Version Description
Download this release
Release Info
Developer | error |
Plugin | Bad Behavior |
Version | 2.1.0 |
Comparing to | |
See all releases |
Code changes from version 2.0.36 to 2.1.0
- README.txt +1 -1
- bad-behavior-generic.php +6 -3
- bad-behavior-mediawiki.php +5 -1
- bad-behavior-mysql.php +46 -0
- bad-behavior-wordpress.php +8 -4
- bad-behavior/blacklist.inc.php +3 -1
- bad-behavior/common_tests.inc.php +0 -1
- bad-behavior/core.inc.php +30 -86
- bad-behavior/post.inc.php +1 -1
- bad-behavior/version.inc.php +1 -1
- bad-behavior/whitelist.inc.php +7 -60
- settings.ini +9 -0
- whitelist.ini +26 -0
README.txt
CHANGED
@@ -4,7 +4,7 @@ Contributors: error, MarkJaquith, Firas, skeltoac
|
|
4 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
|
5 |
Requires at least: 1.5
|
6 |
Tested up to: 2.9
|
7 |
-
Stable tag: 2.0.
|
8 |
|
9 |
Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
|
10 |
content management system free of link spam. Bad Behavior is a PHP-based
|
4 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
|
5 |
Requires at least: 1.5
|
6 |
Tested up to: 2.9
|
7 |
+
Stable tag: 2.0.35
|
8 |
|
9 |
Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
|
10 |
content management system free of link spam. Bad Behavior is a PHP-based
|
bad-behavior-generic.php
CHANGED
@@ -1,11 +1,11 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
Bad Behavior - detects and blocks unwanted Web accesses
|
4 |
-
Copyright (C) 2005
|
5 |
|
6 |
This program is free software; you can redistribute it and/or modify
|
7 |
it under the terms of the GNU General Public License as published by
|
8 |
-
the Free Software Foundation; either version
|
9 |
(at your option) any later version.
|
10 |
|
11 |
As a special exemption, you may link this program with any of the
|
@@ -32,6 +32,8 @@ define('BB2_CWD', dirname(__FILE__));
|
|
32 |
|
33 |
// Settings you can adjust for Bad Behavior.
|
34 |
// Most of these are unused in non-database mode.
|
|
|
|
|
35 |
$bb2_settings_defaults = array(
|
36 |
'log_table' => 'bad_behavior',
|
37 |
'display_stats' => true,
|
@@ -93,7 +95,8 @@ function bb2_email() {
|
|
93 |
// Settings are hard-coded for non-database use
|
94 |
function bb2_read_settings() {
|
95 |
global $bb2_settings_defaults;
|
96 |
-
|
|
|
97 |
}
|
98 |
|
99 |
// write settings to database
|
1 |
<?php
|
2 |
/*
|
3 |
Bad Behavior - detects and blocks unwanted Web accesses
|
4 |
+
Copyright (C) 2005,2006,2007,2008,2009 Michael Hampton
|
5 |
|
6 |
This program is free software; you can redistribute it and/or modify
|
7 |
it under the terms of the GNU General Public License as published by
|
8 |
+
the Free Software Foundation; either version 3 of the License, or
|
9 |
(at your option) any later version.
|
10 |
|
11 |
As a special exemption, you may link this program with any of the
|
32 |
|
33 |
// Settings you can adjust for Bad Behavior.
|
34 |
// Most of these are unused in non-database mode.
|
35 |
+
// DO NOT EDIT HERE; instead make changes in settings.ini.
|
36 |
+
// These settings are used when settings.ini is not present.
|
37 |
$bb2_settings_defaults = array(
|
38 |
'log_table' => 'bad_behavior',
|
39 |
'display_stats' => true,
|
95 |
// Settings are hard-coded for non-database use
|
96 |
function bb2_read_settings() {
|
97 |
global $bb2_settings_defaults;
|
98 |
+
$settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
|
99 |
+
return array_merge($bb2_settings_defaults, $settings);
|
100 |
}
|
101 |
|
102 |
// write settings to database
|
bad-behavior-mediawiki.php
CHANGED
@@ -25,6 +25,8 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
25 |
if (!defined('MEDIAWIKI')) die();
|
26 |
|
27 |
// Settings you can adjust for Bad Behavior.
|
|
|
|
|
28 |
$bb2_settings_defaults = array(
|
29 |
'log_table' => $wgDBprefix . 'bad_behavior',
|
30 |
'display_stats' => true,
|
@@ -40,6 +42,7 @@ $bb2_settings_defaults = array(
|
|
40 |
define('BB2_CWD', dirname(__FILE__));
|
41 |
|
42 |
// Bad Behavior callback functions.
|
|
|
43 |
|
44 |
// Return current time in the format preferred by your database.
|
45 |
function bb2_db_date() {
|
@@ -90,7 +93,8 @@ function bb2_email() {
|
|
90 |
// retrieve settings from database
|
91 |
function bb2_read_settings() {
|
92 |
global $bb2_settings_defaults;
|
93 |
-
|
|
|
94 |
}
|
95 |
|
96 |
// This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
|
25 |
if (!defined('MEDIAWIKI')) die();
|
26 |
|
27 |
// Settings you can adjust for Bad Behavior.
|
28 |
+
// DO NOT EDIT HERE; instead make changes in settings.ini.
|
29 |
+
// These settings are used when settings.ini is not present.
|
30 |
$bb2_settings_defaults = array(
|
31 |
'log_table' => $wgDBprefix . 'bad_behavior',
|
32 |
'display_stats' => true,
|
42 |
define('BB2_CWD', dirname(__FILE__));
|
43 |
|
44 |
// Bad Behavior callback functions.
|
45 |
+
require_once("bad-behavior-mysql.php");
|
46 |
|
47 |
// Return current time in the format preferred by your database.
|
48 |
function bb2_db_date() {
|
93 |
// retrieve settings from database
|
94 |
function bb2_read_settings() {
|
95 |
global $bb2_settings_defaults;
|
96 |
+
$settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
|
97 |
+
return array_merge($bb2_settings_defaults, $settings);
|
98 |
}
|
99 |
|
100 |
// This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
|
bad-behavior-mysql.php
ADDED
@@ -0,0 +1,46 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
// Our log table structure
|
4 |
+
function bb2_table_structure($name)
|
5 |
+
{
|
6 |
+
// It's not paranoia if they really are out to get you.
|
7 |
+
$name_escaped = bb2_db_escape($name);
|
8 |
+
return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
|
9 |
+
`id` INT(11) NOT NULL auto_increment,
|
10 |
+
`ip` TEXT NOT NULL,
|
11 |
+
`date` DATETIME NOT NULL default '0000-00-00 00:00:00',
|
12 |
+
`request_method` TEXT NOT NULL,
|
13 |
+
`request_uri` TEXT NOT NULL,
|
14 |
+
`server_protocol` TEXT NOT NULL,
|
15 |
+
`http_headers` TEXT NOT NULL,
|
16 |
+
`user_agent` TEXT NOT NULL,
|
17 |
+
`request_entity` TEXT NOT NULL,
|
18 |
+
`key` TEXT NOT NULL,
|
19 |
+
INDEX (`ip`(15)),
|
20 |
+
INDEX (`user_agent`(10)),
|
21 |
+
PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
|
22 |
+
}
|
23 |
+
|
24 |
+
// Insert a new record
|
25 |
+
function bb2_insert($settings, $package, $key)
|
26 |
+
{
|
27 |
+
$ip = bb2_db_escape($package['ip']);
|
28 |
+
$date = bb2_db_date();
|
29 |
+
$request_method = bb2_db_escape($package['request_method']);
|
30 |
+
$request_uri = bb2_db_escape($package['request_uri']);
|
31 |
+
$server_protocol = bb2_db_escape($package['server_protocol']);
|
32 |
+
$user_agent = bb2_db_escape($package['user_agent']);
|
33 |
+
$headers = "$request_method $request_uri $server_protocol\n";
|
34 |
+
foreach ($package['headers'] as $h => $v) {
|
35 |
+
$headers .= bb2_db_escape("$h: $v\n");
|
36 |
+
}
|
37 |
+
$request_entity = "";
|
38 |
+
if (!strcasecmp($request_method, "POST")) {
|
39 |
+
foreach ($package['request_entity'] as $h => $v) {
|
40 |
+
$request_entity .= bb2_db_escape("$h: $v\n");
|
41 |
+
}
|
42 |
+
}
|
43 |
+
return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
|
44 |
+
(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
|
45 |
+
('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
|
46 |
+
}
|
bad-behavior-wordpress.php
CHANGED
@@ -1,7 +1,7 @@
|
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: Bad Behavior
|
4 |
-
Version: 2.0
|
5 |
Description: Deny automated spambots access to your PHP-based Web site.
|
6 |
Plugin URI: http://www.bad-behavior.ioerror.us/
|
7 |
Author: Michael Hampton
|
@@ -44,6 +44,7 @@ $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
|
|
44 |
define('BB2_CWD', dirname(__FILE__));
|
45 |
|
46 |
// Bad Behavior callback functions.
|
|
|
47 |
|
48 |
// Return current time in the format preferred by your database.
|
49 |
function bb2_db_date() {
|
@@ -79,8 +80,7 @@ function bb2_db_query($query) {
|
|
79 |
|
80 |
$wpdb->hide_errors();
|
81 |
$result = $wpdb->get_results($query, ARRAY_A);
|
82 |
-
|
83 |
-
$wpdb->show_errors();
|
84 |
if (mysql_error()) {
|
85 |
return FALSE;
|
86 |
}
|
@@ -140,6 +140,10 @@ function bb2_insert_stats($force = false) {
|
|
140 |
echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
|
141 |
}
|
142 |
}
|
|
|
|
|
|
|
|
|
143 |
}
|
144 |
|
145 |
// Return the top-level relative path of wherever we are (for cookies)
|
@@ -165,7 +169,7 @@ if (is_admin() || strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge
|
|
165 |
require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
|
166 |
}
|
167 |
|
168 |
-
bb2_start(bb2_read_settings());
|
169 |
|
170 |
$bb2_mtime = explode(" ", microtime());
|
171 |
$bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
|
1 |
<?php
|
2 |
/*
|
3 |
Plugin Name: Bad Behavior
|
4 |
+
Version: 2.1.0
|
5 |
Description: Deny automated spambots access to your PHP-based Web site.
|
6 |
Plugin URI: http://www.bad-behavior.ioerror.us/
|
7 |
Author: Michael Hampton
|
44 |
define('BB2_CWD', dirname(__FILE__));
|
45 |
|
46 |
// Bad Behavior callback functions.
|
47 |
+
require_once("bad-behavior-mysql.php");
|
48 |
|
49 |
// Return current time in the format preferred by your database.
|
50 |
function bb2_db_date() {
|
80 |
|
81 |
$wpdb->hide_errors();
|
82 |
$result = $wpdb->get_results($query, ARRAY_A);
|
83 |
+
$wpdb->show_errors();
|
|
|
84 |
if (mysql_error()) {
|
85 |
return FALSE;
|
86 |
}
|
140 |
echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
|
141 |
}
|
142 |
}
|
143 |
+
if (@!empty($_SESSION['BB2_RESULT'])) {
|
144 |
+
echo sprintf("\n<!-- Bad Behavior result was %s! This request would have been blocked. -->\n", $_SESSION['BB2_RESULT']);
|
145 |
+
unset($_SESSION['BB2_RESULT']);
|
146 |
+
}
|
147 |
}
|
148 |
|
149 |
// Return the top-level relative path of wherever we are (for cookies)
|
169 |
require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
|
170 |
}
|
171 |
|
172 |
+
$_SESSION['BB2_RESULT'] = bb2_start(bb2_read_settings());
|
173 |
|
174 |
$bb2_mtime = explode(" ", microtime());
|
175 |
$bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
|
bad-behavior/blacklist.inc.php
CHANGED
@@ -69,11 +69,12 @@ function bb2_blacklist($package) {
|
|
69 |
"grub-client", // search engine ignores robots.txt
|
70 |
"hanzoweb", // very badly behaved crawler
|
71 |
"Indy Library", // misc comment/email spam
|
72 |
-
"
|
73 |
"Murzillo compatible", // comment spam bot
|
74 |
".NET CLR 1)", // free poker, etc.
|
75 |
"POE-Component-Client", // free poker, etc.
|
76 |
"Turing Machine", // www.anonymizer.com abuse
|
|
|
77 |
"User-agent: ", // spam harvester/splogger
|
78 |
"WebaltBot", // spam harvester
|
79 |
"WISEbot", // spam harvester
|
@@ -83,6 +84,7 @@ function bb2_blacklist($package) {
|
|
83 |
"Windows NT 5.1;)", // wikispam bot
|
84 |
"Windows XP 5", // spam harvester
|
85 |
"WordPress/4.01", // pingback spam
|
|
|
86 |
"\\\\)", // spam harvester
|
87 |
);
|
88 |
|
69 |
"grub-client", // search engine ignores robots.txt
|
70 |
"hanzoweb", // very badly behaved crawler
|
71 |
"Indy Library", // misc comment/email spam
|
72 |
+
"MSIE 7.0; Windows NT 5.2", // Cyveillance
|
73 |
"Murzillo compatible", // comment spam bot
|
74 |
".NET CLR 1)", // free poker, etc.
|
75 |
"POE-Component-Client", // free poker, etc.
|
76 |
"Turing Machine", // www.anonymizer.com abuse
|
77 |
+
"unspecified.mail", // stealth harvesters
|
78 |
"User-agent: ", // spam harvester/splogger
|
79 |
"WebaltBot", // spam harvester
|
80 |
"WISEbot", // spam harvester
|
84 |
"Windows NT 5.1;)", // wikispam bot
|
85 |
"Windows XP 5", // spam harvester
|
86 |
"WordPress/4.01", // pingback spam
|
87 |
+
"Xedant Human Emulator",// spammer script engine
|
88 |
"\\\\)", // spam harvester
|
89 |
);
|
90 |
|
bad-behavior/common_tests.inc.php
CHANGED
@@ -69,7 +69,6 @@ function bb2_misc_headers($settings, $package)
|
|
69 |
// Lowercase via is used by open proxies/referrer spammers
|
70 |
// Exceptions: Clearswift uses lowercase via (refuses to fix;
|
71 |
// may be blocked again in the future)
|
72 |
-
// Coral CDN uses lowercase via
|
73 |
if (array_key_exists('via', $package['headers']) &&
|
74 |
strpos($package['headers']['via'],'Clearswift') === FALSE &&
|
75 |
strpos($ua,'CoralWebPrx') === FALSE) {
|
69 |
// Lowercase via is used by open proxies/referrer spammers
|
70 |
// Exceptions: Clearswift uses lowercase via (refuses to fix;
|
71 |
// may be blocked again in the future)
|
|
|
72 |
if (array_key_exists('via', $package['headers']) &&
|
73 |
strpos($package['headers']['via'],'Clearswift') === FALSE &&
|
74 |
strpos($ua,'CoralWebPrx') === FALSE) {
|
bad-behavior/core.inc.php
CHANGED
@@ -1,6 +1,6 @@
|
|
1 |
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
|
2 |
|
3 |
-
// Bad Behavior entry point is
|
4 |
// If you're reading this, you are probably lost.
|
5 |
// Go read the bad-behavior-generic.php file.
|
6 |
|
@@ -9,51 +9,6 @@ define('BB2_COOKIE', 'bb2_screener_');
|
|
9 |
|
10 |
require_once(BB2_CORE . "/functions.inc.php");
|
11 |
|
12 |
-
// Our log table structure
|
13 |
-
function bb2_table_structure($name)
|
14 |
-
{
|
15 |
-
// It's not paranoia if they really are out to get you.
|
16 |
-
$name_escaped = bb2_db_escape($name);
|
17 |
-
return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
|
18 |
-
`id` INT(11) NOT NULL auto_increment,
|
19 |
-
`ip` TEXT NOT NULL,
|
20 |
-
`date` DATETIME NOT NULL default '0000-00-00 00:00:00',
|
21 |
-
`request_method` TEXT NOT NULL,
|
22 |
-
`request_uri` TEXT NOT NULL,
|
23 |
-
`server_protocol` TEXT NOT NULL,
|
24 |
-
`http_headers` TEXT NOT NULL,
|
25 |
-
`user_agent` TEXT NOT NULL,
|
26 |
-
`request_entity` TEXT NOT NULL,
|
27 |
-
`key` TEXT NOT NULL,
|
28 |
-
INDEX (`ip`(15)),
|
29 |
-
INDEX (`user_agent`(10)),
|
30 |
-
PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
|
31 |
-
}
|
32 |
-
|
33 |
-
// Insert a new record
|
34 |
-
function bb2_insert($settings, $package, $key)
|
35 |
-
{
|
36 |
-
$ip = bb2_db_escape($package['ip']);
|
37 |
-
$date = bb2_db_date();
|
38 |
-
$request_method = bb2_db_escape($package['request_method']);
|
39 |
-
$request_uri = bb2_db_escape($package['request_uri']);
|
40 |
-
$server_protocol = bb2_db_escape($package['server_protocol']);
|
41 |
-
$user_agent = bb2_db_escape($package['user_agent']);
|
42 |
-
$headers = "$request_method $request_uri $server_protocol\n";
|
43 |
-
foreach ($package['headers'] as $h => $v) {
|
44 |
-
$headers .= bb2_db_escape("$h: $v\n");
|
45 |
-
}
|
46 |
-
$request_entity = "";
|
47 |
-
if (!strcasecmp($request_method, "POST")) {
|
48 |
-
foreach ($package['request_entity'] as $h => $v) {
|
49 |
-
$request_entity .= bb2_db_escape("$h: $v\n");
|
50 |
-
}
|
51 |
-
}
|
52 |
-
return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
|
53 |
-
(`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
|
54 |
-
('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
|
55 |
-
}
|
56 |
-
|
57 |
// Kill 'em all!
|
58 |
function bb2_banned($settings, $package, $key, $previous_key=false)
|
59 |
{
|
@@ -85,18 +40,6 @@ function bb2_approved($settings, $package)
|
|
85 |
}
|
86 |
}
|
87 |
|
88 |
-
// Check the results of a particular test; see below for usage
|
89 |
-
// Returns FALSE if test passed (yes this is backwards)
|
90 |
-
function bb2_test($settings, $package, $result)
|
91 |
-
{
|
92 |
-
if ($result !== FALSE)
|
93 |
-
{
|
94 |
-
bb2_banned($settings, $package, $result);
|
95 |
-
return TRUE;
|
96 |
-
}
|
97 |
-
return FALSE;
|
98 |
-
}
|
99 |
-
|
100 |
|
101 |
// Let God sort 'em out!
|
102 |
function bb2_start($settings)
|
@@ -104,7 +47,7 @@ function bb2_start($settings)
|
|
104 |
// Gather up all the information we need, first of all.
|
105 |
$headers = bb2_load_headers();
|
106 |
// Postprocess the headers to mixed-case
|
107 |
-
//
|
108 |
$headers_mixed = array();
|
109 |
foreach ($headers as $h => $v) {
|
110 |
$headers_mixed[uc_all($h)] = $v;
|
@@ -112,23 +55,24 @@ function bb2_start($settings)
|
|
112 |
|
113 |
// IPv6 - IPv4 compatibility mode hack
|
114 |
$_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
|
115 |
-
// We use these frequently. Keep a copy close at hand.
|
116 |
-
$ip = $_SERVER['REMOTE_ADDR'];
|
117 |
-
$request_method = $_SERVER['REQUEST_METHOD'];
|
118 |
-
$request_uri = $_SERVER['REQUEST_URI'];
|
119 |
-
$server_protocol = $_SERVER['SERVER_PROTOCOL'];
|
120 |
-
@$user_agent = $_SERVER['HTTP_USER_AGENT'];
|
121 |
|
122 |
// Reconstruct the HTTP entity, if present.
|
123 |
$request_entity = array();
|
124 |
-
if (!strcasecmp($
|
125 |
foreach ($_POST as $h => $v) {
|
126 |
$request_entity[$h] = $v;
|
127 |
}
|
128 |
}
|
129 |
|
130 |
-
|
|
|
|
|
|
|
|
|
|
|
131 |
|
|
|
|
|
132 |
// Please proceed to the security checkpoint and have your
|
133 |
// identification and boarding pass ready.
|
134 |
|
@@ -137,65 +81,65 @@ function bb2_start($settings)
|
|
137 |
if (!bb2_whitelist($package)) {
|
138 |
// Now check the blacklist
|
139 |
require_once(BB2_CORE . "/blacklist.inc.php");
|
140 |
-
|
141 |
|
142 |
// Check the http:BL
|
143 |
require_once(BB2_CORE . "/blackhole.inc.php");
|
144 |
-
|
145 |
|
146 |
// Check for common stuff
|
147 |
require_once(BB2_CORE . "/common_tests.inc.php");
|
148 |
-
|
149 |
-
|
150 |
-
|
151 |
|
152 |
// Specific checks
|
153 |
-
@$ua = $
|
154 |
// MSIE checks
|
155 |
-
if (stripos($ua, "MSIE") !== FALSE) {
|
156 |
$package['is_browser'] = true;
|
157 |
if (stripos($ua, "Opera") !== FALSE) {
|
158 |
require_once(BB2_CORE . "/opera.inc.php");
|
159 |
-
|
160 |
} else {
|
161 |
require_once(BB2_CORE . "/msie.inc.php");
|
162 |
-
|
163 |
}
|
164 |
} elseif (stripos($ua, "Konqueror") !== FALSE) {
|
165 |
$package['is_browser'] = true;
|
166 |
require_once(BB2_CORE . "/konqueror.inc.php");
|
167 |
-
|
168 |
} elseif (stripos($ua, "Opera") !== FALSE) {
|
169 |
$package['is_browser'] = true;
|
170 |
require_once(BB2_CORE . "/opera.inc.php");
|
171 |
-
|
172 |
} elseif (stripos($ua, "Safari") !== FALSE) {
|
173 |
$package['is_browser'] = true;
|
174 |
require_once(BB2_CORE . "/safari.inc.php");
|
175 |
-
|
176 |
} elseif (stripos($ua, "Lynx") !== FALSE) {
|
177 |
$package['is_browser'] = true;
|
178 |
require_once(BB2_CORE . "/lynx.inc.php");
|
179 |
-
|
180 |
} elseif (stripos($ua, "MovableType") !== FALSE) {
|
181 |
require_once(BB2_CORE . "/movabletype.inc.php");
|
182 |
-
|
183 |
} elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
|
184 |
require_once(BB2_CORE . "/msnbot.inc.php");
|
185 |
-
|
186 |
} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
|
187 |
require_once(BB2_CORE . "/google.inc.php");
|
188 |
-
|
189 |
} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
|
190 |
$package['is_browser'] = true;
|
191 |
require_once(BB2_CORE . "/mozilla.inc.php");
|
192 |
-
|
193 |
}
|
194 |
|
195 |
// More intensive screening applies to POST requests
|
196 |
if (!strcasecmp('POST', $package['request_method'])) {
|
197 |
require_once(BB2_CORE . "/post.inc.php");
|
198 |
-
|
199 |
}
|
200 |
}
|
201 |
|
@@ -205,6 +149,6 @@ function bb2_start($settings)
|
|
205 |
|
206 |
// And that's about it.
|
207 |
bb2_approved($settings, $package);
|
208 |
-
return
|
209 |
}
|
210 |
?>
|
1 |
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
|
2 |
|
3 |
+
// Bad Behavior entry point is bb2_start()
|
4 |
// If you're reading this, you are probably lost.
|
5 |
// Go read the bad-behavior-generic.php file.
|
6 |
|
9 |
|
10 |
require_once(BB2_CORE . "/functions.inc.php");
|
11 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12 |
// Kill 'em all!
|
13 |
function bb2_banned($settings, $package, $key, $previous_key=false)
|
14 |
{
|
40 |
}
|
41 |
}
|
42 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
43 |
|
44 |
// Let God sort 'em out!
|
45 |
function bb2_start($settings)
|
47 |
// Gather up all the information we need, first of all.
|
48 |
$headers = bb2_load_headers();
|
49 |
// Postprocess the headers to mixed-case
|
50 |
+
// TODO: get the world to stop using PHP as CGI
|
51 |
$headers_mixed = array();
|
52 |
foreach ($headers as $h => $v) {
|
53 |
$headers_mixed[uc_all($h)] = $v;
|
55 |
|
56 |
// IPv6 - IPv4 compatibility mode hack
|
57 |
$_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
|
|
|
|
|
|
|
|
|
|
|
|
|
58 |
|
59 |
// Reconstruct the HTTP entity, if present.
|
60 |
$request_entity = array();
|
61 |
+
if (!strcasecmp($_SERVER['REQUEST_METHOD'], "POST") || !strcasecmp($_SERVER['REQUEST_METHOD'], "PUT")) {
|
62 |
foreach ($_POST as $h => $v) {
|
63 |
$request_entity[$h] = $v;
|
64 |
}
|
65 |
}
|
66 |
|
67 |
+
@$package = array('ip' => $_SERVER['REMOTE_ADDR'], 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $_SERVER['REQUEST_URI'], 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false);
|
68 |
+
|
69 |
+
$result = bb2_screen($settings, $package);
|
70 |
+
if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
|
71 |
+
return $result;
|
72 |
+
}
|
73 |
|
74 |
+
function bb2_screen($settings, $package)
|
75 |
+
{
|
76 |
// Please proceed to the security checkpoint and have your
|
77 |
// identification and boarding pass ready.
|
78 |
|
81 |
if (!bb2_whitelist($package)) {
|
82 |
// Now check the blacklist
|
83 |
require_once(BB2_CORE . "/blacklist.inc.php");
|
84 |
+
if ($r = bb2_blacklist($package)) return $r;
|
85 |
|
86 |
// Check the http:BL
|
87 |
require_once(BB2_CORE . "/blackhole.inc.php");
|
88 |
+
if ($r = bb2_httpbl($settings, $package)) return $r;
|
89 |
|
90 |
// Check for common stuff
|
91 |
require_once(BB2_CORE . "/common_tests.inc.php");
|
92 |
+
if ($r = bb2_protocol($settings, $package)) return $r;
|
93 |
+
if ($r = bb2_cookies($settings, $package)) return $r;
|
94 |
+
if ($r = bb2_misc_headers($settings, $package)) return $r;
|
95 |
|
96 |
// Specific checks
|
97 |
+
@$ua = $package['user_agent'];
|
98 |
// MSIE checks
|
99 |
+
if (stripos($ua, "; MSIE") !== FALSE) {
|
100 |
$package['is_browser'] = true;
|
101 |
if (stripos($ua, "Opera") !== FALSE) {
|
102 |
require_once(BB2_CORE . "/opera.inc.php");
|
103 |
+
if ($r = bb2_opera($package)) return $r;
|
104 |
} else {
|
105 |
require_once(BB2_CORE . "/msie.inc.php");
|
106 |
+
if ($r = bb2_msie($package)) return $r;
|
107 |
}
|
108 |
} elseif (stripos($ua, "Konqueror") !== FALSE) {
|
109 |
$package['is_browser'] = true;
|
110 |
require_once(BB2_CORE . "/konqueror.inc.php");
|
111 |
+
if ($r = bb2_konqueror($package)) return $r;
|
112 |
} elseif (stripos($ua, "Opera") !== FALSE) {
|
113 |
$package['is_browser'] = true;
|
114 |
require_once(BB2_CORE . "/opera.inc.php");
|
115 |
+
if ($r = bb2_opera($package)) return $r;
|
116 |
} elseif (stripos($ua, "Safari") !== FALSE) {
|
117 |
$package['is_browser'] = true;
|
118 |
require_once(BB2_CORE . "/safari.inc.php");
|
119 |
+
if ($r = bb2_safari($package)) return $r;
|
120 |
} elseif (stripos($ua, "Lynx") !== FALSE) {
|
121 |
$package['is_browser'] = true;
|
122 |
require_once(BB2_CORE . "/lynx.inc.php");
|
123 |
+
if ($r = bb2_lynx($package)) return $r;
|
124 |
} elseif (stripos($ua, "MovableType") !== FALSE) {
|
125 |
require_once(BB2_CORE . "/movabletype.inc.php");
|
126 |
+
if ($r = bb2_movabletype($package)) return $r;
|
127 |
} elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
|
128 |
require_once(BB2_CORE . "/msnbot.inc.php");
|
129 |
+
if ($r = bb2_msnbot($package)) return $r;
|
130 |
} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
|
131 |
require_once(BB2_CORE . "/google.inc.php");
|
132 |
+
if ($r = bb2_google($package)) return $r;
|
133 |
} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
|
134 |
$package['is_browser'] = true;
|
135 |
require_once(BB2_CORE . "/mozilla.inc.php");
|
136 |
+
if ($r = bb2_mozilla($package)) return $r;
|
137 |
}
|
138 |
|
139 |
// More intensive screening applies to POST requests
|
140 |
if (!strcasecmp('POST', $package['request_method'])) {
|
141 |
require_once(BB2_CORE . "/post.inc.php");
|
142 |
+
if ($r = bb2_post($settings, $package)) return $r;
|
143 |
}
|
144 |
}
|
145 |
|
149 |
|
150 |
// And that's about it.
|
151 |
bb2_approved($settings, $package);
|
152 |
+
return false;
|
153 |
}
|
154 |
?>
|
bad-behavior/post.inc.php
CHANGED
@@ -5,7 +5,7 @@ function bb2_post($settings, $package)
|
|
5 |
{
|
6 |
// Check blackhole lists for known spam/malicious activity
|
7 |
// require_once(BB2_CORE . "/blackhole.inc.php");
|
8 |
-
//
|
9 |
|
10 |
// MovableType needs specialized screening
|
11 |
if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
|
5 |
{
|
6 |
// Check blackhole lists for known spam/malicious activity
|
7 |
// require_once(BB2_CORE . "/blackhole.inc.php");
|
8 |
+
// if ($r = bb2_blackhole($package)) return $r;
|
9 |
|
10 |
// MovableType needs specialized screening
|
11 |
if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
|
bad-behavior/version.inc.php
CHANGED
@@ -1,3 +1,3 @@
|
|
1 |
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
|
2 |
-
define('BB2_VERSION', "2.0
|
3 |
?>
|
1 |
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
|
2 |
+
define('BB2_VERSION', "2.1.0");
|
3 |
?>
|
bad-behavior/whitelist.inc.php
CHANGED
@@ -2,78 +2,25 @@
|
|
2 |
|
3 |
function bb2_whitelist($package)
|
4 |
{
|
5 |
-
|
6 |
|
7 |
-
|
8 |
-
|
9 |
-
// are 100% CERTAIN that you should.
|
10 |
-
|
11 |
-
// IP address ranges use the CIDR format.
|
12 |
-
|
13 |
-
// Includes four examples of whitelisting by IP address and netblock.
|
14 |
-
$bb2_whitelist_ip_ranges = array(
|
15 |
-
"64.191.203.34", // Digg whitelisted as of 2.0.12
|
16 |
-
"208.67.217.130", // Digg whitelisted as of 2.0.12
|
17 |
-
"10.0.0.0/8",
|
18 |
-
"172.16.0.0/12",
|
19 |
-
"192.168.0.0/16",
|
20 |
-
// "127.0.0.1",
|
21 |
-
);
|
22 |
-
|
23 |
-
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
|
24 |
-
|
25 |
-
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
|
26 |
-
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
|
27 |
-
// are 100% CERTAIN that you should.
|
28 |
-
|
29 |
-
// You should not whitelist search engines by user agent. Use the IP
|
30 |
-
// netblock for the search engine instead. See http://whois.arin.net/
|
31 |
-
// to locate the netblocks for an IP.
|
32 |
-
|
33 |
-
// User agents are matched by exact match only.
|
34 |
-
|
35 |
-
// Includes one example of whitelisting by user agent.
|
36 |
-
// All are commented out.
|
37 |
-
$bb2_whitelist_user_agents = array(
|
38 |
-
// "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
|
39 |
-
);
|
40 |
-
|
41 |
-
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
|
42 |
-
|
43 |
-
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
|
44 |
-
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
|
45 |
-
// are 100% CERTAIN that you should.
|
46 |
-
|
47 |
-
// URLs are matched from the first / after the server name up to,
|
48 |
-
// but not including, the ? (if any).
|
49 |
-
|
50 |
-
// Includes two examples of whitelisting by URL.
|
51 |
-
$bb2_whitelist_urls = array(
|
52 |
-
// "/example.php",
|
53 |
-
// "/openid/server",
|
54 |
-
);
|
55 |
-
|
56 |
-
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
|
57 |
-
|
58 |
-
// Do not edit below this line
|
59 |
-
|
60 |
-
if (!empty($bb2_whitelist_ip_ranges)) {
|
61 |
-
foreach ($bb2_whitelist_ip_ranges as $range) {
|
62 |
if (match_cidr($package['ip'], $range)) return true;
|
63 |
}
|
64 |
}
|
65 |
-
if (
|
66 |
-
foreach ($
|
67 |
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
|
68 |
}
|
69 |
}
|
70 |
-
if (
|
71 |
if (strpos($package['request_uri'], "?") === FALSE) {
|
72 |
$request_uri = $package['request_uri'];
|
73 |
} else {
|
74 |
$request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
|
75 |
}
|
76 |
-
foreach ($
|
77 |
if (!strcmp($request_uri, $url)) return true;
|
78 |
}
|
79 |
}
|
2 |
|
3 |
function bb2_whitelist($package)
|
4 |
{
|
5 |
+
$whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
|
6 |
|
7 |
+
if (@!empty($whitelists['ip'])) {
|
8 |
+
foreach ($whitelists['ip'] as $range) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9 |
if (match_cidr($package['ip'], $range)) return true;
|
10 |
}
|
11 |
}
|
12 |
+
if (@!empty($whitelists['useragent'])) {
|
13 |
+
foreach ($whitelists['useragent'] as $user_agent) {
|
14 |
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
|
15 |
}
|
16 |
}
|
17 |
+
if (@!empty($whitelists['url'])) {
|
18 |
if (strpos($package['request_uri'], "?") === FALSE) {
|
19 |
$request_uri = $package['request_uri'];
|
20 |
} else {
|
21 |
$request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
|
22 |
}
|
23 |
+
foreach ($whitelists['url'] as $url) {
|
24 |
if (!strcmp($request_uri, $url)) return true;
|
25 |
}
|
26 |
}
|
settings.ini
ADDED
@@ -0,0 +1,9 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
[settings]
|
2 |
+
display_stats = true
|
3 |
+
strict = false
|
4 |
+
verbose = false
|
5 |
+
logging = true
|
6 |
+
httpbl_key = ""
|
7 |
+
httpbl_threat = 25
|
8 |
+
httpbl_maxage = 30
|
9 |
+
offsite_forms = false
|
whitelist.ini
ADDED
@@ -0,0 +1,26 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
; Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior
|
2 |
+
; to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN
|
3 |
+
; that you should.
|
4 |
+
|
5 |
+
; IP address ranges use the CIDR format.
|
6 |
+
|
7 |
+
[ip]
|
8 |
+
; Digg whitelisted as of 2.0.12
|
9 |
+
ip[] = "64.191.203.34"
|
10 |
+
ip[] = "208.67.217.130"
|
11 |
+
; RFC 1918 addresses
|
12 |
+
ip[] = "10.0.0.0/8"
|
13 |
+
ip[] = "172.16.0.0/12"
|
14 |
+
ip[] = "192.168.0.0/16"
|
15 |
+
|
16 |
+
; User agents are matched by exact match only.
|
17 |
+
|
18 |
+
[useragent]
|
19 |
+
useragent[] = "Mozilla/4.0 (It's me, let me in)"
|
20 |
+
|
21 |
+
; URLs are matched from the first / after the server name up to, but not
|
22 |
+
; including, the ? (if any). The URL to be whitelisted is a URL on YOUR site.
|
23 |
+
|
24 |
+
[url]
|
25 |
+
url[] = "/example.php"
|
26 |
+
url[] = "/openid/server"
|