
|
8 |
if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
|
9 |
return "a0105122";
|
10 |
}
|
@@ -40,8 +41,6 @@ function bb2_misc_headers($settings, $package)
|
|
40 |
|
41 |
// Broken spambots send URLs with various invalid characters
|
42 |
// Some broken browsers send the #vector in the referer field :(
|
43 |
-
// Worse yet, some Javascript client-side apps do the same in
|
44 |
-
// blatant violation of the protocol and good sense.
|
45 |
// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
|
46 |
if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) {
|
47 |
return "dfd9b1ad";
|
@@ -70,6 +69,7 @@ function bb2_misc_headers($settings, $package)
|
|
70 |
// Lowercase via is used by open proxies/referrer spammers
|
71 |
// Exceptions: Clearswift uses lowercase via (refuses to fix;
|
72 |
// may be blocked again in the future)
|
|
|
73 |
if (array_key_exists('via', $package['headers']) &&
|
74 |
strpos($package['headers']['via'],'Clearswift') === FALSE &&
|
75 |
strpos($ua,'CoralWebPrx') === FALSE) {
|
@@ -106,10 +106,6 @@ function bb2_misc_headers($settings, $package)
|
|
106 |
if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
|
107 |
return "a52f0448";
|
108 |
}
|
109 |
-
// Keep-Alive format in RFC 2068; some bots mangle these headers
|
110 |
-
if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
|
111 |
-
return "b0924802";
|
112 |
-
}
|
113 |
}
|
114 |
|
115 |
|
@@ -118,8 +114,6 @@ function bb2_misc_headers($settings, $package)
|
|
118 |
return "b9cc1d86";
|
119 |
}
|
120 |
// Proxy-Connection does not exist and should never be seen in the wild
|
121 |
-
// http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html
|
122 |
-
// http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html
|
123 |
if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
|
124 |
return "b7830251";
|
125 |
}
|
@@ -132,7 +126,7 @@ function bb2_misc_headers($settings, $package)
|
|
132 |
|
133 |
// Referer, if it exists, must contain a :
|
134 |
// While a relative URL is technically valid in Referer, all known
|
135 |
-
//
|
136 |
if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
|
137 |
return "45b35e30";
|
138 |
}
|
@@ -146,3 +140,5 @@ function bb2_misc_headers($settings, $package)
|
|
146 |
|
147 |
return false;
|
148 |
}
|
|
|
|
4 |
|
5 |
function bb2_protocol($settings, $package)
|
6 |
{
|
7 |
+
// Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
|
8 |
+
// Always run this test; we should never see Expect:
|
9 |
if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
|
10 |
return "a0105122";
|
11 |
}
|
41 |
|
42 |
// Broken spambots send URLs with various invalid characters
|
43 |
// Some broken browsers send the #vector in the referer field :(
|
|
|
|
|
44 |
// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
|
45 |
if ($settings['strict'] && strpos($package['request_uri'], "#") !== FALSE) {
|
46 |
return "dfd9b1ad";
|
69 |
// Lowercase via is used by open proxies/referrer spammers
|
70 |
// Exceptions: Clearswift uses lowercase via (refuses to fix;
|
71 |
// may be blocked again in the future)
|
72 |
+
// Coral CDN uses lowercase via
|
73 |
if (array_key_exists('via', $package['headers']) &&
|
74 |
strpos($package['headers']['via'],'Clearswift') === FALSE &&
|
75 |
strpos($ua,'CoralWebPrx') === FALSE) {
|
106 |
if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
|
107 |
return "a52f0448";
|
108 |
}
|
|
|
|
|
|
|
|
|
109 |
}
|
110 |
|
111 |
|
114 |
return "b9cc1d86";
|
115 |
}
|
116 |
// Proxy-Connection does not exist and should never be seen in the wild
|
|
|
|
|
117 |
if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
|
118 |
return "b7830251";
|
119 |
}
|
126 |
|
127 |
// Referer, if it exists, must contain a :
|
128 |
// While a relative URL is technically valid in Referer, all known
|
129 |
+
// legit user-agents send an absolute URL
|
130 |
if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
|
131 |
return "45b35e30";
|
132 |
}
|
140 |
|
141 |
return false;
|
142 |
}
|
143 |
+
|
144 |
+
?>
|
bad-behavior/core.inc.php
CHANGED
@@ -1,7 +1,6 @@
|
|
1 |
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
|
2 |
-
define('BB2_VERSION', "2.2.5");
|
3 |
|
4 |
-
// Bad Behavior entry point is
|
5 |
// If you're reading this, you are probably lost.
|
6 |
// Go read the bad-behavior-generic.php file.
|
7 |
|
@@ -10,6 +9,51 @@ define('BB2_COOKIE', 'bb2_screener_');
|
|
10 |
|
11 |
require_once(BB2_CORE . "/functions.inc.php");
|
12 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
13 |
// Kill 'em all!
|
14 |
function bb2_banned($settings, $package, $key, $previous_key=false)
|
15 |
{
|
@@ -17,12 +61,13 @@ function bb2_banned($settings, $package, $key, $previous_key=false)
|
|
17 |
sleep(2);
|
18 |
|
19 |
require_once(BB2_CORE . "/banned.inc.php");
|
20 |
-
bb2_display_denial($settings, $
|
21 |
bb2_log_denial($settings, $package, $key, $previous_key);
|
22 |
if (is_callable('bb2_banned_callback')) {
|
23 |
bb2_banned_callback($settings, $package, $key);
|
24 |
}
|
25 |
// Penalize the spammers some more
|
|
|
26 |
bb2_housekeeping($settings, $package);
|
27 |
die();
|
28 |
}
|
@@ -40,41 +85,29 @@ function bb2_approved($settings, $package)
|
|
40 |
}
|
41 |
}
|
42 |
|
43 |
-
|
44 |
-
|
|
|
45 |
{
|
46 |
-
|
47 |
-
$
|
48 |
-
|
49 |
-
return false;
|
50 |
}
|
51 |
-
|
52 |
-
|
53 |
-
|
54 |
-
if (!empty($settings['reverse_proxy_addresses'])) {
|
55 |
-
foreach ($addrs as $addr) {
|
56 |
-
if (!match_cidr($addr, $settings['reverse_proxy_addresses']) && !is_rfc1918($addr)) {
|
57 |
-
return $addr;
|
58 |
-
}
|
59 |
-
}
|
60 |
-
} else {
|
61 |
-
foreach ($addrs as $addr) {
|
62 |
-
if (!is_rfc1918($addr)) {
|
63 |
-
return $addr;
|
64 |
-
}
|
65 |
-
}
|
66 |
}
|
67 |
-
|
68 |
-
return false;
|
69 |
}
|
70 |
|
|
|
71 |
// Let God sort 'em out!
|
72 |
function bb2_start($settings)
|
73 |
{
|
74 |
// Gather up all the information we need, first of all.
|
75 |
$headers = bb2_load_headers();
|
76 |
// Postprocess the headers to mixed-case
|
77 |
-
//
|
78 |
$headers_mixed = array();
|
79 |
foreach ($headers as $h => $v) {
|
80 |
$headers_mixed[uc_all($h)] = $v;
|
@@ -82,128 +115,106 @@ function bb2_start($settings)
|
|
82 |
|
83 |
// IPv6 - IPv4 compatibility mode hack
|
84 |
$_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
85 |
|
86 |
// Reconstruct the HTTP entity, if present.
|
87 |
$request_entity = array();
|
88 |
-
if (!strcasecmp($
|
89 |
foreach ($_POST as $h => $v) {
|
90 |
$request_entity[$h] = $v;
|
91 |
}
|
92 |
}
|
93 |
|
94 |
-
$
|
95 |
-
if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
|
96 |
|
97 |
-
|
98 |
-
|
99 |
-
$headers_mixed['X-Bad-Behavior-Remote-Address'] = $_SERVER['REMOTE_ADDR'];
|
100 |
-
} else {
|
101 |
-
$ip = $_SERVER['REMOTE_ADDR'];
|
102 |
-
}
|
103 |
-
|
104 |
-
@$package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false,);
|
105 |
-
|
106 |
-
$result = bb2_screen($settings, $package);
|
107 |
-
if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
|
108 |
-
return $result;
|
109 |
-
}
|
110 |
-
|
111 |
-
function bb2_screen($settings, $package)
|
112 |
-
{
|
113 |
-
// Please proceed to the security checkpoint, have your identification
|
114 |
-
// and boarding pass ready, and prepare to be nakedized or fondled.
|
115 |
-
|
116 |
-
// CloudFlare-specific checks not handled by reverse proxy code
|
117 |
-
// Thanks to butchs at Simple Machines
|
118 |
-
if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
|
119 |
-
require_once(BB2_CORE . "/cloudflare.inc.php");
|
120 |
-
$r = bb2_cloudflare($package);
|
121 |
-
if ($r !== false && $r != $package['ip']) return $r;
|
122 |
-
}
|
123 |
|
124 |
// First check the whitelist
|
125 |
require_once(BB2_CORE . "/whitelist.inc.php");
|
126 |
-
if (!
|
127 |
// Now check the blacklist
|
128 |
require_once(BB2_CORE . "/blacklist.inc.php");
|
129 |
-
|
130 |
|
131 |
// Check the http:BL
|
132 |
require_once(BB2_CORE . "/blackhole.inc.php");
|
133 |
-
if ($
|
134 |
-
|
135 |
-
|
|
|
136 |
}
|
137 |
|
138 |
// Check for common stuff
|
139 |
require_once(BB2_CORE . "/common_tests.inc.php");
|
140 |
-
|
141 |
-
|
142 |
-
|
143 |
|
144 |
// Specific checks
|
145 |
-
@$ua = $
|
146 |
-
// Search
|
147 |
if (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
|
148 |
-
require_once(BB2_CORE . "/
|
149 |
-
|
150 |
-
|
151 |
-
|
152 |
-
}
|
153 |
-
return false;
|
154 |
} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) {
|
155 |
-
require_once(BB2_CORE . "/
|
156 |
-
|
157 |
-
|
158 |
-
|
159 |
-
}
|
160 |
-
return false;
|
161 |
} elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
|
162 |
-
require_once(BB2_CORE . "/
|
163 |
-
|
164 |
-
|
165 |
-
|
166 |
-
}
|
167 |
-
return false;
|
168 |
}
|
169 |
// MSIE checks
|
170 |
-
if (stripos($ua, "
|
171 |
$package['is_browser'] = true;
|
172 |
-
require_once(BB2_CORE . "/browser.inc.php");
|
173 |
if (stripos($ua, "Opera") !== FALSE) {
|
174 |
-
|
|
|
175 |
} else {
|
176 |
-
|
|
|
177 |
}
|
178 |
} elseif (stripos($ua, "Konqueror") !== FALSE) {
|
179 |
$package['is_browser'] = true;
|
180 |
-
require_once(BB2_CORE . "/
|
181 |
-
|
182 |
} elseif (stripos($ua, "Opera") !== FALSE) {
|
183 |
$package['is_browser'] = true;
|
184 |
-
require_once(BB2_CORE . "/
|
185 |
-
|
186 |
} elseif (stripos($ua, "Safari") !== FALSE) {
|
187 |
$package['is_browser'] = true;
|
188 |
-
require_once(BB2_CORE . "/
|
189 |
-
|
190 |
} elseif (stripos($ua, "Lynx") !== FALSE) {
|
191 |
$package['is_browser'] = true;
|
192 |
-
require_once(BB2_CORE . "/
|
193 |
-
|
194 |
} elseif (stripos($ua, "MovableType") !== FALSE) {
|
195 |
require_once(BB2_CORE . "/movabletype.inc.php");
|
196 |
-
|
197 |
} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
|
198 |
$package['is_browser'] = true;
|
199 |
-
require_once(BB2_CORE . "/
|
200 |
-
|
201 |
}
|
202 |
|
203 |
// More intensive screening applies to POST requests
|
204 |
if (!strcasecmp('POST', $package['request_method'])) {
|
205 |
require_once(BB2_CORE . "/post.inc.php");
|
206 |
-
|
207 |
}
|
208 |
}
|
209 |
|
@@ -213,5 +224,6 @@ function bb2_screen($settings, $package)
|
|
213 |
|
214 |
// And that's about it.
|
215 |
bb2_approved($settings, $package);
|
216 |
-
return
|
217 |
}
|
|
1 |
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
|
|
|
2 |
|
3 |
+
// Bad Behavior entry point is start_bad_behavior().
|
4 |
// If you're reading this, you are probably lost.
|
5 |
// Go read the bad-behavior-generic.php file.
|
6 |
|
9 |
|
10 |
require_once(BB2_CORE . "/functions.inc.php");
|
11 |
|
12 |
+
// Our log table structure
|
13 |
+
function bb2_table_structure($name)
|
14 |
+
{
|
15 |
+
// It's not paranoia if they really are out to get you.
|
16 |
+
$name_escaped = bb2_db_escape($name);
|
17 |
+
return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
|
18 |
+
`id` INT(11) NOT NULL auto_increment,
|
19 |
+
`ip` TEXT NOT NULL,
|
20 |
+
`date` DATETIME NOT NULL default '0000-00-00 00:00:00',
|
21 |
+
`request_method` TEXT NOT NULL,
|
22 |
+
`request_uri` TEXT NOT NULL,
|
23 |
+
`server_protocol` TEXT NOT NULL,
|
24 |
+
`http_headers` TEXT NOT NULL,
|
25 |
+
`user_agent` TEXT NOT NULL,
|
26 |
+
`request_entity` TEXT NOT NULL,
|
27 |
+
`key` TEXT NOT NULL,
|
28 |
+
INDEX (`ip`(15)),
|
29 |
+
INDEX (`user_agent`(10)),
|
30 |
+
PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
|
31 |
+
}
|
32 |
+
|
33 |
+
// Insert a new record
|
34 |
+
function bb2_insert($settings, $package, $key)
|
35 |
+
{
|
36 |
+
$ip = bb2_db_escape($package['ip']);
|
37 |
+
$date = bb2_db_date();
|
38 |
+
$request_method = bb2_db_escape($package['request_method']);
|
39 |
+
$request_uri = bb2_db_escape($package['request_uri']);
|
40 |
+
$server_protocol = bb2_db_escape($package['server_protocol']);
|
41 |
+
$user_agent = bb2_db_escape($package['user_agent']);
|
42 |
+
$headers = "$request_method $request_uri $server_protocol\n";
|
43 |
+
foreach ($package['headers'] as $h => $v) {
|
44 |
+
$headers .= bb2_db_escape("$h: $v\n");
|
45 |
+
}
|
46 |
+
$request_entity = "";
|
47 |
+
if (!strcasecmp($request_method, "POST")) {
|
48 |
+
foreach ($package['request_entity'] as $h => $v) {
|
49 |
+
$request_entity .= bb2_db_escape("$h: $v\n");
|
50 |
+
}
|
51 |
+
}
|
52 |
+
return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
|
53 |
+
(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
|
54 |
+
('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
|
55 |
+
}
|
56 |
+
|
57 |
// Kill 'em all!
|
58 |
function bb2_banned($settings, $package, $key, $previous_key=false)
|
59 |
{
|
61 |
sleep(2);
|
62 |
|
63 |
require_once(BB2_CORE . "/banned.inc.php");
|
64 |
+
bb2_display_denial($settings, $key, $previous_key);
|
65 |
bb2_log_denial($settings, $package, $key, $previous_key);
|
66 |
if (is_callable('bb2_banned_callback')) {
|
67 |
bb2_banned_callback($settings, $package, $key);
|
68 |
}
|
69 |
// Penalize the spammers some more
|
70 |
+
require_once(BB2_CORE . "/housekeeping.inc.php");
|
71 |
bb2_housekeeping($settings, $package);
|
72 |
die();
|
73 |
}
|
85 |
}
|
86 |
}
|
87 |
|
88 |
+
// Check the results of a particular test; see below for usage
|
89 |
+
// Returns FALSE if test passed (yes this is backwards)
|
90 |
+
function bb2_test($settings, $package, $result)
|
91 |
{
|
92 |
+
// Passthrough a value of 1 for whitelisted/bypass items
|
93 |
+
if ($result == 1) {
|
94 |
+
return true;
|
|
|
95 |
}
|
96 |
+
if ($result !== FALSE) {
|
97 |
+
bb2_banned($settings, $package, $result);
|
98 |
+
return TRUE;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
99 |
}
|
100 |
+
return FALSE;
|
|
|
101 |
}
|
102 |
|
103 |
+
|
104 |
// Let God sort 'em out!
|
105 |
function bb2_start($settings)
|
106 |
{
|
107 |
// Gather up all the information we need, first of all.
|
108 |
$headers = bb2_load_headers();
|
109 |
// Postprocess the headers to mixed-case
|
110 |
+
// FIXME: get the world to stop using PHP as CGI
|
111 |
$headers_mixed = array();
|
112 |
foreach ($headers as $h => $v) {
|
113 |
$headers_mixed[uc_all($h)] = $v;
|
115 |
|
116 |
// IPv6 - IPv4 compatibility mode hack
|
117 |
$_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
|
118 |
+
// We use these frequently. Keep a copy close at hand.
|
119 |
+
$ip = $_SERVER['REMOTE_ADDR'];
|
120 |
+
$request_method = $_SERVER['REQUEST_METHOD'];
|
121 |
+
$request_uri = $_SERVER['REQUEST_URI'];
|
122 |
+
if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
|
123 |
+
$server_protocol = $_SERVER['SERVER_PROTOCOL'];
|
124 |
+
@$user_agent = $_SERVER['HTTP_USER_AGENT'];
|
125 |
|
126 |
// Reconstruct the HTTP entity, if present.
|
127 |
$request_entity = array();
|
128 |
+
if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
|
129 |
foreach ($_POST as $h => $v) {
|
130 |
$request_entity[$h] = $v;
|
131 |
}
|
132 |
}
|
133 |
|
134 |
+
$package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
|
|
|
135 |
|
136 |
+
// Please proceed to the security checkpoint and have your
|
137 |
+
// identification and boarding pass ready.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
138 |
|
139 |
// First check the whitelist
|
140 |
require_once(BB2_CORE . "/whitelist.inc.php");
|
141 |
+
if (!bb2_whitelist($package)) {
|
142 |
// Now check the blacklist
|
143 |
require_once(BB2_CORE . "/blacklist.inc.php");
|
144 |
+
bb2_test($settings, $package, bb2_blacklist($package));
|
145 |
|
146 |
// Check the http:BL
|
147 |
require_once(BB2_CORE . "/blackhole.inc.php");
|
148 |
+
if (bb2_test($settings, $package, bb2_httpbl($settings, $package))) {
|
149 |
+
// Bypass all checks if http:BL says search engine
|
150 |
+
bb2_approved($settings, $package);
|
151 |
+
return true;
|
152 |
}
|
153 |
|
154 |
// Check for common stuff
|
155 |
require_once(BB2_CORE . "/common_tests.inc.php");
|
156 |
+
bb2_test($settings, $package, bb2_protocol($settings, $package));
|
157 |
+
bb2_test($settings, $package, bb2_cookies($settings, $package));
|
158 |
+
bb2_test($settings, $package, bb2_misc_headers($settings, $package));
|
159 |
|
160 |
// Specific checks
|
161 |
+
@$ua = $headers_mixed['User-Agent'];
|
162 |
+
// Search engines first
|
163 |
if (stripos($ua, "bingbot") !== FALSE || stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
|
164 |
+
require_once(BB2_CORE . "/msnbot.inc.php");
|
165 |
+
bb2_test($settings, $package, bb2_msnbot($package));
|
166 |
+
bb2_approved($settings, $package);
|
167 |
+
return true;
|
|
|
|
|
168 |
} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Web Preview") !== FALSE) {
|
169 |
+
require_once(BB2_CORE . "/google.inc.php");
|
170 |
+
bb2_test($settings, $package, bb2_google($package));
|
171 |
+
bb2_approved($settings, $package);
|
172 |
+
return true;
|
|
|
|
|
173 |
} elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
|
174 |
+
require_once(BB2_CORE . "/yahoo.inc.php");
|
175 |
+
bb2_test($settings, $package, bb2_yahoo($package));
|
176 |
+
bb2_approved($settings, $package);
|
177 |
+
return true;
|
|
|
|
|
178 |
}
|
179 |
// MSIE checks
|
180 |
+
if (stripos($ua, "MSIE") !== FALSE) {
|
181 |
$package['is_browser'] = true;
|
|
|
182 |
if (stripos($ua, "Opera") !== FALSE) {
|
183 |
+
require_once(BB2_CORE . "/opera.inc.php");
|
184 |
+
bb2_test($settings, $package, bb2_opera($package));
|
185 |
} else {
|
186 |
+
require_once(BB2_CORE . "/msie.inc.php");
|
187 |
+
bb2_test($settings, $package, bb2_msie($package));
|
188 |
}
|
189 |
} elseif (stripos($ua, "Konqueror") !== FALSE) {
|
190 |
$package['is_browser'] = true;
|
191 |
+
require_once(BB2_CORE . "/konqueror.inc.php");
|
192 |
+
bb2_test($settings, $package, bb2_konqueror($package));
|
193 |
} elseif (stripos($ua, "Opera") !== FALSE) {
|
194 |
$package['is_browser'] = true;
|
195 |
+
require_once(BB2_CORE . "/opera.inc.php");
|
196 |
+
bb2_test($settings, $package, bb2_opera($package));
|
197 |
} elseif (stripos($ua, "Safari") !== FALSE) {
|
198 |
$package['is_browser'] = true;
|
199 |
+
require_once(BB2_CORE . "/safari.inc.php");
|
200 |
+
bb2_test($settings, $package, bb2_safari($package));
|
201 |
} elseif (stripos($ua, "Lynx") !== FALSE) {
|
202 |
$package['is_browser'] = true;
|
203 |
+
require_once(BB2_CORE . "/lynx.inc.php");
|
204 |
+
bb2_test($settings, $package, bb2_lynx($package));
|
205 |
} elseif (stripos($ua, "MovableType") !== FALSE) {
|
206 |
require_once(BB2_CORE . "/movabletype.inc.php");
|
207 |
+
bb2_test($settings, $package, bb2_movabletype($package));
|
208 |
} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
|
209 |
$package['is_browser'] = true;
|
210 |
+
require_once(BB2_CORE . "/mozilla.inc.php");
|
211 |
+
bb2_test($settings, $package, bb2_mozilla($package));
|
212 |
}
|
213 |
|
214 |
// More intensive screening applies to POST requests
|
215 |
if (!strcasecmp('POST', $package['request_method'])) {
|
216 |
require_once(BB2_CORE . "/post.inc.php");
|
217 |
+
bb2_test($settings, $package, bb2_post($settings, $package));
|
218 |
}
|
219 |
}
|
220 |
|
224 |
|
225 |
// And that's about it.
|
226 |
bb2_approved($settings, $package);
|
227 |
+
return true;
|
228 |
}
|
229 |
+
?>
|
bad-behavior/functions.inc.php
CHANGED
@@ -2,11 +2,6 @@
|
|
2 |
|
3 |
// Miscellaneous helper functions.
|
4 |
|
5 |
-
// Quick and dirty check for an IPv6 address
|
6 |
-
function is_ipv6($address) {
|
7 |
-
return (strpos($address, ":")) ? TRUE : FALSE;
|
8 |
-
}
|
9 |
-
|
10 |
// stripos() needed because stripos is only present on PHP 5
|
11 |
if (!function_exists('stripos')) {
|
12 |
function stripos($haystack,$needle,$offset = 0) {
|
@@ -58,10 +53,6 @@ function match_cidr($addr, $cidr) {
|
|
58 |
return $output;
|
59 |
}
|
60 |
|
61 |
-
// Determine if an IP address is reserved by RFC 1918.
|
62 |
-
function is_rfc1918($addr) {
|
63 |
-
return match_cidr($addr, array("10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"));
|
64 |
-
}
|
65 |
// Obtain all the HTTP headers.
|
66 |
// NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
|
67 |
// headers. Run PHP as Apache 2.0 module if possible for best results.
|
@@ -76,3 +67,5 @@ function bb2_load_headers() {
|
|
76 |
}
|
77 |
return $headers;
|
78 |
}
|
|
|
|
2 |
|
3 |
// Miscellaneous helper functions.
|
4 |
|
|
|
|
|
|
|
|
|
|
|
5 |
// stripos() needed because stripos is only present on PHP 5
|
6 |
if (!function_exists('stripos')) {
|
7 |
function stripos($haystack,$needle,$offset = 0) {
|
53 |
return $output;
|
54 |
}
|
55 |
|
|
|
|
|
|
|
|
|
56 |
// Obtain all the HTTP headers.
|
57 |
// NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
|
58 |
// headers. Run PHP as Apache 2.0 module if possible for best results.
|
67 |
}
|
68 |
return $headers;
|
69 |
}
|
70 |
+
|
71 |
+
?>
|
bad-behavior/google.inc.php
ADDED
@@ -0,0 +1,13 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
+
|
3 |
+
// Analyze user agents claiming to be Googlebot
|
4 |
+
|
5 |
+
function bb2_google($package)
|
6 |
+
{
|
7 |
+
if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE && match_cidr($package['ip'], "203.208.32.0/19") === FALSE && match_cidr($package['ip'], "74.125.0.0/16") === FALSE && match_cidr($package['ip'], "216.239.32.0/19") === FALSE && match_cidr($package['ip'], "209.85.128.0/17") === FALSE) {
|
8 |
+
return "f1182195";
|
9 |
+
}
|
10 |
+
return false;
|
11 |
+
}
|
12 |
+
|
13 |
+
?>
|
bad-behavior/housekeeping.inc.php
ADDED
@@ -0,0 +1,16 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
+
|
3 |
+
function bb2_housekeeping($settings, $package)
|
4 |
+
{
|
5 |
+
// FIXME Yes, the interval's hard coded (again) for now.
|
6 |
+
$query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
|
7 |
+
bb2_db_query($query);
|
8 |
+
|
9 |
+
// Waste a bunch more of the spammer's time, sometimes.
|
10 |
+
if (rand(1,1000) == 1) {
|
11 |
+
$query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
|
12 |
+
bb2_db_query($query);
|
13 |
+
}
|
14 |
+
}
|
15 |
+
|
16 |
+
?>
|
bad-behavior/konqueror.inc.php
ADDED
@@ -0,0 +1,17 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
+
|
3 |
+
// Analyze user agents claiming to be Konqueror
|
4 |
+
|
5 |
+
function bb2_konqueror($package)
|
6 |
+
{
|
7 |
+
// CafeKelsa is a dev project at Yahoo which indexes job listings for
|
8 |
+
// Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
|
9 |
+
if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
|
10 |
+
if (!array_key_exists('Accept', $package['headers_mixed'])) {
|
11 |
+
return "17566707";
|
12 |
+
}
|
13 |
+
}
|
14 |
+
return false;
|
15 |
+
}
|
16 |
+
|
17 |
+
?>
|
bad-behavior/lynx.inc.php
ADDED
@@ -0,0 +1,13 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
+
|
3 |
+
// Analyze user agents claiming to be Lynx
|
4 |
+
|
5 |
+
function bb2_lynx($package)
|
6 |
+
{
|
7 |
+
if (!array_key_exists('Accept', $package['headers_mixed'])) {
|
8 |
+
return "17566707";
|
9 |
+
}
|
10 |
+
return false;
|
11 |
+
}
|
12 |
+
|
13 |
+
?>
|
bad-behavior/movabletype.inc.php
CHANGED
@@ -10,3 +10,5 @@ function bb2_movabletype($package)
|
|
10 |
}
|
11 |
return false;
|
12 |
}
|
|
|
|
10 |
}
|
11 |
return false;
|
12 |
}
|
13 |
+
|
14 |
+
?>
|
bad-behavior/mozilla.inc.php
ADDED
@@ -0,0 +1,19 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
+
|
3 |
+
// Analyze user agents claiming to be Mozilla
|
4 |
+
|
5 |
+
function bb2_mozilla($package)
|
6 |
+
{
|
7 |
+
// First off, workaround for Google Desktop, until they fix it FIXME
|
8 |
+
// Google Desktop fixed it, but apparently some old versions are
|
9 |
+
// still out there. :(
|
10 |
+
// Always check accept header for Mozilla user agents
|
11 |
+
if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
|
12 |
+
if (!array_key_exists('Accept', $package['headers_mixed'])) {
|
13 |
+
return "17566707";
|
14 |
+
}
|
15 |
+
}
|
16 |
+
return false;
|
17 |
+
}
|
18 |
+
|
19 |
+
?>
|
bad-behavior/msie.inc.php
ADDED
@@ -0,0 +1,26 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
+
|
3 |
+
// Analyze user agents claiming to be MSIE
|
4 |
+
|
5 |
+
function bb2_msie($package)
|
6 |
+
{
|
7 |
+
if (!array_key_exists('Accept', $package['headers_mixed'])) {
|
8 |
+
return "17566707";
|
9 |
+
}
|
10 |
+
|
11 |
+
// MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
|
12 |
+
if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
|
13 |
+
return "a1084bad";
|
14 |
+
}
|
15 |
+
|
16 |
+
// MSIE does NOT send Connection: TE but Akamai does
|
17 |
+
// Bypass this test when Akamai detected
|
18 |
+
// The latest version of IE for Windows CE also uses Connection: TE
|
19 |
+
if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
|
20 |
+
return "2b90f772";
|
21 |
+
}
|
22 |
+
|
23 |
+
return false;
|
24 |
+
}
|
25 |
+
|
26 |
+
?>
|
bad-behavior/msnbot.inc.php
ADDED
@@ -0,0 +1,13 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
+
|
3 |
+
// Analyze user agents claiming to be msnbot
|
4 |
+
|
5 |
+
function bb2_msnbot($package)
|
6 |
+
{
|
7 |
+
if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
|
8 |
+
return "e4de0453";
|
9 |
+
}
|
10 |
+
return false;
|
11 |
+
}
|
12 |
+
|
13 |
+
?>
|
bad-behavior/opera.inc.php
ADDED
@@ -0,0 +1,13 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
+
|
3 |
+
// Analyze user agents claiming to be Opera
|
4 |
+
|
5 |
+
function bb2_opera($package)
|
6 |
+
{
|
7 |
+
if (!array_key_exists('Accept', $package['headers_mixed'])) {
|
8 |
+
return "17566707";
|
9 |
+
}
|
10 |
+
return false;
|
11 |
+
}
|
12 |
+
|
13 |
+
?>
|
bad-behavior/post.inc.php
CHANGED
@@ -1,36 +1,11 @@
|
|
1 |
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
|
3 |
-
// Specialized screening for trackbacks
|
4 |
-
function bb2_trackback($package)
|
5 |
-
{
|
6 |
-
// Web browsers don't send trackbacks
|
7 |
-
if ($package['is_browser']) {
|
8 |
-
return 'f0dcb3fd';
|
9 |
-
}
|
10 |
-
|
11 |
-
// Proxy servers don't send trackbacks either
|
12 |
-
if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
|
13 |
-
return 'd60b87c7';
|
14 |
-
}
|
15 |
-
|
16 |
-
// Fake WordPress trackbacks
|
17 |
-
// Real ones do not contain Accept:, and have a charset defined
|
18 |
-
// Real WP trackbacks may contain Accept: depending on the HTTP
|
19 |
-
// transport being used by the sending host
|
20 |
-
if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
|
21 |
-
if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
|
22 |
-
return 'e3990b47';
|
23 |
-
}
|
24 |
-
}
|
25 |
-
return false;
|
26 |
-
}
|
27 |
-
|
28 |
// All tests which apply specifically to POST requests
|
29 |
function bb2_post($settings, $package)
|
30 |
{
|
31 |
// Check blackhole lists for known spam/malicious activity
|
32 |
// require_once(BB2_CORE . "/blackhole.inc.php");
|
33 |
-
//
|
34 |
|
35 |
// MovableType needs specialized screening
|
36 |
if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
|
@@ -42,6 +17,7 @@ function bb2_post($settings, $package)
|
|
42 |
// Trackbacks need special screening
|
43 |
$request_entity = $package['request_entity'];
|
44 |
if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
|
|
|
45 |
return bb2_trackback($package);
|
46 |
}
|
47 |
|
@@ -54,13 +30,8 @@ function bb2_post($settings, $package)
|
|
54 |
}
|
55 |
|
56 |
// If Referer exists, it should refer to a page on our site
|
57 |
-
if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed'])) {
|
58 |
-
|
59 |
-
$url['host'] = preg_replace('|^www\.|', '', $url['host']);
|
60 |
-
$host = preg_replace('|^www\.|', '', $package['headers_mixed']['Host']);
|
61 |
-
if (strcasecmp($host, $url['host'])) {
|
62 |
-
return "cd361abb";
|
63 |
-
}
|
64 |
}
|
65 |
|
66 |
// Screen by cookie/JavaScript form add
|
@@ -105,3 +76,5 @@ function bb2_post($settings, $package)
|
|
105 |
|
106 |
return false;
|
107 |
}
|
|
|
|
1 |
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3 |
// All tests which apply specifically to POST requests
|
4 |
function bb2_post($settings, $package)
|
5 |
{
|
6 |
// Check blackhole lists for known spam/malicious activity
|
7 |
// require_once(BB2_CORE . "/blackhole.inc.php");
|
8 |
+
// bb2_test($settings, $package, bb2_blackhole($package));
|
9 |
|
10 |
// MovableType needs specialized screening
|
11 |
if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
|
17 |
// Trackbacks need special screening
|
18 |
$request_entity = $package['request_entity'];
|
19 |
if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
|
20 |
+
require_once(BB2_CORE . "/trackback.inc.php");
|
21 |
return bb2_trackback($package);
|
22 |
}
|
23 |
|
30 |
}
|
31 |
|
32 |
// If Referer exists, it should refer to a page on our site
|
33 |
+
if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
|
34 |
+
return "cd361abb";
|
|
|
|
|
|
|
|
|
|
|
35 |
}
|
36 |
|
37 |
// Screen by cookie/JavaScript form add
|
76 |
|
77 |
return false;
|
78 |
}
|
79 |
+
|
80 |
+
?>
|
bad-behavior/responses.inc.php
CHANGED
@@ -19,7 +19,6 @@ function bb2_get_response($key) {
|
|
19 |
'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
|
20 |
'69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
|
21 |
'6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
|
22 |
-
'70e45496' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User agent claimed to be CloudFlare, claim appears false'),
|
23 |
'71436a15' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Yahoo, claim appears to be false'),
|
24 |
'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
|
25 |
'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
|
@@ -30,7 +29,6 @@ function bb2_get_response($key) {
|
|
30 |
'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
|
31 |
'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
|
32 |
'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
|
33 |
-
'b0924802' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by malicious software on your computer.', 'log' => 'Incorrect form of HTTP/1.0 Keep-Alive'),
|
34 |
'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
|
35 |
'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
|
36 |
'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
|
@@ -49,3 +47,4 @@ function bb2_get_response($key) {
|
|
49 |
if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
|
50 |
return array('00000000');
|
51 |
}
|
|
19 |
'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
|
20 |
'69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
|
21 |
'6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
|
|
|
22 |
'71436a15' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Yahoo, claim appears to be false'),
|
23 |
'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
|
24 |
'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
|
29 |
'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
|
30 |
'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
|
31 |
'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
|
|
|
32 |
'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
|
33 |
'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
|
34 |
'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
|
47 |
if (array_key_exists($key, $bb2_responses)) return $bb2_responses[$key];
|
48 |
return array('00000000');
|
49 |
}
|
50 |
+
?>
|
bad-behavior/roundtripdns.inc.php
DELETED
@@ -1,20 +0,0 @@
|
|
1 |
-
<?php if (!defined('BB2_CORE')) die("I said no cheating!");
|
2 |
-
|
3 |
-
# Round trip DNS verification
|
4 |
-
|
5 |
-
# Returns TRUE if DNS matches; FALSE on mismatch
|
6 |
-
# Returns $ip if an error occurs
|
7 |
-
# TODO: Not IPv6 safe
|
8 |
-
# FIXME: Returns false on DNS server failure; PHP provides no distinction
|
9 |
-
# between no records and error condition
|
10 |
-
function bb2_roundtripdns($ip,$domain)
|
11 |
-
{
|
12 |
-
if (@is_ipv6($ip)) return $ip;
|
13 |
-
|
14 |
-
$host = gethostbyaddr($ip);
|
15 |
-
$host_result = strpos(strrev($host), strrev($domain));
|
16 |
-
if ($host_result === false || $host_result > 0) return false;
|
17 |
-
$addrs = gethostbynamel($host);
|
18 |
-
if (in_array($ip, $addrs)) return true;
|
19 |
-
return false;
|
20 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bad-behavior/safari.inc.php
ADDED
@@ -0,0 +1,13 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
+
|
3 |
+
// Analyze user agents claiming to be Safari
|
4 |
+
|
5 |
+
function bb2_safari($package)
|
6 |
+
{
|
7 |
+
if (!array_key_exists('Accept', $package['headers_mixed'])) {
|
8 |
+
return "17566707";
|
9 |
+
}
|
10 |
+
return false;
|
11 |
+
}
|
12 |
+
|
13 |
+
?>
|
bad-behavior/screener.inc.php
CHANGED
@@ -62,3 +62,4 @@ function bb2_screener($settings, $package)
|
|
62 |
bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
|
63 |
bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
|
64 |
}
|
|
62 |
bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
|
63 |
bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
|
64 |
}
|
65 |
+
?>
|
bad-behavior/searchengine.inc.php
DELETED
@@ -1,45 +0,0 @@
|
|
1 |
-
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
-
|
3 |
-
require_once(BB2_CORE . "/roundtripdns.inc.php");
|
4 |
-
|
5 |
-
// Analyze user agents claiming to be Googlebot
|
6 |
-
|
7 |
-
function bb2_google($package)
|
8 |
-
{
|
9 |
-
if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === FALSE) {
|
10 |
-
return "f1182195";
|
11 |
-
}
|
12 |
-
# Disabled due to http://bugs.php.net/bug.php?id=53092
|
13 |
-
# if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
|
14 |
-
# return "f1182195";
|
15 |
-
# }
|
16 |
-
return false;
|
17 |
-
}
|
18 |
-
|
19 |
-
// Analyze user agents claiming to be msnbot
|
20 |
-
|
21 |
-
function bb2_msnbot($package)
|
22 |
-
{
|
23 |
-
if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
|
24 |
-
return "e4de0453";
|
25 |
-
}
|
26 |
-
# Disabled due to http://bugs.php.net/bug.php?id=53092
|
27 |
-
# if (!bb2_roundtripdns($package['ip'], "msn.com")) {
|
28 |
-
# return "e4de0453";
|
29 |
-
# }
|
30 |
-
return false;
|
31 |
-
}
|
32 |
-
|
33 |
-
// Analyze user agents claiming to be Yahoo!
|
34 |
-
|
35 |
-
function bb2_yahoo($package)
|
36 |
-
{
|
37 |
-
if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
|
38 |
-
return '71436a15';
|
39 |
-
}
|
40 |
-
# Disabled due to http://bugs.php.net/bug.php?id=53092
|
41 |
-
# if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
|
42 |
-
# return "71436a15";
|
43 |
-
# }
|
44 |
-
return false;
|
45 |
-
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
bad-behavior/trackback.inc.php
ADDED
@@ -0,0 +1,28 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
+
|
3 |
+
// Specialized screening for trackbacks
|
4 |
+
function bb2_trackback($package)
|
5 |
+
{
|
6 |
+
// Web browsers don't send trackbacks
|
7 |
+
if ($package['is_browser']) {
|
8 |
+
return 'f0dcb3fd';
|
9 |
+
}
|
10 |
+
|
11 |
+
// Proxy servers don't send trackbacks either
|
12 |
+
if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
|
13 |
+
return 'd60b87c7';
|
14 |
+
}
|
15 |
+
|
16 |
+
// Fake WordPress trackbacks
|
17 |
+
// Real ones do not contain Accept:, and have a charset defined
|
18 |
+
// Real WP trackbacks may contain Accept: depending on the HTTP
|
19 |
+
// transport being used by the sending host
|
20 |
+
if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
|
21 |
+
if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
|
22 |
+
return 'e3990b47';
|
23 |
+
}
|
24 |
+
}
|
25 |
+
return false;
|
26 |
+
}
|
27 |
+
|
28 |
+
?>
|
bad-behavior/version.inc.php
ADDED
@@ -0,0 +1,3 @@
|
|
|
|
|
|
|
1 |
+
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
|
2 |
+
define('BB2_VERSION', "2.0.48");
|
3 |
+
?>
|
bad-behavior/whitelist.inc.php
CHANGED
@@ -1,34 +1,83 @@
|
|
1 |
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
|
3 |
-
function
|
4 |
{
|
5 |
-
|
6 |
-
|
7 |
-
|
8 |
-
|
9 |
-
|
10 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
11 |
|
12 |
-
|
13 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
14 |
if (match_cidr($package['ip'], $range)) return true;
|
15 |
}
|
16 |
}
|
17 |
-
if (
|
18 |
-
foreach ($
|
19 |
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
|
20 |
}
|
21 |
}
|
22 |
-
if (
|
23 |
if (strpos($package['request_uri'], "?") === FALSE) {
|
24 |
$request_uri = $package['request_uri'];
|
25 |
} else {
|
26 |
$request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
|
27 |
}
|
28 |
-
foreach ($
|
29 |
-
|
30 |
-
if ($pos !== false && $pos == 0) return true;
|
31 |
}
|
32 |
}
|
33 |
return false;
|
34 |
}
|
|
|
|
1 |
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
|
3 |
+
function bb2_whitelist($package)
|
4 |
{
|
5 |
+
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
|
6 |
+
|
7 |
+
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
|
8 |
+
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
|
9 |
+
// are 100% CERTAIN that you should.
|
10 |
+
|
11 |
+
// IP address ranges use the CIDR format.
|
12 |
+
|
13 |
+
// Includes four examples of whitelisting by IP address and netblock.
|
14 |
+
$bb2_whitelist_ip_ranges = array(
|
15 |
+
"64.191.203.34", // Digg whitelisted as of 2.0.12
|
16 |
+
"208.67.217.130", // Digg whitelisted as of 2.0.12
|
17 |
+
"10.0.0.0/8",
|
18 |
+
"172.16.0.0/12",
|
19 |
+
"192.168.0.0/16",
|
20 |
+
// "127.0.0.1",
|
21 |
+
);
|
22 |
+
|
23 |
+
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
|
24 |
+
|
25 |
+
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
|
26 |
+
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
|
27 |
+
// are 100% CERTAIN that you should.
|
28 |
+
|
29 |
+
// You should not whitelist search engines by user agent. Use the IP
|
30 |
+
// netblock for the search engine instead. See http://whois.arin.net/
|
31 |
+
// to locate the netblocks for an IP.
|
32 |
+
|
33 |
+
// User agents are matched by exact match only.
|
34 |
|
35 |
+
// Includes one example of whitelisting by user agent.
|
36 |
+
// All are commented out.
|
37 |
+
$bb2_whitelist_user_agents = array(
|
38 |
+
// "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
|
39 |
+
);
|
40 |
+
|
41 |
+
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
|
42 |
+
|
43 |
+
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
|
44 |
+
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
|
45 |
+
// are 100% CERTAIN that you should.
|
46 |
+
|
47 |
+
// URLs are matched from the first / after the server name up to,
|
48 |
+
// but not including, the ? (if any).
|
49 |
+
|
50 |
+
// Includes two examples of whitelisting by URL.
|
51 |
+
$bb2_whitelist_urls = array(
|
52 |
+
// "/example.php",
|
53 |
+
// "/openid/server",
|
54 |
+
);
|
55 |
+
|
56 |
+
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
|
57 |
+
|
58 |
+
// Do not edit below this line
|
59 |
+
|
60 |
+
if (!empty($bb2_whitelist_ip_ranges)) {
|
61 |
+
foreach ($bb2_whitelist_ip_ranges as $range) {
|
62 |
if (match_cidr($package['ip'], $range)) return true;
|
63 |
}
|
64 |
}
|
65 |
+
if (!empty($bb2_whitelist_user_agents)) {
|
66 |
+
foreach ($bb2_whitelist_user_agents as $user_agent) {
|
67 |
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
|
68 |
}
|
69 |
}
|
70 |
+
if (!empty($bb2_whitelist_urls)) {
|
71 |
if (strpos($package['request_uri'], "?") === FALSE) {
|
72 |
$request_uri = $package['request_uri'];
|
73 |
} else {
|
74 |
$request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
|
75 |
}
|
76 |
+
foreach ($bb2_whitelist_urls as $url) {
|
77 |
+
if (!strcmp($request_uri, $url)) return true;
|
|
|
78 |
}
|
79 |
}
|
80 |
return false;
|
81 |
}
|
82 |
+
|
83 |
+
?>
|
bad-behavior/yahoo.inc.php
ADDED
@@ -0,0 +1,11 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
|
2 |
+
|
3 |
+
// Analyze user agents claiming to be Yahoo!
|
4 |
+
|
5 |
+
function bb2_yahoo($package)
|
6 |
+
{
|
7 |
+
if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
|
8 |
+
return "71436a15";
|
9 |
+
}
|
10 |
+
return false;
|
11 |
+
}
|
gpl-2.0.txt
ADDED
@@ -0,0 +1,339 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
GNU GENERAL PUBLIC LICENSE
|
2 |
+
Version 2, June 1991
|
3 |
+
|
4 |
+
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
|
5 |
+
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
6 |
+
Everyone is permitted to copy and distribute verbatim copies
|
7 |
+
of this license document, but changing it is not allowed.
|
8 |
+
|
9 |
+
Preamble
|
10 |
+
|
11 |
+
The licenses for most software are designed to take away your
|
12 |
+
freedom to share and change it. By contrast, the GNU General Public
|
13 |
+
License is intended to guarantee your freedom to share and change free
|
14 |
+
software--to make sure the software is free for all its users. This
|
15 |
+
General Public License applies to most of the Free Software
|
16 |
+
Foundation's software and to any other program whose authors commit to
|
17 |
+
using it. (Some other Free Software Foundation software is covered by
|
18 |
+
the GNU Lesser General Public License instead.) You can apply it to
|
19 |
+
your programs, too.
|
20 |
+
|
21 |
+
When we speak of free software, we are referring to freedom, not
|
22 |
+
price. Our General Public Licenses are designed to make sure that you
|
23 |
+
have the freedom to distribute copies of free software (and charge for
|
24 |
+
this service if you wish), that you receive source code or can get it
|
25 |
+
if you want it, that you can change the software or use pieces of it
|
26 |
+
in new free programs; and that you know you can do these things.
|
27 |
+
|
28 |
+
To protect your rights, we need to make restrictions that forbid
|
29 |
+
anyone to deny you these rights or to ask you to surrender the rights.
|
30 |
+
These restrictions translate to certain responsibilities for you if you
|
31 |
+
distribute copies of the software, or if you modify it.
|
32 |
+
|
33 |
+
For example, if you distribute copies of such a program, whether
|
34 |
+
gratis or for a fee, you must give the recipients all the rights that
|
35 |
+
you have. You must make sure that they, too, receive or can get the
|
36 |
+
source code. And you must show them these terms so they know their
|
37 |
+
rights.
|
38 |
+
|
39 |
+
We protect your rights with two steps: (1) copyright the software, and
|
40 |
+
(2) offer you this license which gives you legal permission to copy,
|
41 |
+
distribute and/or modify the software.
|
42 |
+
|
43 |
+
Also, for each author's protection and ours, we want to make certain
|
44 |
+
that everyone understands that there is no warranty for this free
|
45 |
+
software. If the software is modified by someone else and passed on, we
|
46 |
+
want its recipients to know that what they have is not the original, so
|
47 |
+
that any problems introduced by others will not reflect on the original
|
48 |
+
authors' reputations.
|
49 |
+
|
50 |
+
Finally, any free program is threatened constantly by software
|
51 |
+
patents. We wish to avoid the danger that redistributors of a free
|
52 |
+
program will individually obtain patent licenses, in effect making the
|
53 |
+
program proprietary. To prevent this, we have made it clear that any
|
54 |
+
patent must be licensed for everyone's free use or not licensed at all.
|
55 |
+
|
56 |
+
The precise terms and conditions for copying, distribution and
|
57 |
+
modification follow.
|
58 |
+
|
59 |
+
GNU GENERAL PUBLIC LICENSE
|
60 |
+
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
61 |
+
|
62 |
+
0. This License applies to any program or other work which contains
|
63 |
+
a notice placed by the copyright holder saying it may be distributed
|
64 |
+
under the terms of this General Public License. The "Program", below,
|
65 |
+
refers to any such program or work, and a "work based on the Program"
|
66 |
+
means either the Program or any derivative work under copyright law:
|
67 |
+
that is to say, a work containing the Program or a portion of it,
|
68 |
+
either verbatim or with modifications and/or translated into another
|
69 |
+
language. (Hereinafter, translation is included without limitation in
|
70 |
+
the term "modification".) Each licensee is addressed as "you".
|
71 |
+
|
72 |
+
Activities other than copying, distribution and modification are not
|
73 |
+
covered by this License; they are outside its scope. The act of
|
74 |
+
running the Program is not restricted, and the output from the Program
|
75 |
+
is covered only if its contents constitute a work based on the
|
76 |
+
Program (independent of having been made by running the Program).
|
77 |
+
Whether that is true depends on what the Program does.
|
78 |
+
|
79 |
+
1. You may copy and distribute verbatim copies of the Program's
|
80 |
+
source code as you receive it, in any medium, provided that you
|
81 |
+
conspicuously and appropriately publish on each copy an appropriate
|
82 |
+
copyright notice and disclaimer of warranty; keep intact all the
|
83 |
+
notices that refer to this License and to the absence of any warranty;
|
84 |
+
and give any other recipients of the Program a copy of this License
|
85 |
+
along with the Program.
|
86 |
+
|
87 |
+
You may charge a fee for the physical act of transferring a copy, and
|
88 |
+
you may at your option offer warranty protection in exchange for a fee.
|
89 |
+
|
90 |
+
2. You may modify your copy or copies of the Program or any portion
|
91 |
+
of it, thus forming a work based on the Program, and copy and
|
92 |
+
distribute such modifications or work under the terms of Section 1
|
93 |
+
above, provided that you also meet all of these conditions:
|
94 |
+
|
95 |
+
a) You must cause the modified files to carry prominent notices
|
96 |
+
stating that you changed the files and the date of any change.
|
97 |
+
|
98 |
+
b) You must cause any work that you distribute or publish, that in
|
99 |
+
whole or in part contains or is derived from the Program or any
|
100 |
+
part thereof, to be licensed as a whole at no charge to all third
|
101 |
+
parties under the terms of this License.
|
102 |
+
|
103 |
+
c) If the modified program normally reads commands interactively
|
104 |
+
when run, you must cause it, when started running for such
|
105 |
+
interactive use in the most ordinary way, to print or display an
|
106 |
+
announcement including an appropriate copyright notice and a
|
107 |
+
notice that there is no warranty (or else, saying that you provide
|
108 |
+
a warranty) and that users may redistribute the program under
|
109 |
+
these conditions, and telling the user how to view a copy of this
|
110 |
+
License. (Exception: if the Program itself is interactive but
|
111 |
+
does not normally print such an announcement, your work based on
|
112 |
+
the Program is not required to print an announcement.)
|
113 |
+
|
114 |
+
These requirements apply to the modified work as a whole. If
|
115 |
+
identifiable sections of that work are not derived from the Program,
|
116 |
+
and can be reasonably considered independent and separate works in
|
117 |
+
themselves, then this License, and its terms, do not apply to those
|
118 |
+
sections when you distribute them as separate works. But when you
|
119 |
+
distribute the same sections as part of a whole which is a work based
|
120 |
+
on the Program, the distribution of the whole must be on the terms of
|
121 |
+
this License, whose permissions for other licensees extend to the
|
122 |
+
entire whole, and thus to each and every part regardless of who wrote it.
|
123 |
+
|
124 |
+
Thus, it is not the intent of this section to claim rights or contest
|
125 |
+
your rights to work written entirely by you; rather, the intent is to
|
126 |
+
exercise the right to control the distribution of derivative or
|
127 |
+
collective works based on the Program.
|
128 |
+
|
129 |
+
In addition, mere aggregation of another work not based on the Program
|
130 |
+
with the Program (or with a work based on the Program) on a volume of
|
131 |
+
a storage or distribution medium does not bring the other work under
|
132 |
+
the scope of this License.
|
133 |
+
|
134 |
+
3. You may copy and distribute the Program (or a work based on it,
|
135 |
+
under Section 2) in object code or executable form under the terms of
|
136 |
+
Sections 1 and 2 above provided that you also do one of the following:
|
137 |
+
|
138 |
+
a) Accompany it with the complete corresponding machine-readable
|
139 |
+
source code, which must be distributed under the terms of Sections
|
140 |
+
1 and 2 above on a medium customarily used for software interchange; or,
|
141 |
+
|
142 |
+
b) Accompany it with a written offer, valid for at least three
|
143 |
+
years, to give any third party, for a charge no more than your
|
144 |
+
cost of physically performing source distribution, a complete
|
145 |
+
machine-readable copy of the corresponding source code, to be
|
146 |
+
distributed under the terms of Sections 1 and 2 above on a medium
|
147 |
+
customarily used for software interchange; or,
|
148 |
+
|
149 |
+
c) Accompany it with the information you received as to the offer
|
150 |
+
to distribute corresponding source code. (This alternative is
|
151 |
+
allowed only for noncommercial distribution and only if you
|
152 |
+
received the program in object code or executable form with such
|
153 |
+
an offer, in accord with Subsection b above.)
|
154 |
+
|
155 |
+
The source code for a work means the preferred form of the work for
|
156 |
+
making modifications to it. For an executable work, complete source
|
157 |
+
code means all the source code for all modules it contains, plus any
|
158 |
+
associated interface definition files, plus the scripts used to
|
159 |
+
control compilation and installation of the executable. However, as a
|
160 |
+
special exception, the source code distributed need not include
|
161 |
+
anything that is normally distributed (in either source or binary
|
162 |
+
form) with the major components (compiler, kernel, and so on) of the
|
163 |
+
operating system on which the executable runs, unless that component
|
164 |
+
itself accompanies the executable.
|
165 |
+
|
166 |
+
If distribution of executable or object code is made by offering
|
167 |
+
access to copy from a designated place, then offering equivalent
|
168 |
+
access to copy the source code from the same place counts as
|
169 |
+
distribution of the source code, even though third parties are not
|
170 |
+
compelled to copy the source along with the object code.
|
171 |
+
|
172 |
+
4. You may not copy, modify, sublicense, or distribute the Program
|
173 |
+
except as expressly provided under this License. Any attempt
|
174 |
+
otherwise to copy, modify, sublicense or distribute the Program is
|
175 |
+
void, and will automatically terminate your rights under this License.
|
176 |
+
However, parties who have received copies, or rights, from you under
|
177 |
+
this License will not have their licenses terminated so long as such
|
178 |
+
parties remain in full compliance.
|
179 |
+
|
180 |
+
5. You are not required to accept this License, since you have not
|
181 |
+
signed it. However, nothing else grants you permission to modify or
|
182 |
+
distribute the Program or its derivative works. These actions are
|
183 |
+
prohibited by law if you do not accept this License. Therefore, by
|
184 |
+
modifying or distributing the Program (or any work based on the
|
185 |
+
Program), you indicate your acceptance of this License to do so, and
|
186 |
+
all its terms and conditions for copying, distributing or modifying
|
187 |
+
the Program or works based on it.
|
188 |
+
|
189 |
+
6. Each time you redistribute the Program (or any work based on the
|
190 |
+
Program), the recipient automatically receives a license from the
|
191 |
+
original licensor to copy, distribute or modify the Program subject to
|
192 |
+
these terms and conditions. You may not impose any further
|
193 |
+
restrictions on the recipients' exercise of the rights granted herein.
|
194 |
+
You are not responsible for enforcing compliance by third parties to
|
195 |
+
this License.
|
196 |
+
|
197 |
+
7. If, as a consequence of a court judgment or allegation of patent
|
198 |
+
infringement or for any other reason (not limited to patent issues),
|
199 |
+
conditions are imposed on you (whether by court order, agreement or
|
200 |
+
otherwise) that contradict the conditions of this License, they do not
|
201 |
+
excuse you from the conditions of this License. If you cannot
|
202 |
+
distribute so as to satisfy simultaneously your obligations under this
|
203 |
+
License and any other pertinent obligations, then as a consequence you
|
204 |
+
may not distribute the Program at all. For example, if a patent
|
205 |
+
license would not permit royalty-free redistribution of the Program by
|
206 |
+
all those who receive copies directly or indirectly through you, then
|
207 |
+
the only way you could satisfy both it and this License would be to
|
208 |
+
refrain entirely from distribution of the Program.
|
209 |
+
|
210 |
+
If any portion of this section is held invalid or unenforceable under
|
211 |
+
any particular circumstance, the balance of the section is intended to
|
212 |
+
apply and the section as a whole is intended to apply in other
|
213 |
+
circumstances.
|
214 |
+
|
215 |
+
It is not the purpose of this section to induce you to infringe any
|
216 |
+
patents or other property right claims or to contest validity of any
|
217 |
+
such claims; this section has the sole purpose of protecting the
|
218 |
+
integrity of the free software distribution system, which is
|
219 |
+
implemented by public license practices. Many people have made
|
220 |
+
generous contributions to the wide range of software distributed
|
221 |
+
through that system in reliance on consistent application of that
|
222 |
+
system; it is up to the author/donor to decide if he or she is willing
|
223 |
+
to distribute software through any other system and a licensee cannot
|
224 |
+
impose that choice.
|
225 |
+
|
226 |
+
This section is intended to make thoroughly clear what is believed to
|
227 |
+
be a consequence of the rest of this License.
|
228 |
+
|
229 |
+
8. If the distribution and/or use of the Program is restricted in
|
230 |
+
certain countries either by patents or by copyrighted interfaces, the
|
231 |
+
original copyright holder who places the Program under this License
|
232 |
+
may add an explicit geographical distribution limitation excluding
|
233 |
+
those countries, so that distribution is permitted only in or among
|
234 |
+
countries not thus excluded. In such case, this License incorporates
|
235 |
+
the limitation as if written in the body of this License.
|
236 |
+
|
237 |
+
9. The Free Software Foundation may publish revised and/or new versions
|
238 |
+
of the General Public License from time to time. Such new versions will
|
239 |
+
be similar in spirit to the present version, but may differ in detail to
|
240 |
+
address new problems or concerns.
|
241 |
+
|
242 |
+
Each version is given a distinguishing version number. If the Program
|
243 |
+
specifies a version number of this License which applies to it and "any
|
244 |
+
later version", you have the option of following the terms and conditions
|
245 |
+
either of that version or of any later version published by the Free
|
246 |
+
Software Foundation. If the Program does not specify a version number of
|
247 |
+
this License, you may choose any version ever published by the Free Software
|
248 |
+
Foundation.
|
249 |
+
|
250 |
+
10. If you wish to incorporate parts of the Program into other free
|
251 |
+
programs whose distribution conditions are different, write to the author
|
252 |
+
to ask for permission. For software which is copyrighted by the Free
|
253 |
+
Software Foundation, write to the Free Software Foundation; we sometimes
|
254 |
+
make exceptions for this. Our decision will be guided by the two goals
|
255 |
+
of preserving the free status of all derivatives of our free software and
|
256 |
+
of promoting the sharing and reuse of software generally.
|
257 |
+
|
258 |
+
NO WARRANTY
|
259 |
+
|
260 |
+
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
261 |
+
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
262 |
+
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
263 |
+
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
264 |
+
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
265 |
+
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
266 |
+
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
267 |
+
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
268 |
+
REPAIR OR CORRECTION.
|
269 |
+
|
270 |
+
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
271 |
+
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
272 |
+
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
273 |
+
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
274 |
+
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
275 |
+
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
276 |
+
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
277 |
+
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
278 |
+
POSSIBILITY OF SUCH DAMAGES.
|
279 |
+
|
280 |
+
END OF TERMS AND CONDITIONS
|
281 |
+
|
282 |
+
How to Apply These Terms to Your New Programs
|
283 |
+
|
284 |
+
If you develop a new program, and you want it to be of the greatest
|
285 |
+
possible use to the public, the best way to achieve this is to make it
|
286 |
+
free software which everyone can redistribute and change under these terms.
|
287 |
+
|
288 |
+
To do so, attach the following notices to the program. It is safest
|
289 |
+
to attach them to the start of each source file to most effectively
|
290 |
+
convey the exclusion of warranty; and each file should have at least
|
291 |
+
the "copyright" line and a pointer to where the full notice is found.
|
292 |
+
|
293 |
+
<one line to give the program's name and a brief idea of what it does.>
|
294 |
+
Copyright (C) <year> <name of author>
|
295 |
+
|
296 |
+
This program is free software; you can redistribute it and/or modify
|
297 |
+
it under the terms of the GNU General Public License as published by
|
298 |
+
the Free Software Foundation; either version 2 of the License, or
|
299 |
+
(at your option) any later version.
|
300 |
+
|
301 |
+
This program is distributed in the hope that it will be useful,
|
302 |
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
303 |
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
304 |
+
GNU General Public License for more details.
|
305 |
+
|
306 |
+
You should have received a copy of the GNU General Public License along
|
307 |
+
with this program; if not, write to the Free Software Foundation, Inc.,
|
308 |
+
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
309 |
+
|
310 |
+
Also add information on how to contact you by electronic and paper mail.
|
311 |
+
|
312 |
+
If the program is interactive, make it output a short notice like this
|
313 |
+
when it starts in an interactive mode:
|
314 |
+
|
315 |
+
Gnomovision version 69, Copyright (C) year name of author
|
316 |
+
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
317 |
+
This is free software, and you are welcome to redistribute it
|
318 |
+
under certain conditions; type `show c' for details.
|
319 |
+
|
320 |
+
The hypothetical commands `show w' and `show c' should show the appropriate
|
321 |
+
parts of the General Public License. Of course, the commands you use may
|
322 |
+
be called something other than `show w' and `show c'; they could even be
|
323 |
+
mouse-clicks or menu items--whatever suits your program.
|
324 |
+
|
325 |
+
You should also get your employer (if you work as a programmer) or your
|
326 |
+
school, if any, to sign a "copyright disclaimer" for the program, if
|
327 |
+
necessary. Here is a sample; alter the names:
|
328 |
+
|
329 |
+
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
330 |
+
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
331 |
+
|
332 |
+
<signature of Ty Coon>, 1 April 1989
|
333 |
+
Ty Coon, President of Vice
|
334 |
+
|
335 |
+
This General Public License does not permit incorporating your program into
|
336 |
+
proprietary programs. If your program is a subroutine library, you may
|
337 |
+
consider it more useful to permit linking proprietary applications with the
|
338 |
+
library. If this is what you want to do, use the GNU Lesser General
|
339 |
+
Public License instead of this License.
|
gpl-3.0.txt
DELETED
@@ -1,674 +0,0 @@
|
|
1 |
-
GNU GENERAL PUBLIC LICENSE
|
2 |
-
Version 3, 29 June 2007
|
3 |
-
|
4 |
-
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
5 |
-
Everyone is permitted to copy and distribute verbatim copies
|
6 |
-
of this license document, but changing it is not allowed.
|
7 |
-
|
8 |
-
Preamble
|
9 |
-
|
10 |
-
The GNU General Public License is a free, copyleft license for
|
11 |
-
software and other kinds of works.
|
12 |
-
|
13 |
-
The licenses for most software and other practical works are designed
|
14 |
-
to take away your freedom to share and change the works. By contrast,
|
15 |
-
the GNU General Public License is intended to guarantee your freedom to
|
16 |
-
share and change all versions of a program--to make sure it remains free
|
17 |
-
software for all its users. We, the Free Software Foundation, use the
|
18 |
-
GNU General Public License for most of our software; it applies also to
|
19 |
-
any other work released this way by its authors. You can apply it to
|
20 |
-
your programs, too.
|
21 |
-
|
22 |
-
When we speak of free software, we are referring to freedom, not
|
23 |
-
price. Our General Public Licenses are designed to make sure that you
|
24 |
-
have the freedom to distribute copies of free software (and charge for
|
25 |
-
them if you wish), that you receive source code or can get it if you
|
26 |
-
want it, that you can change the software or use pieces of it in new
|
27 |
-
free programs, and that you know you can do these things.
|
28 |
-
|
29 |
-
To protect your rights, we need to prevent others from denying you
|
30 |
-
these rights or asking you to surrender the rights. Therefore, you have
|
31 |
-
certain responsibilities if you distribute copies of the software, or if
|
32 |
-
you modify it: responsibilities to respect the freedom of others.
|
33 |
-
|
34 |
-
For example, if you distribute copies of such a program, whether
|
35 |
-
gratis or for a fee, you must pass on to the recipients the same
|
36 |
-
freedoms that you received. You must make sure that they, too, receive
|
37 |
-
or can get the source code. And you must show them these terms so they
|
38 |
-
know their rights.
|
39 |
-
|
40 |
-
Developers that use the GNU GPL protect your rights with two steps:
|
41 |
-
(1) assert copyright on the software, and (2) offer you this License
|
42 |
-
giving you legal permission to copy, distribute and/or modify it.
|
43 |
-
|
44 |
-
For the developers' and authors' protection, the GPL clearly explains
|
45 |
-
that there is no warranty for this free software. For both users' and
|
46 |
-
authors' sake, the GPL requires that modified versions be marked as
|
47 |
-
changed, so that their problems will not be attributed erroneously to
|
48 |
-
authors of previous versions.
|
49 |
-
|
50 |
-
Some devices are designed to deny users access to install or run
|
51 |
-
modified versions of the software inside them, although the manufacturer
|
52 |
-
can do so. This is fundamentally incompatible with the aim of
|
53 |
-
protecting users' freedom to change the software. The systematic
|
54 |
-
pattern of such abuse occurs in the area of products for individuals to
|
55 |
-
use, which is precisely where it is most unacceptable. Therefore, we
|
56 |
-
have designed this version of the GPL to prohibit the practice for those
|
57 |
-
products. If such problems arise substantially in other domains, we
|
58 |
-
stand ready to extend this provision to those domains in future versions
|
59 |
-
of the GPL, as needed to protect the freedom of users.
|
60 |
-
|
61 |
-
Finally, every program is threatened constantly by software patents.
|
62 |
-
States should not allow patents to restrict development and use of
|
63 |
-
software on general-purpose computers, but in those that do, we wish to
|
64 |
-
avoid the special danger that patents applied to a free program could
|
65 |
-
make it effectively proprietary. To prevent this, the GPL assures that
|
66 |
-
patents cannot be used to render the program non-free.
|
67 |
-
|
68 |
-
The precise terms and conditions for copying, distribution and
|
69 |
-
modification follow.
|
70 |
-
|
71 |
-
TERMS AND CONDITIONS
|
72 |
-
|
73 |
-
0. Definitions.
|
74 |
-
|
75 |
-
"This License" refers to version 3 of the GNU General Public License.
|
76 |
-
|
77 |
-
"Copyright" also means copyright-like laws that apply to other kinds of
|
78 |
-
works, such as semiconductor masks.
|
79 |
-
|
80 |
-
"The Program" refers to any copyrightable work licensed under this
|
81 |
-
License. Each licensee is addressed as "you". "Licensees" and
|
82 |
-
"recipients" may be individuals or organizations.
|
83 |
-
|
84 |
-
To "modify" a work means to copy from or adapt all or part of the work
|
85 |
-
in a fashion requiring copyright permission, other than the making of an
|
86 |
-
exact copy. The resulting work is called a "modified version" of the
|
87 |
-
earlier work or a work "based on" the earlier work.
|
88 |
-
|
89 |
-
A "covered work" means either the unmodified Program or a work based
|
90 |
-
on the Program.
|
91 |
-
|
92 |
-
To "propagate" a work means to do anything with it that, without
|
93 |
-
permission, would make you directly or secondarily liable for
|
94 |
-
infringement under applicable copyright law, except executing it on a
|
95 |
-
computer or modifying a private copy. Propagation includes copying,
|
96 |
-
distribution (with or without modification), making available to the
|
97 |
-
public, and in some countries other activities as well.
|
98 |
-
|
99 |
-
To "convey" a work means any kind of propagation that enables other
|
100 |
-
parties to make or receive copies. Mere interaction with a user through
|
101 |
-
a computer network, with no transfer of a copy, is not conveying.
|
102 |
-
|
103 |
-
An interactive user interface displays "Appropriate Legal Notices"
|
104 |
-
to the extent that it includes a convenient and prominently visible
|
105 |
-
feature that (1) displays an appropriate copyright notice, and (2)
|
106 |
-
tells the user that there is no warranty for the work (except to the
|
107 |
-
extent that warranties are provided), that licensees may convey the
|
108 |
-
work under this License, and how to view a copy of this License. If
|
109 |
-
the interface presents a list of user commands or options, such as a
|
110 |
-
menu, a prominent item in the list meets this criterion.
|
111 |
-
|
112 |
-
1. Source Code.
|
113 |
-
|
114 |
-
The "source code" for a work means the preferred form of the work
|
115 |
-
for making modifications to it. "Object code" means any non-source
|
116 |
-
form of a work.
|
117 |
-
|
118 |
-
A "Standard Interface" means an interface that either is an official
|
119 |
-
standard defined by a recognized standards body, or, in the case of
|
120 |
-
interfaces specified for a particular programming language, one that
|
121 |
-
is widely used among developers working in that language.
|
122 |
-
|
123 |
-
The "System Libraries" of an executable work include anything, other
|
124 |
-
than the work as a whole, that (a) is included in the normal form of
|
125 |
-
packaging a Major Component, but which is not part of that Major
|
126 |
-
Component, and (b) serves only to enable use of the work with that
|
127 |
-
Major Component, or to implement a Standard Interface for which an
|
128 |
-
implementation is available to the public in source code form. A
|
129 |
-
"Major Component", in this context, means a major essential component
|
130 |
-
(kernel, window system, and so on) of the specific operating system
|
131 |
-
(if any) on which the executable work runs, or a compiler used to
|
132 |
-
produce the work, or an object code interpreter used to run it.
|
133 |
-
|
134 |
-
The "Corresponding Source" for a work in object code form means all
|
135 |
-
the source code needed to generate, install, and (for an executable
|
136 |
-
work) run the object code and to modify the work, including scripts to
|
137 |
-
control those activities. However, it does not include the work's
|
138 |
-
System Libraries, or general-purpose tools or generally available free
|
139 |
-
programs which are used unmodified in performing those activities but
|
140 |
-
which are not part of the work. For example, Corresponding Source
|
141 |
-
includes interface definition files associated with source files for
|
142 |
-
the work, and the source code for shared libraries and dynamically
|
143 |
-
linked subprograms that the work is specifically designed to require,
|
144 |
-
such as by intimate data communication or control flow between those
|
145 |
-
subprograms and other parts of the work.
|
146 |
-
|
147 |
-
The Corresponding Source need not include anything that users
|
148 |
-
can regenerate automatically from other parts of the Corresponding
|
149 |
-
Source.
|
150 |
-
|
151 |
-
The Corresponding Source for a work in source code form is that
|
152 |
-
same work.
|
153 |
-
|
154 |
-
2. Basic Permissions.
|
155 |
-
|
156 |
-
All rights granted under this License are granted for the term of
|
157 |
-
copyright on the Program, and are irrevocable provided the stated
|
158 |
-
conditions are met. This License explicitly affirms your unlimited
|
159 |
-
permission to run the unmodified Program. The output from running a
|
160 |
-
covered work is covered by this License only if the output, given its
|
161 |
-
content, constitutes a covered work. This License acknowledges your
|
162 |
-
rights of fair use or other equivalent, as provided by copyright law.
|
163 |
-
|
164 |
-
You may make, run and propagate covered works that you do not
|
165 |
-
convey, without conditions so long as your license otherwise remains
|
166 |
-
in force. You may convey covered works to others for the sole purpose
|
167 |
-
of having them make modifications exclusively for you, or provide you
|
168 |
-
with facilities for running those works, provided that you comply with
|
169 |
-
the terms of this License in conveying all material for which you do
|
170 |
-
not control copyright. Those thus making or running the covered works
|
171 |
-
for you must do so exclusively on your behalf, under your direction
|
172 |
-
and control, on terms that prohibit them from making any copies of
|
173 |
-
your copyrighted material outside their relationship with you.
|
174 |
-
|
175 |
-
Conveying under any other circumstances is permitted solely under
|
176 |
-
the conditions stated below. Sublicensing is not allowed; section 10
|
177 |
-
makes it unnecessary.
|
178 |
-
|
179 |
-
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
180 |
-
|
181 |
-
No covered work shall be deemed part of an effective technological
|
182 |
-
measure under any applicable law fulfilling obligations under article
|
183 |
-
11 of the WIPO copyright treaty adopted on 20 December 1996, or
|
184 |
-
similar laws prohibiting or restricting circumvention of such
|
185 |
-
measures.
|
186 |
-
|
187 |
-
When you convey a covered work, you waive any legal power to forbid
|
188 |
-
circumvention of technological measures to the extent such circumvention
|
189 |
-
is effected by exercising rights under this License with respect to
|
190 |
-
the covered work, and you disclaim any intention to limit operation or
|
191 |
-
modification of the work as a means of enforcing, against the work's
|
192 |
-
users, your or third parties' legal rights to forbid circumvention of
|
193 |
-
technological measures.
|
194 |
-
|
195 |
-
4. Conveying Verbatim Copies.
|
196 |
-
|
197 |
-
You may convey verbatim copies of the Program's source code as you
|
198 |
-
receive it, in any medium, provided that you conspicuously and
|
199 |
-
appropriately publish on each copy an appropriate copyright notice;
|
200 |
-
keep intact all notices stating that this License and any
|
201 |
-
non-permissive terms added in accord with section 7 apply to the code;
|
202 |
-
keep intact all notices of the absence of any warranty; and give all
|
203 |
-
recipients a copy of this License along with the Program.
|
204 |
-
|
205 |
-
You may charge any price or no price for each copy that you convey,
|
206 |
-
and you may offer support or warranty protection for a fee.
|
207 |
-
|
208 |
-
5. Conveying Modified Source Versions.
|
209 |
-
|
210 |
-
You may convey a work based on the Program, or the modifications to
|
211 |
-
produce it from the Program, in the form of source code under the
|
212 |
-
terms of section 4, provided that you also meet all of these conditions:
|
213 |
-
|
214 |
-
a) The work must carry prominent notices stating that you modified
|
215 |
-
it, and giving a relevant date.
|
216 |
-
|
217 |
-
b) The work must carry prominent notices stating that it is
|
218 |
-
released under this License and any conditions added under section
|
219 |
-
7. This requirement modifies the requirement in section 4 to
|
220 |
-
"keep intact all notices".
|
221 |
-
|
222 |
-
c) You must license the entire work, as a whole, under this
|
223 |
-
License to anyone who comes into possession of a copy. This
|
224 |
-
License will therefore apply, along with any applicable section 7
|
225 |
-
additional terms, to the whole of the work, and all its parts,
|
226 |
-
regardless of how they are packaged. This License gives no
|
227 |
-
permission to license the work in any other way, but it does not
|
228 |
-
invalidate such permission if you have separately received it.
|
229 |
-
|
230 |
-
d) If the work has interactive user interfaces, each must display
|
231 |
-
Appropriate Legal Notices; however, if the Program has interactive
|
232 |
-
interfaces that do not display Appropriate Legal Notices, your
|
233 |
-
work need not make them do so.
|
234 |
-
|
235 |
-
A compilation of a covered work with other separate and independent
|
236 |
-
works, which are not by their nature extensions of the covered work,
|
237 |
-
and which are not combined with it such as to form a larger program,
|
238 |
-
in or on a volume of a storage or distribution medium, is called an
|
239 |
-
"aggregate" if the compilation and its resulting copyright are not
|
240 |
-
used to limit the access or legal rights of the compilation's users
|
241 |
-
beyond what the individual works permit. Inclusion of a covered work
|
242 |
-
in an aggregate does not cause this License to apply to the other
|
243 |
-
parts of the aggregate.
|
244 |
-
|
245 |
-
6. Conveying Non-Source Forms.
|
246 |
-
|
247 |
-
You may convey a covered work in object code form under the terms
|
248 |
-
of sections 4 and 5, provided that you also convey the
|
249 |
-
machine-readable Corresponding Source under the terms of this License,
|
250 |
-
in one of these ways:
|
251 |
-
|
252 |
-
a) Convey the object code in, or embodied in, a physical product
|
253 |
-
(including a physical distribution medium), accompanied by the
|
254 |
-
Corresponding Source fixed on a durable physical medium
|
255 |
-
customarily used for software interchange.
|
256 |
-
|
257 |
-
b) Convey the object code in, or embodied in, a physical product
|
258 |
-
(including a physical distribution medium), accompanied by a
|
259 |
-
written offer, valid for at least three years and valid for as
|
260 |
-
long as you offer spare parts or customer support for that product
|
261 |
-
model, to give anyone who possesses the object code either (1) a
|
262 |
-
copy of the Corresponding Source for all the software in the
|
263 |
-
product that is covered by this License, on a durable physical
|
264 |
-
medium customarily used for software interchange, for a price no
|
265 |
-
more than your reasonable cost of physically performing this
|
266 |
-
conveying of source, or (2) access to copy the
|
267 |
-
Corresponding Source from a network server at no charge.
|
268 |
-
|
269 |
-
c) Convey individual copies of the object code with a copy of the
|
270 |
-
written offer to provide the Corresponding Source. This
|
271 |
-
alternative is allowed only occasionally and noncommercially, and
|
272 |
-
only if you received the object code with such an offer, in accord
|
273 |
-
with subsection 6b.
|
274 |
-
|
275 |
-
d) Convey the object code by offering access from a designated
|
276 |
-
place (gratis or for a charge), and offer equivalent access to the
|
277 |
-
Corresponding Source in the same way through the same place at no
|
278 |
-
further charge. You need not require recipients to copy the
|
279 |
-
Corresponding Source along with the object code. If the place to
|
280 |
-
copy the object code is a network server, the Corresponding Source
|
281 |
-
may be on a different server (operated by you or a third party)
|
282 |
-
that supports equivalent copying facilities, provided you maintain
|
283 |
-
clear directions next to the object code saying where to find the
|
284 |
-
Corresponding Source. Regardless of what server hosts the
|
285 |
-
Corresponding Source, you remain obligated to ensure that it is
|
286 |
-
available for as long as needed to satisfy these requirements.
|
287 |
-
|
288 |
-
e) Convey the object code using peer-to-peer transmission, provided
|
289 |
-
you inform other peers where the object code and Corresponding
|
290 |
-
Source of the work are being offered to the general public at no
|
291 |
-
charge under subsection 6d.
|
292 |
-
|
293 |
-
A separable portion of the object code, whose source code is excluded
|
294 |
-
from the Corresponding Source as a System Library, need not be
|
295 |
-
included in conveying the object code work.
|
296 |
-
|
297 |
-
A "User Product" is either (1) a "consumer product", which means any
|
298 |
-
tangible personal property which is normally used for personal, family,
|
299 |
-
or household purposes, or (2) anything designed or sold for incorporation
|
300 |
-
into a dwelling. In determining whether a product is a consumer product,
|
301 |
-
doubtful cases shall be resolved in favor of coverage. For a particular
|
302 |
-
product received by a particular user, "normally used" refers to a
|
303 |
-
typical or common use of that class of product, regardless of the status
|
304 |
-
of the particular user or of the way in which the particular user
|
305 |
-
actually uses, or expects or is expected to use, the product. A product
|
306 |
-
is a consumer product regardless of whether the product has substantial
|
307 |
-
commercial, industrial or non-consumer uses, unless such uses represent
|
308 |
-
the only significant mode of use of the product.
|
309 |
-
|
310 |
-
"Installation Information" for a User Product means any methods,
|
311 |
-
procedures, authorization keys, or other information required to install
|
312 |
-
and execute modified versions of a covered work in that User Product from
|
313 |
-
a modified version of its Corresponding Source. The information must
|
314 |
-
suffice to ensure that the continued functioning of the modified object
|
315 |
-
code is in no case prevented or interfered with solely because
|
316 |
-
modification has been made.
|
317 |
-
|
318 |
-
If you convey an object code work under this section in, or with, or
|
319 |
-
specifically for use in, a User Product, and the conveying occurs as
|
320 |
-
part of a transaction in which the right of possession and use of the
|
321 |
-
User Product is transferred to the recipient in perpetuity or for a
|
322 |
-
fixed term (regardless of how the transaction is characterized), the
|
323 |
-
Corresponding Source conveyed under this section must be accompanied
|
324 |
-
by the Installation Information. But this requirement does not apply
|
325 |
-
if neither you nor any third party retains the ability to install
|
326 |
-
modified object code on the User Product (for example, the work has
|
327 |
-
been installed in ROM).
|
328 |
-
|
329 |
-
The requirement to provide Installation Information does not include a
|
330 |
-
requirement to continue to provide support service, warranty, or updates
|
331 |
-
for a work that has been modified or installed by the recipient, or for
|
332 |
-
the User Product in which it has been modified or installed. Access to a
|
333 |
-
network may be denied when the modification itself materially and
|
334 |
-
adversely affects the operation of the network or violates the rules and
|
335 |
-
protocols for communication across the network.
|
336 |
-
|
337 |
-
Corresponding Source conveyed, and Installation Information provided,
|
338 |
-
in accord with this section must be in a format that is publicly
|
339 |
-
documented (and with an implementation available to the public in
|
340 |
-
source code form), and must require no special password or key for
|
341 |
-
unpacking, reading or copying.
|
342 |
-
|
343 |
-
7. Additional Terms.
|
344 |
-
|
345 |
-
"Additional permissions" are terms that supplement the terms of this
|
346 |
-
License by making exceptions from one or more of its conditions.
|
347 |
-
Additional permissions that are applicable to the entire Program shall
|
348 |
-
be treated as though they were included in this License, to the extent
|
349 |
-
that they are valid under applicable law. If additional permissions
|
350 |
-
apply only to part of the Program, that part may be used separately
|
351 |
-
under those permissions, but the entire Program remains governed by
|
352 |
-
this License without regard to the additional permissions.
|
353 |
-
|
354 |
-
When you convey a copy of a covered work, you may at your option
|
355 |
-
remove any additional permissions from that copy, or from any part of
|
356 |
-
it. (Additional permissions may be written to require their own
|
357 |
-
removal in certain cases when you modify the work.) You may place
|
358 |
-
additional permissions on material, added by you to a covered work,
|
359 |
-
for which you have or can give appropriate copyright permission.
|
360 |
-
|
361 |
-
Notwithstanding any other provision of this License, for material you
|
362 |
-
add to a covered work, you may (if authorized by the copyright holders of
|
363 |
-
that material) supplement the terms of this License with terms:
|
364 |
-
|
365 |
-
a) Disclaiming warranty or limiting liability differently from the
|
366 |
-
terms of sections 15 and 16 of this License; or
|
367 |
-
|
368 |
-
b) Requiring preservation of specified reasonable legal notices or
|
369 |
-
author attributions in that material or in the Appropriate Legal
|
370 |
-
Notices displayed by works containing it; or
|
371 |
-
|
372 |
-
c) Prohibiting misrepresentation of the origin of that material, or
|
373 |
-
requiring that modified versions of such material be marked in
|
374 |
-
reasonable ways as different from the original version; or
|
375 |
-
|
376 |
-
d) Limiting the use for publicity purposes of names of licensors or
|
377 |
-
authors of the material; or
|
378 |
-
|
379 |
-
e) Declining to grant rights under trademark law for use of some
|
380 |
-
trade names, trademarks, or service marks; or
|
381 |
-
|
382 |
-
f) Requiring indemnification of licensors and authors of that
|
383 |
-
material by anyone who conveys the material (or modified versions of
|
384 |
-
it) with contractual assumptions of liability to the recipient, for
|
385 |
-
any liability that these contractual assumptions directly impose on
|
386 |
-
those licensors and authors.
|
387 |
-
|
388 |
-
All other non-permissive additional terms are considered "further
|
389 |
-
restrictions" within the meaning of section 10. If the Program as you
|
390 |
-
received it, or any part of it, contains a notice stating that it is
|
391 |
-
governed by this License along with a term that is a further
|
392 |
-
restriction, you may remove that term. If a license document contains
|
393 |
-
a further restriction but permits relicensing or conveying under this
|
394 |
-
License, you may add to a covered work material governed by the terms
|
395 |
-
of that license document, provided that the further restriction does
|
396 |
-
not survive such relicensing or conveying.
|
397 |
-
|
398 |
-
If you add terms to a covered work in accord with this section, you
|
399 |
-
must place, in the relevant source files, a statement of the
|
400 |
-
additional terms that apply to those files, or a notice indicating
|
401 |
-
where to find the applicable terms.
|
402 |
-
|
403 |
-
Additional terms, permissive or non-permissive, may be stated in the
|
404 |
-
form of a separately written license, or stated as exceptions;
|
405 |
-
the above requirements apply either way.
|
406 |
-
|
407 |
-
8. Termination.
|
408 |
-
|
409 |
-
You may not propagate or modify a covered work except as expressly
|
410 |
-
provided under this License. Any attempt otherwise to propagate or
|
411 |
-
modify it is void, and will automatically terminate your rights under
|
412 |
-
this License (including any patent licenses granted under the third
|
413 |
-
paragraph of section 11).
|
414 |
-
|
415 |
-
However, if you cease all violation of this License, then your
|
416 |
-
license from a particular copyright holder is reinstated (a)
|
417 |
-
provisionally, unless and until the copyright holder explicitly and
|
418 |
-
finally terminates your license, and (b) permanently, if the copyright
|
419 |
-
holder fails to notify you of the violation by some reasonable means
|
420 |
-
prior to 60 days after the cessation.
|
421 |
-
|
422 |
-
Moreover, your license from a particular copyright holder is
|
423 |
-
reinstated permanently if the copyright holder notifies you of the
|
424 |
-
violation by some reasonable means, this is the first time you have
|
425 |
-
received notice of violation of this License (for any work) from that
|
426 |
-
copyright holder, and you cure the violation prior to 30 days after
|
427 |
-
your receipt of the notice.
|
428 |
-
|
429 |
-
Termination of your rights under this section does not terminate the
|
430 |
-
licenses of parties who have received copies or rights from you under
|
431 |
-
this License. If your rights have been terminated and not permanently
|
432 |
-
reinstated, you do not qualify to receive new licenses for the same
|
433 |
-
material under section 10.
|
434 |
-
|
435 |
-
9. Acceptance Not Required for Having Copies.
|
436 |
-
|
437 |
-
You are not required to accept this License in order to receive or
|
438 |
-
run a copy of the Program. Ancillary propagation of a covered work
|
439 |
-
occurring solely as a consequence of using peer-to-peer transmission
|
440 |
-
to receive a copy likewise does not require acceptance. However,
|
441 |
-
nothing other than this License grants you permission to propagate or
|
442 |
-
modify any covered work. These actions infringe copyright if you do
|
443 |
-
not accept this License. Therefore, by modifying or propagating a
|
444 |
-
covered work, you indicate your acceptance of this License to do so.
|
445 |
-
|
446 |
-
10. Automatic Licensing of Downstream Recipients.
|
447 |
-
|
448 |
-
Each time you convey a covered work, the recipient automatically
|
449 |
-
receives a license from the original licensors, to run, modify and
|
450 |
-
propagate that work, subject to this License. You are not responsible
|
451 |
-
for enforcing compliance by third parties with this License.
|
452 |
-
|
453 |
-
An "entity transaction" is a transaction transferring control of an
|
454 |
-
organization, or substantially all assets of one, or subdividing an
|
455 |
-
organization, or merging organizations. If propagation of a covered
|
456 |
-
work results from an entity transaction, each party to that
|
457 |
-
transaction who receives a copy of the work also receives whatever
|
458 |
-
licenses to the work the party's predecessor in interest had or could
|
459 |
-
give under the previous paragraph, plus a right to possession of the
|
460 |
-
Corresponding Source of the work from the predecessor in interest, if
|
461 |
-
the predecessor has it or can get it with reasonable efforts.
|
462 |
-
|
463 |
-
You may not impose any further restrictions on the exercise of the
|
464 |
-
rights granted or affirmed under this License. For example, you may
|
465 |
-
not impose a license fee, royalty, or other charge for exercise of
|
466 |
-
rights granted under this License, and you may not initiate litigation
|
467 |
-
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
468 |
-
any patent claim is infringed by making, using, selling, offering for
|
469 |
-
sale, or importing the Program or any portion of it.
|
470 |
-
|
471 |
-
11. Patents.
|
472 |
-
|
473 |
-
A "contributor" is a copyright holder who authorizes use under this
|
474 |
-
License of the Program or a work on which the Program is based. The
|
475 |
-
work thus licensed is called the contributor's "contributor version".
|
476 |
-
|
477 |
-
A contributor's "essential patent claims" are all patent claims
|
478 |
-
owned or controlled by the contributor, whether already acquired or
|
479 |
-
hereafter acquired, that would be infringed by some manner, permitted
|
480 |
-
by this License, of making, using, or selling its contributor version,
|
481 |
-
but do not include claims that would be infringed only as a
|
482 |
-
consequence of further modification of the contributor version. For
|
483 |
-
purposes of this definition, "control" includes the right to grant
|
484 |
-
patent sublicenses in a manner consistent with the requirements of
|
485 |
-
this License.
|
486 |
-
|
487 |
-
Each contributor grants you a non-exclusive, worldwide, royalty-free
|
488 |
-
patent license under the contributor's essential patent claims, to
|
489 |
-
make, use, sell, offer for sale, import and otherwise run, modify and
|
490 |
-
propagate the contents of its contributor version.
|
491 |
-
|
492 |
-
In the following three paragraphs, a "patent license" is any express
|
493 |
-
agreement or commitment, however denominated, not to enforce a patent
|
494 |
-
(such as an express permission to practice a patent or covenant not to
|
495 |
-
sue for patent infringement). To "grant" such a patent license to a
|
496 |
-
party means to make such an agreement or commitment not to enforce a
|
497 |
-
patent against the party.
|
498 |
-
|
499 |
-
If you convey a covered work, knowingly relying on a patent license,
|
500 |
-
and the Corresponding Source of the work is not available for anyone
|
501 |
-
to copy, free of charge and under the terms of this License, through a
|
502 |
-
publicly available network server or other readily accessible means,
|
503 |
-
then you must either (1) cause the Corresponding Source to be so
|
504 |
-
available, or (2) arrange to deprive yourself of the benefit of the
|
505 |
-
patent license for this particular work, or (3) arrange, in a manner
|
506 |
-
consistent with the requirements of this License, to extend the patent
|
507 |
-
license to downstream recipients. "Knowingly relying" means you have
|
508 |
-
actual knowledge that, but for the patent license, your conveying the
|
509 |
-
covered work in a country, or your recipient's use of the covered work
|
510 |
-
in a country, would infringe one or more identifiable patents in that
|
511 |
-
country that you have reason to believe are valid.
|
512 |
-
|
513 |
-
If, pursuant to or in connection with a single transaction or
|
514 |
-
arrangement, you convey, or propagate by procuring conveyance of, a
|
515 |
-
covered work, and grant a patent license to some of the parties
|
516 |
-
receiving the covered work authorizing them to use, propagate, modify
|
517 |
-
or convey a specific copy of the covered work, then the patent license
|
518 |
-
you grant is automatically extended to all recipients of the covered
|
519 |
-
work and works based on it.
|
520 |
-
|
521 |
-
A patent license is "discriminatory" if it does not include within
|
522 |
-
the scope of its coverage, prohibits the exercise of, or is
|
523 |
-
conditioned on the non-exercise of one or more of the rights that are
|
524 |
-
specifically granted under this License. You may not convey a covered
|
525 |
-
work if you are a party to an arrangement with a third party that is
|
526 |
-
in the business of distributing software, under which you make payment
|
527 |
-
to the third party based on the extent of your activity of conveying
|
528 |
-
the work, and under which the third party grants, to any of the
|
529 |
-
parties who would receive the covered work from you, a discriminatory
|
530 |
-
patent license (a) in connection with copies of the covered work
|
531 |
-
conveyed by you (or copies made from those copies), or (b) primarily
|
532 |
-
for and in connection with specific products or compilations that
|
533 |
-
contain the covered work, unless you entered into that arrangement,
|
534 |
-
or that patent license was granted, prior to 28 March 2007.
|
535 |
-
|
536 |
-
Nothing in this License shall be construed as excluding or limiting
|
537 |
-
any implied license or other defenses to infringement that may
|
538 |
-
otherwise be available to you under applicable patent law.
|
539 |
-
|
540 |
-
12. No Surrender of Others' Freedom.
|
541 |
-
|
542 |
-
If conditions are imposed on you (whether by court order, agreement or
|
543 |
-
otherwise) that contradict the conditions of this License, they do not
|
544 |
-
excuse you from the conditions of this License. If you cannot convey a
|
545 |
-
covered work so as to satisfy simultaneously your obligations under this
|
546 |
-
License and any other pertinent obligations, then as a consequence you may
|
547 |
-
not convey it at all. For example, if you agree to terms that obligate you
|
548 |
-
to collect a royalty for further conveying from those to whom you convey
|
549 |
-
the Program, the only way you could satisfy both those terms and this
|
550 |
-
License would be to refrain entirely from conveying the Program.
|
551 |
-
|
552 |
-
13. Use with the GNU Affero General Public License.
|
553 |
-
|
554 |
-
Notwithstanding any other provision of this License, you have
|
555 |
-
permission to link or combine any covered work with a work licensed
|
556 |
-
under version 3 of the GNU Affero General Public License into a single
|
557 |
-
combined work, and to convey the resulting work. The terms of this
|
558 |
-
License will continue to apply to the part which is the covered work,
|
559 |
-
but the special requirements of the GNU Affero General Public License,
|
560 |
-
section 13, concerning interaction through a network will apply to the
|
561 |
-
combination as such.
|
562 |
-
|
563 |
-
14. Revised Versions of this License.
|
564 |
-
|
565 |
-
The Free Software Foundation may publish revised and/or new versions of
|
566 |
-
the GNU General Public License from time to time. Such new versions will
|
567 |
-
be similar in spirit to the present version, but may differ in detail to
|
568 |
-
address new problems or concerns.
|
569 |
-
|
570 |
-
Each version is given a distinguishing version number. If the
|
571 |
-
Program specifies that a certain numbered version of the GNU General
|
572 |
-
Public License "or any later version" applies to it, you have the
|
573 |
-
option of following the terms and conditions either of that numbered
|
574 |
-
version or of any later version published by the Free Software
|
575 |
-
Foundation. If the Program does not specify a version number of the
|
576 |
-
GNU General Public License, you may choose any version ever published
|
577 |
-
by the Free Software Foundation.
|
578 |
-
|
579 |
-
If the Program specifies that a proxy can decide which future
|
580 |
-
versions of the GNU General Public License can be used, that proxy's
|
581 |
-
public statement of acceptance of a version permanently authorizes you
|
582 |
-
to choose that version for the Program.
|
583 |
-
|
584 |
-
Later license versions may give you additional or different
|
585 |
-
permissions. However, no additional obligations are imposed on any
|
586 |
-
author or copyright holder as a result of your choosing to follow a
|
587 |
-
later version.
|
588 |
-
|
589 |
-
15. Disclaimer of Warranty.
|
590 |
-
|
591 |
-
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
|
592 |
-
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
|
593 |
-
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
|
594 |
-
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
|
595 |
-
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
596 |
-
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
|
597 |
-
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
|
598 |
-
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
599 |
-
|
600 |
-
16. Limitation of Liability.
|
601 |
-
|
602 |
-
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
603 |
-
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
|
604 |
-
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
|
605 |
-
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
|
606 |
-
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
|
607 |
-
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
|
608 |
-
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
|
609 |
-
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
|
610 |
-
SUCH DAMAGES.
|
611 |
-
|
612 |
-
17. Interpretation of Sections 15 and 16.
|
613 |
-
|
614 |
-
If the disclaimer of warranty and limitation of liability provided
|
615 |
-
above cannot be given local legal effect according to their terms,
|
616 |
-
reviewing courts shall apply local law that most closely approximates
|
617 |
-
an absolute waiver of all civil liability in connection with the
|
618 |
-
Program, unless a warranty or assumption of liability accompanies a
|
619 |
-
copy of the Program in return for a fee.
|
620 |
-
|
621 |
-
END OF TERMS AND CONDITIONS
|
622 |
-
|
623 |
-
How to Apply These Terms to Your New Programs
|
624 |
-
|
625 |
-
If you develop a new program, and you want it to be of the greatest
|
626 |
-
possible use to the public, the best way to achieve this is to make it
|
627 |
-
free software which everyone can redistribute and change under these terms.
|
628 |
-
|
629 |
-
To do so, attach the following notices to the program. It is safest
|
630 |
-
to attach them to the start of each source file to most effectively
|
631 |
-
state the exclusion of warranty; and each file should have at least
|
632 |
-
the "copyright" line and a pointer to where the full notice is found.
|
633 |
-
|
634 |
-
<one line to give the program's name and a brief idea of what it does.>
|
635 |
-
Copyright (C) <year> <name of author>
|
636 |
-
|
637 |
-
This program is free software: you can redistribute it and/or modify
|
638 |
-
it under the terms of the GNU General Public License as published by
|
639 |
-
the Free Software Foundation, either version 3 of the License, or
|
640 |
-
(at your option) any later version.
|
641 |
-
|
642 |
-
This program is distributed in the hope that it will be useful,
|
643 |
-
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
644 |
-
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
645 |
-
GNU General Public License for more details.
|
646 |
-
|
647 |
-
You should have received a copy of the GNU General Public License
|
648 |
-
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
649 |
-
|
650 |
-
Also add information on how to contact you by electronic and paper mail.
|
651 |
-
|
652 |
-
If the program does terminal interaction, make it output a short
|
653 |
-
notice like this when it starts in an interactive mode:
|
654 |
-
|
655 |
-
<program> Copyright (C) <year> <name of author>
|
656 |
-
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
657 |
-
This is free software, and you are welcome to redistribute it
|
658 |
-
under certain conditions; type `show c' for details.
|
659 |
-
|
660 |
-
The hypothetical commands `show w' and `show c' should show the appropriate
|
661 |
-
parts of the General Public License. Of course, your program's commands
|
662 |
-
might be different; for a GUI interface, you would use an "about box".
|
663 |
-
|
664 |
-
You should also get your employer (if you work as a programmer) or school,
|
665 |
-
if any, to sign a "copyright disclaimer" for the program, if necessary.
|
666 |
-
For more information on this, and how to apply and follow the GNU GPL, see
|
667 |
-
<http://www.gnu.org/licenses/>.
|
668 |
-
|
669 |
-
The GNU General Public License does not permit incorporating your program
|
670 |
-
into proprietary programs. If your program is a subroutine library, you
|
671 |
-
may consider it more useful to permit linking proprietary applications with
|
672 |
-
the library. If this is what you want to do, use the GNU Lesser General
|
673 |
-
Public License instead of this License. But first, please read
|
674 |
-
<http://www.gnu.org/philosophy/why-not-lgpl.html>.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
lgpl-3.0.txt
DELETED
@@ -1,165 +0,0 @@
|
|
1 |
-
GNU LESSER GENERAL PUBLIC LICENSE
|
2 |
-
Version 3, 29 June 2007
|
3 |
-
|
4 |
-
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
5 |
-
Everyone is permitted to copy and distribute verbatim copies
|
6 |
-
of this license document, but changing it is not allowed.
|
7 |
-
|
8 |
-
|
9 |
-
This version of the GNU Lesser General Public License incorporates
|
10 |
-
the terms and conditions of version 3 of the GNU General Public
|
11 |
-
License, supplemented by the additional permissions listed below.
|
12 |
-
|
13 |
-
0. Additional Definitions.
|
14 |
-
|
15 |
-
As used herein, "this License" refers to version 3 of the GNU Lesser
|
16 |
-
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
17 |
-
General Public License.
|
18 |
-
|
19 |
-
"The Library" refers to a covered work governed by this License,
|
20 |
-
other than an Application or a Combined Work as defined below.
|
21 |
-
|
22 |
-
An "Application" is any work that makes use of an interface provided
|
23 |
-
by the Library, but which is not otherwise based on the Library.
|
24 |
-
Defining a subclass of a class defined by the Library is deemed a mode
|
25 |
-
of using an interface provided by the Library.
|
26 |
-
|
27 |
-
A "Combined Work" is a work produced by combining or linking an
|
28 |
-
Application with the Library. The particular version of the Library
|
29 |
-
with which the Combined Work was made is also called the "Linked
|
30 |
-
Version".
|
31 |
-
|
32 |
-
The "Minimal Corresponding Source" for a Combined Work means the
|
33 |
-
Corresponding Source for the Combined Work, excluding any source code
|
34 |
-
for portions of the Combined Work that, considered in isolation, are
|
35 |
-
based on the Application, and not on the Linked Version.
|
36 |
-
|
37 |
-
The "Corresponding Application Code" for a Combined Work means the
|
38 |
-
object code and/or source code for the Application, including any data
|
39 |
-
and utility programs needed for reproducing the Combined Work from the
|
40 |
-
Application, but excluding the System Libraries of the Combined Work.
|
41 |
-
|
42 |
-
1. Exception to Section 3 of the GNU GPL.
|
43 |
-
|
44 |
-
You may convey a covered work under sections 3 and 4 of this License
|
45 |
-
without being bound by section 3 of the GNU GPL.
|
46 |
-
|
47 |
-
2. Conveying Modified Versions.
|
48 |
-
|
49 |
-
If you modify a copy of the Library, and, in your modifications, a
|
50 |
-
facility refers to a function or data to be supplied by an Application
|
51 |
-
that uses the facility (other than as an argument passed when the
|
52 |
-
facility is invoked), then you may convey a copy of the modified
|
53 |
-
version:
|
54 |
-
|
55 |
-
a) under this License, provided that you make a good faith effort to
|
56 |
-
ensure that, in the event an Application does not supply the
|
57 |
-
function or data, the facility still operates, and performs
|
58 |
-
whatever part of its purpose remains meaningful, or
|
59 |
-
|
60 |
-
b) under the GNU GPL, with none of the additional permissions of
|
61 |
-
this License applicable to that copy.
|
62 |
-
|
63 |
-
3. Object Code Incorporating Material from Library Header Files.
|
64 |
-
|
65 |
-
The object code form of an Application may incorporate material from
|
66 |
-
a header file that is part of the Library. You may convey such object
|
67 |
-
code under terms of your choice, provided that, if the incorporated
|
68 |
-
material is not limited to numerical parameters, data structure
|
69 |
-
layouts and accessors, or small macros, inline functions and templates
|
70 |
-
(ten or fewer lines in length), you do both of the following:
|
71 |
-
|
72 |
-
a) Give prominent notice with each copy of the object code that the
|
73 |
-
Library is used in it and that the Library and its use are
|
74 |
-
covered by this License.
|
75 |
-
|
76 |
-
b) Accompany the object code with a copy of the GNU GPL and this license
|
77 |
-
document.
|
78 |
-
|
79 |
-
4. Combined Works.
|
80 |
-
|
81 |
-
You may convey a Combined Work under terms of your choice that,
|
82 |
-
taken together, effectively do not restrict modification of the
|
83 |
-
portions of the Library contained in the Combined Work and reverse
|
84 |
-
engineering for debugging such modifications, if you also do each of
|
85 |
-
the following:
|
86 |
-
|
87 |
-
a) Give prominent notice with each copy of the Combined Work that
|
88 |
-
the Library is used in it and that the Library and its use are
|
89 |
-
covered by this License.
|
90 |
-
|
91 |
-
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
92 |
-
document.
|
93 |
-
|
94 |
-
c) For a Combined Work that displays copyright notices during
|
95 |
-
execution, include the copyright notice for the Library among
|
96 |
-
these notices, as well as a reference directing the user to the
|
97 |
-
copies of the GNU GPL and this license document.
|
98 |
-
|
99 |
-
d) Do one of the following:
|
100 |
-
|
101 |
-
0) Convey the Minimal Corresponding Source under the terms of this
|
102 |
-
License, and the Corresponding Application Code in a form
|
103 |
-
suitable for, and under terms that permit, the user to
|
104 |
-
recombine or relink the Application with a modified version of
|
105 |
-
the Linked Version to produce a modified Combined Work, in the
|
106 |
-
manner specified by section 6 of the GNU GPL for conveying
|
107 |
-
Corresponding Source.
|
108 |
-
|
109 |
-
1) Use a suitable shared library mechanism for linking with the
|
110 |
-
Library. A suitable mechanism is one that (a) uses at run time
|
111 |
-
a copy of the Library already present on the user's computer
|
112 |
-
system, and (b) will operate properly with a modified version
|
113 |
-
of the Library that is interface-compatible with the Linked
|
114 |
-
Version.
|
115 |
-
|
116 |
-
e) Provide Installation Information, but only if you would otherwise
|
117 |
-
be required to provide such information under section 6 of the
|
118 |
-
GNU GPL, and only to the extent that such information is
|
119 |
-
necessary to install and execute a modified version of the
|
120 |
-
Combined Work produced by recombining or relinking the
|
121 |
-
Application with a modified version of the Linked Version. (If
|
122 |
-
you use option 4d0, the Installation Information must accompany
|
123 |
-
the Minimal Corresponding Source and Corresponding Application
|
124 |
-
Code. If you use option 4d1, you must provide the Installation
|
125 |
-
Information in the manner specified by section 6 of the GNU GPL
|
126 |
-
for conveying Corresponding Source.)
|
127 |
-
|
128 |
-
5. Combined Libraries.
|
129 |
-
|
130 |
-
You may place library facilities that are a work based on the
|
131 |
-
Library side by side in a single library together with other library
|
132 |
-
facilities that are not Applications and are not covered by this
|
133 |
-
License, and convey such a combined library under terms of your
|
134 |
-
choice, if you do both of the following:
|
135 |
-
|
136 |
-
a) Accompany the combined library with a copy of the same work based
|
137 |
-
on the Library, uncombined with any other library facilities,
|
138 |
-
conveyed under the terms of this License.
|
139 |
-
|
140 |
-
b) Give prominent notice with the combined library that part of it
|
141 |
-
is a work based on the Library, and explaining where to find the
|
142 |
-
accompanying uncombined form of the same work.
|
143 |
-
|
144 |
-
6. Revised Versions of the GNU Lesser General Public License.
|
145 |
-
|
146 |
-
The Free Software Foundation may publish revised and/or new versions
|
147 |
-
of the GNU Lesser General Public License from time to time. Such new
|
148 |
-
versions will be similar in spirit to the present version, but may
|
149 |
-
differ in detail to address new problems or concerns.
|
150 |
-
|
151 |
-
Each version is given a distinguishing version number. If the
|
152 |
-
Library as you received it specifies that a certain numbered version
|
153 |
-
of the GNU Lesser General Public License "or any later version"
|
154 |
-
applies to it, you have the option of following the terms and
|
155 |
-
conditions either of that published version or of any later version
|
156 |
-
published by the Free Software Foundation. If the Library as you
|
157 |
-
received it does not specify a version number of the GNU Lesser
|
158 |
-
General Public License, you may choose any version of the GNU Lesser
|
159 |
-
General Public License ever published by the Free Software Foundation.
|
160 |
-
|
161 |
-
If the Library as you received it specifies that a proxy can decide
|
162 |
-
whether future versions of the GNU Lesser General Public License shall
|
163 |
-
apply, that proxy's public statement of acceptance of any version is
|
164 |
-
permanent authorization for you to choose that version for the
|
165 |
-
Library.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
settings-sample.ini
DELETED
@@ -1,16 +0,0 @@
|
|
1 |
-
; settings.ini
|
2 |
-
|
3 |
-
[settings]
|
4 |
-
display_stats = false
|
5 |
-
strict = false
|
6 |
-
verbose = false
|
7 |
-
logging = true
|
8 |
-
httpbl_key = ""
|
9 |
-
httpbl_threat = 25
|
10 |
-
httpbl_maxage = 30
|
11 |
-
offsite_forms = false
|
12 |
-
eu_cookie = false
|
13 |
-
reverse_proxy = false
|
14 |
-
reverse_proxy_header = "X-Forwarded-For"
|
15 |
-
;reverse_proxy_addresses[] =
|
16 |
-
;reverse_proxy_addresses[] =
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
whitelist-sample.ini
DELETED
@@ -1,31 +0,0 @@
|
|
1 |
-
; whitelist.ini
|
2 |
-
;
|
3 |
-
; Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior
|
4 |
-
; to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN
|
5 |
-
; that you should.
|
6 |
-
|
7 |
-
; IP address ranges use the CIDR format.
|
8 |
-
|
9 |
-
[ip]
|
10 |
-
; Digg whitelisted as of 2.0.12
|
11 |
-
ip[] = "64.191.203.0/24"
|
12 |
-
ip[] = "208.67.217.130"
|
13 |
-
; RFC 1918 addresses
|
14 |
-
ip[] = "10.0.0.0/8"
|
15 |
-
ip[] = "172.16.0.0/12"
|
16 |
-
ip[] = "192.168.0.0/16"
|
17 |
-
|
18 |
-
; User agents are matched by exact match only.
|
19 |
-
|
20 |
-
[useragent]
|
21 |
-
useragent[] = "Mozilla/4.0 (It's me, let me in)"
|
22 |
-
|
23 |
-
; URLs are matched from the first / after the server name up to, but not
|
24 |
-
; including, the ? (if any). The URL to be whitelisted is a URL on YOUR site.
|
25 |
-
; A partial URL match is permitted, so URL whitelist entries should be as
|
26 |
-
; specific as possible, but no more specific than necessary. For instance,
|
27 |
-
; "/example" would match "/example.php" and "/example/address".
|
28 |
-
|
29 |
-
[url]
|
30 |
-
url[] = "/example.php"
|
31 |
-
url[] = "/openid/server"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|