Bad Behavior - Version 2.1.0

Version Description

Download this release

Release Info

Developer error
Plugin Icon wp plugin Bad Behavior
Version 2.1.0
Comparing to
See all releases

Code changes from version 2.0.36 to 2.1.0

Files changed (13) hide show
  1. README.txt +1 -1
  2. bad-behavior-generic.php +6 -3
  3. bad-behavior-mediawiki.php +5 -1
  4. bad-behavior-mysql.php +46 -0
  5. bad-behavior-wordpress.php +8 -4
  6. bad-behavior/blacklist.inc.php +3 -1
  7. bad-behavior/common_tests.inc.php +0 -1
  8. bad-behavior/core.inc.php +30 -86
  9. bad-behavior/post.inc.php +1 -1
  10. bad-behavior/version.inc.php +1 -1
  11. bad-behavior/whitelist.inc.php +7 -60
  12. settings.ini +9 -0
  13. whitelist.ini +26 -0
README.txt CHANGED
@@ -4,7 +4,7 @@ Contributors: error, MarkJaquith, Firas, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 1.5
6
  Tested up to: 2.9
7
- Stable tag: 2.0.36
8
 
9
  Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10
  content management system free of link spam. Bad Behavior is a PHP-based
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 1.5
6
  Tested up to: 2.9
7
+ Stable tag: 2.0.35
8
 
9
  Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10
  content management system free of link spam. Bad Behavior is a PHP-based
bad-behavior-generic.php CHANGED
@@ -1,11 +1,11 @@
1
  <?php
2
  /*
3
  Bad Behavior - detects and blocks unwanted Web accesses
4
- Copyright (C) 2005-2006 Michael Hampton
5
 
6
  This program is free software; you can redistribute it and/or modify
7
  it under the terms of the GNU General Public License as published by
8
- the Free Software Foundation; either version 2 of the License, or
9
  (at your option) any later version.
10
 
11
  As a special exemption, you may link this program with any of the
@@ -32,6 +32,8 @@ define('BB2_CWD', dirname(__FILE__));
32
 
33
  // Settings you can adjust for Bad Behavior.
34
  // Most of these are unused in non-database mode.
 
 
35
  $bb2_settings_defaults = array(
36
  'log_table' => 'bad_behavior',
37
  'display_stats' => true,
@@ -93,7 +95,8 @@ function bb2_email() {
93
  // Settings are hard-coded for non-database use
94
  function bb2_read_settings() {
95
  global $bb2_settings_defaults;
96
- return $bb2_settings_defaults;
 
97
  }
98
 
99
  // write settings to database
1
  <?php
2
  /*
3
  Bad Behavior - detects and blocks unwanted Web accesses
4
+ Copyright (C) 2005,2006,2007,2008,2009 Michael Hampton
5
 
6
  This program is free software; you can redistribute it and/or modify
7
  it under the terms of the GNU General Public License as published by
8
+ the Free Software Foundation; either version 3 of the License, or
9
  (at your option) any later version.
10
 
11
  As a special exemption, you may link this program with any of the
32
 
33
  // Settings you can adjust for Bad Behavior.
34
  // Most of these are unused in non-database mode.
35
+ // DO NOT EDIT HERE; instead make changes in settings.ini.
36
+ // These settings are used when settings.ini is not present.
37
  $bb2_settings_defaults = array(
38
  'log_table' => 'bad_behavior',
39
  'display_stats' => true,
95
  // Settings are hard-coded for non-database use
96
  function bb2_read_settings() {
97
  global $bb2_settings_defaults;
98
+ $settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
99
+ return array_merge($bb2_settings_defaults, $settings);
100
  }
101
 
102
  // write settings to database
bad-behavior-mediawiki.php CHANGED
@@ -25,6 +25,8 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25
  if (!defined('MEDIAWIKI')) die();
26
 
27
  // Settings you can adjust for Bad Behavior.
 
 
28
  $bb2_settings_defaults = array(
29
  'log_table' => $wgDBprefix . 'bad_behavior',
30
  'display_stats' => true,
@@ -40,6 +42,7 @@ $bb2_settings_defaults = array(
40
  define('BB2_CWD', dirname(__FILE__));
41
 
42
  // Bad Behavior callback functions.
 
43
 
44
  // Return current time in the format preferred by your database.
45
  function bb2_db_date() {
@@ -90,7 +93,8 @@ function bb2_email() {
90
  // retrieve settings from database
91
  function bb2_read_settings() {
92
  global $bb2_settings_defaults;
93
- return $bb2_settings_defaults;
 
94
  }
95
 
96
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
25
  if (!defined('MEDIAWIKI')) die();
26
 
27
  // Settings you can adjust for Bad Behavior.
28
+ // DO NOT EDIT HERE; instead make changes in settings.ini.
29
+ // These settings are used when settings.ini is not present.
30
  $bb2_settings_defaults = array(
31
  'log_table' => $wgDBprefix . 'bad_behavior',
32
  'display_stats' => true,
42
  define('BB2_CWD', dirname(__FILE__));
43
 
44
  // Bad Behavior callback functions.
45
+ require_once("bad-behavior-mysql.php");
46
 
47
  // Return current time in the format preferred by your database.
48
  function bb2_db_date() {
93
  // retrieve settings from database
94
  function bb2_read_settings() {
95
  global $bb2_settings_defaults;
96
+ $settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
97
+ return array_merge($bb2_settings_defaults, $settings);
98
  }
99
 
100
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
bad-behavior-mysql.php ADDED
@@ -0,0 +1,46 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ // Our log table structure
4
+ function bb2_table_structure($name)
5
+ {
6
+ // It's not paranoia if they really are out to get you.
7
+ $name_escaped = bb2_db_escape($name);
8
+ return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
9
+ `id` INT(11) NOT NULL auto_increment,
10
+ `ip` TEXT NOT NULL,
11
+ `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
12
+ `request_method` TEXT NOT NULL,
13
+ `request_uri` TEXT NOT NULL,
14
+ `server_protocol` TEXT NOT NULL,
15
+ `http_headers` TEXT NOT NULL,
16
+ `user_agent` TEXT NOT NULL,
17
+ `request_entity` TEXT NOT NULL,
18
+ `key` TEXT NOT NULL,
19
+ INDEX (`ip`(15)),
20
+ INDEX (`user_agent`(10)),
21
+ PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
22
+ }
23
+
24
+ // Insert a new record
25
+ function bb2_insert($settings, $package, $key)
26
+ {
27
+ $ip = bb2_db_escape($package['ip']);
28
+ $date = bb2_db_date();
29
+ $request_method = bb2_db_escape($package['request_method']);
30
+ $request_uri = bb2_db_escape($package['request_uri']);
31
+ $server_protocol = bb2_db_escape($package['server_protocol']);
32
+ $user_agent = bb2_db_escape($package['user_agent']);
33
+ $headers = "$request_method $request_uri $server_protocol\n";
34
+ foreach ($package['headers'] as $h => $v) {
35
+ $headers .= bb2_db_escape("$h: $v\n");
36
+ }
37
+ $request_entity = "";
38
+ if (!strcasecmp($request_method, "POST")) {
39
+ foreach ($package['request_entity'] as $h => $v) {
40
+ $request_entity .= bb2_db_escape("$h: $v\n");
41
+ }
42
+ }
43
+ return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
44
+ (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
45
+ ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
46
+ }
bad-behavior-wordpress.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
- Version: 2.0.36
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://www.bad-behavior.ioerror.us/
7
  Author: Michael Hampton
@@ -44,6 +44,7 @@ $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
44
  define('BB2_CWD', dirname(__FILE__));
45
 
46
  // Bad Behavior callback functions.
 
47
 
48
  // Return current time in the format preferred by your database.
49
  function bb2_db_date() {
@@ -79,8 +80,7 @@ function bb2_db_query($query) {
79
 
80
  $wpdb->hide_errors();
81
  $result = $wpdb->get_results($query, ARRAY_A);
82
- if ( defined('WP_DEBUG') and WP_DEBUG == true )
83
- $wpdb->show_errors();
84
  if (mysql_error()) {
85
  return FALSE;
86
  }
@@ -140,6 +140,10 @@ function bb2_insert_stats($force = false) {
140
  echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
141
  }
142
  }
 
 
 
 
143
  }
144
 
145
  // Return the top-level relative path of wherever we are (for cookies)
@@ -165,7 +169,7 @@ if (is_admin() || strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge
165
  require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
166
  }
167
 
168
- bb2_start(bb2_read_settings());
169
 
170
  $bb2_mtime = explode(" ", microtime());
171
  $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
+ Version: 2.1.0
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://www.bad-behavior.ioerror.us/
7
  Author: Michael Hampton
44
  define('BB2_CWD', dirname(__FILE__));
45
 
46
  // Bad Behavior callback functions.
47
+ require_once("bad-behavior-mysql.php");
48
 
49
  // Return current time in the format preferred by your database.
50
  function bb2_db_date() {
80
 
81
  $wpdb->hide_errors();
82
  $result = $wpdb->get_results($query, ARRAY_A);
83
+ $wpdb->show_errors();
 
84
  if (mysql_error()) {
85
  return FALSE;
86
  }
140
  echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
141
  }
142
  }
143
+ if (@!empty($_SESSION['BB2_RESULT'])) {
144
+ echo sprintf("\n<!-- Bad Behavior result was %s! This request would have been blocked. -->\n", $_SESSION['BB2_RESULT']);
145
+ unset($_SESSION['BB2_RESULT']);
146
+ }
147
  }
148
 
149
  // Return the top-level relative path of wherever we are (for cookies)
169
  require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
170
  }
171
 
172
+ $_SESSION['BB2_RESULT'] = bb2_start(bb2_read_settings());
173
 
174
  $bb2_mtime = explode(" ", microtime());
175
  $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
bad-behavior/blacklist.inc.php CHANGED
@@ -69,11 +69,12 @@ function bb2_blacklist($package) {
69
  "grub-client", // search engine ignores robots.txt
70
  "hanzoweb", // very badly behaved crawler
71
  "Indy Library", // misc comment/email spam
72
- "larbin@unspecified", // stealth harvesters
73
  "Murzillo compatible", // comment spam bot
74
  ".NET CLR 1)", // free poker, etc.
75
  "POE-Component-Client", // free poker, etc.
76
  "Turing Machine", // www.anonymizer.com abuse
 
77
  "User-agent: ", // spam harvester/splogger
78
  "WebaltBot", // spam harvester
79
  "WISEbot", // spam harvester
@@ -83,6 +84,7 @@ function bb2_blacklist($package) {
83
  "Windows NT 5.1;)", // wikispam bot
84
  "Windows XP 5", // spam harvester
85
  "WordPress/4.01", // pingback spam
 
86
  "\\\\)", // spam harvester
87
  );
88
 
69
  "grub-client", // search engine ignores robots.txt
70
  "hanzoweb", // very badly behaved crawler
71
  "Indy Library", // misc comment/email spam
72
+ "MSIE 7.0; Windows NT 5.2", // Cyveillance
73
  "Murzillo compatible", // comment spam bot
74
  ".NET CLR 1)", // free poker, etc.
75
  "POE-Component-Client", // free poker, etc.
76
  "Turing Machine", // www.anonymizer.com abuse
77
+ "unspecified.mail", // stealth harvesters
78
  "User-agent: ", // spam harvester/splogger
79
  "WebaltBot", // spam harvester
80
  "WISEbot", // spam harvester
84
  "Windows NT 5.1;)", // wikispam bot
85
  "Windows XP 5", // spam harvester
86
  "WordPress/4.01", // pingback spam
87
+ "Xedant Human Emulator",// spammer script engine
88
  "\\\\)", // spam harvester
89
  );
90
 
bad-behavior/common_tests.inc.php CHANGED
@@ -69,7 +69,6 @@ function bb2_misc_headers($settings, $package)
69
  // Lowercase via is used by open proxies/referrer spammers
70
  // Exceptions: Clearswift uses lowercase via (refuses to fix;
71
  // may be blocked again in the future)
72
- // Coral CDN uses lowercase via
73
  if (array_key_exists('via', $package['headers']) &&
74
  strpos($package['headers']['via'],'Clearswift') === FALSE &&
75
  strpos($ua,'CoralWebPrx') === FALSE) {
69
  // Lowercase via is used by open proxies/referrer spammers
70
  // Exceptions: Clearswift uses lowercase via (refuses to fix;
71
  // may be blocked again in the future)
 
72
  if (array_key_exists('via', $package['headers']) &&
73
  strpos($package['headers']['via'],'Clearswift') === FALSE &&
74
  strpos($ua,'CoralWebPrx') === FALSE) {
bad-behavior/core.inc.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
 
3
- // Bad Behavior entry point is start_bad_behavior().
4
  // If you're reading this, you are probably lost.
5
  // Go read the bad-behavior-generic.php file.
6
 
@@ -9,51 +9,6 @@ define('BB2_COOKIE', 'bb2_screener_');
9
 
10
  require_once(BB2_CORE . "/functions.inc.php");
11
 
12
- // Our log table structure
13
- function bb2_table_structure($name)
14
- {
15
- // It's not paranoia if they really are out to get you.
16
- $name_escaped = bb2_db_escape($name);
17
- return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
18
- `id` INT(11) NOT NULL auto_increment,
19
- `ip` TEXT NOT NULL,
20
- `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
21
- `request_method` TEXT NOT NULL,
22
- `request_uri` TEXT NOT NULL,
23
- `server_protocol` TEXT NOT NULL,
24
- `http_headers` TEXT NOT NULL,
25
- `user_agent` TEXT NOT NULL,
26
- `request_entity` TEXT NOT NULL,
27
- `key` TEXT NOT NULL,
28
- INDEX (`ip`(15)),
29
- INDEX (`user_agent`(10)),
30
- PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
31
- }
32
-
33
- // Insert a new record
34
- function bb2_insert($settings, $package, $key)
35
- {
36
- $ip = bb2_db_escape($package['ip']);
37
- $date = bb2_db_date();
38
- $request_method = bb2_db_escape($package['request_method']);
39
- $request_uri = bb2_db_escape($package['request_uri']);
40
- $server_protocol = bb2_db_escape($package['server_protocol']);
41
- $user_agent = bb2_db_escape($package['user_agent']);
42
- $headers = "$request_method $request_uri $server_protocol\n";
43
- foreach ($package['headers'] as $h => $v) {
44
- $headers .= bb2_db_escape("$h: $v\n");
45
- }
46
- $request_entity = "";
47
- if (!strcasecmp($request_method, "POST")) {
48
- foreach ($package['request_entity'] as $h => $v) {
49
- $request_entity .= bb2_db_escape("$h: $v\n");
50
- }
51
- }
52
- return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
53
- (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
54
- ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
55
- }
56
-
57
  // Kill 'em all!
58
  function bb2_banned($settings, $package, $key, $previous_key=false)
59
  {
@@ -85,18 +40,6 @@ function bb2_approved($settings, $package)
85
  }
86
  }
87
 
88
- // Check the results of a particular test; see below for usage
89
- // Returns FALSE if test passed (yes this is backwards)
90
- function bb2_test($settings, $package, $result)
91
- {
92
- if ($result !== FALSE)
93
- {
94
- bb2_banned($settings, $package, $result);
95
- return TRUE;
96
- }
97
- return FALSE;
98
- }
99
-
100
 
101
  // Let God sort 'em out!
102
  function bb2_start($settings)
@@ -104,7 +47,7 @@ function bb2_start($settings)
104
  // Gather up all the information we need, first of all.
105
  $headers = bb2_load_headers();
106
  // Postprocess the headers to mixed-case
107
- // FIXME: get the world to stop using PHP as CGI
108
  $headers_mixed = array();
109
  foreach ($headers as $h => $v) {
110
  $headers_mixed[uc_all($h)] = $v;
@@ -112,23 +55,24 @@ function bb2_start($settings)
112
 
113
  // IPv6 - IPv4 compatibility mode hack
114
  $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
115
- // We use these frequently. Keep a copy close at hand.
116
- $ip = $_SERVER['REMOTE_ADDR'];
117
- $request_method = $_SERVER['REQUEST_METHOD'];
118
- $request_uri = $_SERVER['REQUEST_URI'];
119
- $server_protocol = $_SERVER['SERVER_PROTOCOL'];
120
- @$user_agent = $_SERVER['HTTP_USER_AGENT'];
121
 
122
  // Reconstruct the HTTP entity, if present.
123
  $request_entity = array();
124
- if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
125
  foreach ($_POST as $h => $v) {
126
  $request_entity[$h] = $v;
127
  }
128
  }
129
 
130
- $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
 
 
 
 
 
131
 
 
 
132
  // Please proceed to the security checkpoint and have your
133
  // identification and boarding pass ready.
134
 
@@ -137,65 +81,65 @@ function bb2_start($settings)
137
  if (!bb2_whitelist($package)) {
138
  // Now check the blacklist
139
  require_once(BB2_CORE . "/blacklist.inc.php");
140
- bb2_test($settings, $package, bb2_blacklist($package));
141
 
142
  // Check the http:BL
143
  require_once(BB2_CORE . "/blackhole.inc.php");
144
- bb2_test($settings, $package, bb2_httpbl($settings, $package));
145
 
146
  // Check for common stuff
147
  require_once(BB2_CORE . "/common_tests.inc.php");
148
- bb2_test($settings, $package, bb2_protocol($settings, $package));
149
- bb2_test($settings, $package, bb2_cookies($settings, $package));
150
- bb2_test($settings, $package, bb2_misc_headers($settings, $package));
151
 
152
  // Specific checks
153
- @$ua = $headers_mixed['User-Agent'];
154
  // MSIE checks
155
- if (stripos($ua, "MSIE") !== FALSE) {
156
  $package['is_browser'] = true;
157
  if (stripos($ua, "Opera") !== FALSE) {
158
  require_once(BB2_CORE . "/opera.inc.php");
159
- bb2_test($settings, $package, bb2_opera($package));
160
  } else {
161
  require_once(BB2_CORE . "/msie.inc.php");
162
- bb2_test($settings, $package, bb2_msie($package));
163
  }
164
  } elseif (stripos($ua, "Konqueror") !== FALSE) {
165
  $package['is_browser'] = true;
166
  require_once(BB2_CORE . "/konqueror.inc.php");
167
- bb2_test($settings, $package, bb2_konqueror($package));
168
  } elseif (stripos($ua, "Opera") !== FALSE) {
169
  $package['is_browser'] = true;
170
  require_once(BB2_CORE . "/opera.inc.php");
171
- bb2_test($settings, $package, bb2_opera($package));
172
  } elseif (stripos($ua, "Safari") !== FALSE) {
173
  $package['is_browser'] = true;
174
  require_once(BB2_CORE . "/safari.inc.php");
175
- bb2_test($settings, $package, bb2_safari($package));
176
  } elseif (stripos($ua, "Lynx") !== FALSE) {
177
  $package['is_browser'] = true;
178
  require_once(BB2_CORE . "/lynx.inc.php");
179
- bb2_test($settings, $package, bb2_lynx($package));
180
  } elseif (stripos($ua, "MovableType") !== FALSE) {
181
  require_once(BB2_CORE . "/movabletype.inc.php");
182
- bb2_test($settings, $package, bb2_movabletype($package));
183
  } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
184
  require_once(BB2_CORE . "/msnbot.inc.php");
185
- bb2_test($settings, $package, bb2_msnbot($package));
186
  } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
187
  require_once(BB2_CORE . "/google.inc.php");
188
- bb2_test($settings, $package, bb2_google($package));
189
  } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
190
  $package['is_browser'] = true;
191
  require_once(BB2_CORE . "/mozilla.inc.php");
192
- bb2_test($settings, $package, bb2_mozilla($package));
193
  }
194
 
195
  // More intensive screening applies to POST requests
196
  if (!strcasecmp('POST', $package['request_method'])) {
197
  require_once(BB2_CORE . "/post.inc.php");
198
- bb2_test($settings, $package, bb2_post($settings, $package));
199
  }
200
  }
201
 
@@ -205,6 +149,6 @@ function bb2_start($settings)
205
 
206
  // And that's about it.
207
  bb2_approved($settings, $package);
208
- return true;
209
  }
210
  ?>
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
 
3
+ // Bad Behavior entry point is bb2_start()
4
  // If you're reading this, you are probably lost.
5
  // Go read the bad-behavior-generic.php file.
6
 
9
 
10
  require_once(BB2_CORE . "/functions.inc.php");
11
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  // Kill 'em all!
13
  function bb2_banned($settings, $package, $key, $previous_key=false)
14
  {
40
  }
41
  }
42
 
 
 
 
 
 
 
 
 
 
 
 
 
43
 
44
  // Let God sort 'em out!
45
  function bb2_start($settings)
47
  // Gather up all the information we need, first of all.
48
  $headers = bb2_load_headers();
49
  // Postprocess the headers to mixed-case
50
+ // TODO: get the world to stop using PHP as CGI
51
  $headers_mixed = array();
52
  foreach ($headers as $h => $v) {
53
  $headers_mixed[uc_all($h)] = $v;
55
 
56
  // IPv6 - IPv4 compatibility mode hack
57
  $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
 
 
 
 
 
 
58
 
59
  // Reconstruct the HTTP entity, if present.
60
  $request_entity = array();
61
+ if (!strcasecmp($_SERVER['REQUEST_METHOD'], "POST") || !strcasecmp($_SERVER['REQUEST_METHOD'], "PUT")) {
62
  foreach ($_POST as $h => $v) {
63
  $request_entity[$h] = $v;
64
  }
65
  }
66
 
67
+ @$package = array('ip' => $_SERVER['REMOTE_ADDR'], 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $_SERVER['REQUEST_URI'], 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false);
68
+
69
+ $result = bb2_screen($settings, $package);
70
+ if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
71
+ return $result;
72
+ }
73
 
74
+ function bb2_screen($settings, $package)
75
+ {
76
  // Please proceed to the security checkpoint and have your
77
  // identification and boarding pass ready.
78
 
81
  if (!bb2_whitelist($package)) {
82
  // Now check the blacklist
83
  require_once(BB2_CORE . "/blacklist.inc.php");
84
+ if ($r = bb2_blacklist($package)) return $r;
85
 
86
  // Check the http:BL
87
  require_once(BB2_CORE . "/blackhole.inc.php");
88
+ if ($r = bb2_httpbl($settings, $package)) return $r;
89
 
90
  // Check for common stuff
91
  require_once(BB2_CORE . "/common_tests.inc.php");
92
+ if ($r = bb2_protocol($settings, $package)) return $r;
93
+ if ($r = bb2_cookies($settings, $package)) return $r;
94
+ if ($r = bb2_misc_headers($settings, $package)) return $r;
95
 
96
  // Specific checks
97
+ @$ua = $package['user_agent'];
98
  // MSIE checks
99
+ if (stripos($ua, "; MSIE") !== FALSE) {
100
  $package['is_browser'] = true;
101
  if (stripos($ua, "Opera") !== FALSE) {
102
  require_once(BB2_CORE . "/opera.inc.php");
103
+ if ($r = bb2_opera($package)) return $r;
104
  } else {
105
  require_once(BB2_CORE . "/msie.inc.php");
106
+ if ($r = bb2_msie($package)) return $r;
107
  }
108
  } elseif (stripos($ua, "Konqueror") !== FALSE) {
109
  $package['is_browser'] = true;
110
  require_once(BB2_CORE . "/konqueror.inc.php");
111
+ if ($r = bb2_konqueror($package)) return $r;
112
  } elseif (stripos($ua, "Opera") !== FALSE) {
113
  $package['is_browser'] = true;
114
  require_once(BB2_CORE . "/opera.inc.php");
115
+ if ($r = bb2_opera($package)) return $r;
116
  } elseif (stripos($ua, "Safari") !== FALSE) {
117
  $package['is_browser'] = true;
118
  require_once(BB2_CORE . "/safari.inc.php");
119
+ if ($r = bb2_safari($package)) return $r;
120
  } elseif (stripos($ua, "Lynx") !== FALSE) {
121
  $package['is_browser'] = true;
122
  require_once(BB2_CORE . "/lynx.inc.php");
123
+ if ($r = bb2_lynx($package)) return $r;
124
  } elseif (stripos($ua, "MovableType") !== FALSE) {
125
  require_once(BB2_CORE . "/movabletype.inc.php");
126
+ if ($r = bb2_movabletype($package)) return $r;
127
  } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
128
  require_once(BB2_CORE . "/msnbot.inc.php");
129
+ if ($r = bb2_msnbot($package)) return $r;
130
  } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
131
  require_once(BB2_CORE . "/google.inc.php");
132
+ if ($r = bb2_google($package)) return $r;
133
  } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
134
  $package['is_browser'] = true;
135
  require_once(BB2_CORE . "/mozilla.inc.php");
136
+ if ($r = bb2_mozilla($package)) return $r;
137
  }
138
 
139
  // More intensive screening applies to POST requests
140
  if (!strcasecmp('POST', $package['request_method'])) {
141
  require_once(BB2_CORE . "/post.inc.php");
142
+ if ($r = bb2_post($settings, $package)) return $r;
143
  }
144
  }
145
 
149
 
150
  // And that's about it.
151
  bb2_approved($settings, $package);
152
+ return false;
153
  }
154
  ?>
bad-behavior/post.inc.php CHANGED
@@ -5,7 +5,7 @@ function bb2_post($settings, $package)
5
  {
6
  // Check blackhole lists for known spam/malicious activity
7
  // require_once(BB2_CORE . "/blackhole.inc.php");
8
- // bb2_test($settings, $package, bb2_blackhole($package));
9
 
10
  // MovableType needs specialized screening
11
  if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
5
  {
6
  // Check blackhole lists for known spam/malicious activity
7
  // require_once(BB2_CORE . "/blackhole.inc.php");
8
+ // if ($r = bb2_blackhole($package)) return $r;
9
 
10
  // MovableType needs specialized screening
11
  if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
bad-behavior/version.inc.php CHANGED
@@ -1,3 +1,3 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
- define('BB2_VERSION', "2.0.36");
3
  ?>
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
+ define('BB2_VERSION', "2.1.0");
3
  ?>
bad-behavior/whitelist.inc.php CHANGED
@@ -2,78 +2,25 @@
2
 
3
  function bb2_whitelist($package)
4
  {
5
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
6
 
7
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
8
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
9
- // are 100% CERTAIN that you should.
10
-
11
- // IP address ranges use the CIDR format.
12
-
13
- // Includes four examples of whitelisting by IP address and netblock.
14
- $bb2_whitelist_ip_ranges = array(
15
- "64.191.203.34", // Digg whitelisted as of 2.0.12
16
- "208.67.217.130", // Digg whitelisted as of 2.0.12
17
- "10.0.0.0/8",
18
- "172.16.0.0/12",
19
- "192.168.0.0/16",
20
- // "127.0.0.1",
21
- );
22
-
23
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
24
-
25
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
26
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
27
- // are 100% CERTAIN that you should.
28
-
29
- // You should not whitelist search engines by user agent. Use the IP
30
- // netblock for the search engine instead. See http://whois.arin.net/
31
- // to locate the netblocks for an IP.
32
-
33
- // User agents are matched by exact match only.
34
-
35
- // Includes one example of whitelisting by user agent.
36
- // All are commented out.
37
- $bb2_whitelist_user_agents = array(
38
- // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
39
- );
40
-
41
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
42
-
43
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
44
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
45
- // are 100% CERTAIN that you should.
46
-
47
- // URLs are matched from the first / after the server name up to,
48
- // but not including, the ? (if any).
49
-
50
- // Includes two examples of whitelisting by URL.
51
- $bb2_whitelist_urls = array(
52
- // "/example.php",
53
- // "/openid/server",
54
- );
55
-
56
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
57
-
58
- // Do not edit below this line
59
-
60
- if (!empty($bb2_whitelist_ip_ranges)) {
61
- foreach ($bb2_whitelist_ip_ranges as $range) {
62
  if (match_cidr($package['ip'], $range)) return true;
63
  }
64
  }
65
- if (!empty($bb2_whitelist_user_agents)) {
66
- foreach ($bb2_whitelist_user_agents as $user_agent) {
67
  if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
68
  }
69
  }
70
- if (!empty($bb2_whitelist_urls)) {
71
  if (strpos($package['request_uri'], "?") === FALSE) {
72
  $request_uri = $package['request_uri'];
73
  } else {
74
  $request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
75
  }
76
- foreach ($bb2_whitelist_urls as $url) {
77
  if (!strcmp($request_uri, $url)) return true;
78
  }
79
  }
2
 
3
  function bb2_whitelist($package)
4
  {
5
+ $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
6
 
7
+ if (@!empty($whitelists['ip'])) {
8
+ foreach ($whitelists['ip'] as $range) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
9
  if (match_cidr($package['ip'], $range)) return true;
10
  }
11
  }
12
+ if (@!empty($whitelists['useragent'])) {
13
+ foreach ($whitelists['useragent'] as $user_agent) {
14
  if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
15
  }
16
  }
17
+ if (@!empty($whitelists['url'])) {
18
  if (strpos($package['request_uri'], "?") === FALSE) {
19
  $request_uri = $package['request_uri'];
20
  } else {
21
  $request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
22
  }
23
+ foreach ($whitelists['url'] as $url) {
24
  if (!strcmp($request_uri, $url)) return true;
25
  }
26
  }
settings.ini ADDED
@@ -0,0 +1,9 @@
 
 
 
 
 
 
 
 
 
1
+ [settings]
2
+ display_stats = true
3
+ strict = false
4
+ verbose = false
5
+ logging = true
6
+ httpbl_key = ""
7
+ httpbl_threat = 25
8
+ httpbl_maxage = 30
9
+ offsite_forms = false
whitelist.ini ADDED
@@ -0,0 +1,26 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ; Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior
2
+ ; to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN
3
+ ; that you should.
4
+
5
+ ; IP address ranges use the CIDR format.
6
+
7
+ [ip]
8
+ ; Digg whitelisted as of 2.0.12
9
+ ip[] = "64.191.203.34"
10
+ ip[] = "208.67.217.130"
11
+ ; RFC 1918 addresses
12
+ ip[] = "10.0.0.0/8"
13
+ ip[] = "172.16.0.0/12"
14
+ ip[] = "192.168.0.0/16"
15
+
16
+ ; User agents are matched by exact match only.
17
+
18
+ [useragent]
19
+ useragent[] = "Mozilla/4.0 (It's me, let me in)"
20
+
21
+ ; URLs are matched from the first / after the server name up to, but not
22
+ ; including, the ? (if any). The URL to be whitelisted is a URL on YOUR site.
23
+
24
+ [url]
25
+ url[] = "/example.php"
26
+ url[] = "/openid/server"