Bad Behavior - Version 2.1.3

Version Description

Download this release

Release Info

Developer error
Plugin Icon wp plugin Bad Behavior
Version 2.1.3
Comparing to
See all releases

Code changes from version 2.0.36 to 2.1.3

Files changed (21) hide show
  1. README.txt +2 -2
  2. bad-behavior-generic.php +14 -5
  3. bad-behavior-mediawiki.php +5 -1
  4. bad-behavior-mysql.php +46 -0
  5. bad-behavior-wordpress-admin.php +1 -1
  6. bad-behavior-wordpress.php +7 -2
  7. bad-behavior/blackhole.inc.php +0 -5
  8. bad-behavior/blacklist.inc.php +3 -1
  9. bad-behavior/cloudflare.inc.php +17 -0
  10. bad-behavior/common_tests.inc.php +7 -3
  11. bad-behavior/core.inc.php +36 -86
  12. bad-behavior/functions.inc.php +5 -0
  13. bad-behavior/google.inc.php +6 -1
  14. bad-behavior/msnbot.inc.php +6 -1
  15. bad-behavior/post.inc.php +1 -1
  16. bad-behavior/responses.inc.php +2 -0
  17. bad-behavior/roundtripdns.inc.php +20 -0
  18. bad-behavior/version.inc.php +1 -1
  19. bad-behavior/whitelist.inc.php +8 -61
  20. settings.ini +9 -0
  21. whitelist.ini +26 -0
README.txt CHANGED
@@ -3,8 +3,8 @@ Tags: comment,trackback,referrer,spam,robot,antispam
3
  Contributors: error, MarkJaquith, Firas, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 1.5
6
- Tested up to: 2.9
7
- Stable tag: 2.0.36
8
 
9
  Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10
  content management system free of link spam. Bad Behavior is a PHP-based
3
  Contributors: error, MarkJaquith, Firas, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 1.5
6
+ Tested up to: 3.0
7
+ Stable tag: 2.0.37
8
 
9
  Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10
  content management system free of link spam. Bad Behavior is a PHP-based
bad-behavior-generic.php CHANGED
@@ -1,11 +1,11 @@
1
  <?php
2
  /*
3
  Bad Behavior - detects and blocks unwanted Web accesses
4
- Copyright (C) 2005-2006 Michael Hampton
5
 
6
  This program is free software; you can redistribute it and/or modify
7
  it under the terms of the GNU General Public License as published by
8
- the Free Software Foundation; either version 2 of the License, or
9
  (at your option) any later version.
10
 
11
  As a special exemption, you may link this program with any of the
@@ -32,6 +32,8 @@ define('BB2_CWD', dirname(__FILE__));
32
 
33
  // Settings you can adjust for Bad Behavior.
34
  // Most of these are unused in non-database mode.
 
 
35
  $bb2_settings_defaults = array(
36
  'log_table' => 'bad_behavior',
37
  'display_stats' => true,
@@ -83,17 +85,24 @@ function bb2_db_rows($result) {
83
  return $result;
84
  }
85
 
 
 
 
 
 
 
 
86
  // Return emergency contact email address.
87
  function bb2_email() {
88
- // return "example@example.com"; // You need to change this.
89
- return "badbots@ioerror.us"; // You need to change this.
90
  }
91
 
92
  // retrieve settings from database
93
  // Settings are hard-coded for non-database use
94
  function bb2_read_settings() {
95
  global $bb2_settings_defaults;
96
- return $bb2_settings_defaults;
 
97
  }
98
 
99
  // write settings to database
1
  <?php
2
  /*
3
  Bad Behavior - detects and blocks unwanted Web accesses
4
+ Copyright (C) 2005,2006,2007,2008,2009 Michael Hampton
5
 
6
  This program is free software; you can redistribute it and/or modify
7
  it under the terms of the GNU General Public License as published by
8
+ the Free Software Foundation; either version 3 of the License, or
9
  (at your option) any later version.
10
 
11
  As a special exemption, you may link this program with any of the
32
 
33
  // Settings you can adjust for Bad Behavior.
34
  // Most of these are unused in non-database mode.
35
+ // DO NOT EDIT HERE; instead make changes in settings.ini.
36
+ // These settings are used when settings.ini is not present.
37
  $bb2_settings_defaults = array(
38
  'log_table' => 'bad_behavior',
39
  'display_stats' => true,
85
  return $result;
86
  }
87
 
88
+ // Create the SQL query for inserting a record in the database.
89
+ // See example for MySQL elsewhere.
90
+ function bb2_insert($settings, $package, $key)
91
+ {
92
+ return "--";
93
+ }
94
+
95
  // Return emergency contact email address.
96
  function bb2_email() {
97
+ return "example@example.com"; // You need to change this.
 
98
  }
99
 
100
  // retrieve settings from database
101
  // Settings are hard-coded for non-database use
102
  function bb2_read_settings() {
103
  global $bb2_settings_defaults;
104
+ $settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
105
+ return array_merge($bb2_settings_defaults, $settings);
106
  }
107
 
108
  // write settings to database
bad-behavior-mediawiki.php CHANGED
@@ -25,6 +25,8 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25
  if (!defined('MEDIAWIKI')) die();
26
 
27
  // Settings you can adjust for Bad Behavior.
 
 
28
  $bb2_settings_defaults = array(
29
  'log_table' => $wgDBprefix . 'bad_behavior',
30
  'display_stats' => true,
@@ -40,6 +42,7 @@ $bb2_settings_defaults = array(
40
  define('BB2_CWD', dirname(__FILE__));
41
 
42
  // Bad Behavior callback functions.
 
43
 
44
  // Return current time in the format preferred by your database.
45
  function bb2_db_date() {
@@ -90,7 +93,8 @@ function bb2_email() {
90
  // retrieve settings from database
91
  function bb2_read_settings() {
92
  global $bb2_settings_defaults;
93
- return $bb2_settings_defaults;
 
94
  }
95
 
96
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
25
  if (!defined('MEDIAWIKI')) die();
26
 
27
  // Settings you can adjust for Bad Behavior.
28
+ // DO NOT EDIT HERE; instead make changes in settings.ini.
29
+ // These settings are used when settings.ini is not present.
30
  $bb2_settings_defaults = array(
31
  'log_table' => $wgDBprefix . 'bad_behavior',
32
  'display_stats' => true,
42
  define('BB2_CWD', dirname(__FILE__));
43
 
44
  // Bad Behavior callback functions.
45
+ require_once("bad-behavior-mysql.php");
46
 
47
  // Return current time in the format preferred by your database.
48
  function bb2_db_date() {
93
  // retrieve settings from database
94
  function bb2_read_settings() {
95
  global $bb2_settings_defaults;
96
+ $settings = @parse_ini_file(dirname(__FILE__) . "/settings.ini");
97
+ return array_merge($bb2_settings_defaults, $settings);
98
  }
99
 
100
  // This Bad Behavior-related function is a stub. You can help MediaWiki by expanding it.
bad-behavior-mysql.php ADDED
@@ -0,0 +1,46 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ // Our log table structure
4
+ function bb2_table_structure($name)
5
+ {
6
+ // It's not paranoia if they really are out to get you.
7
+ $name_escaped = bb2_db_escape($name);
8
+ return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
9
+ `id` INT(11) NOT NULL auto_increment,
10
+ `ip` TEXT NOT NULL,
11
+ `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
12
+ `request_method` TEXT NOT NULL,
13
+ `request_uri` TEXT NOT NULL,
14
+ `server_protocol` TEXT NOT NULL,
15
+ `http_headers` TEXT NOT NULL,
16
+ `user_agent` TEXT NOT NULL,
17
+ `request_entity` TEXT NOT NULL,
18
+ `key` TEXT NOT NULL,
19
+ INDEX (`ip`(15)),
20
+ INDEX (`user_agent`(10)),
21
+ PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
22
+ }
23
+
24
+ // Insert a new record
25
+ function bb2_insert($settings, $package, $key)
26
+ {
27
+ $ip = bb2_db_escape($package['ip']);
28
+ $date = bb2_db_date();
29
+ $request_method = bb2_db_escape($package['request_method']);
30
+ $request_uri = bb2_db_escape($package['request_uri']);
31
+ $server_protocol = bb2_db_escape($package['server_protocol']);
32
+ $user_agent = bb2_db_escape($package['user_agent']);
33
+ $headers = "$request_method $request_uri $server_protocol\n";
34
+ foreach ($package['headers'] as $h => $v) {
35
+ $headers .= bb2_db_escape("$h: $v\n");
36
+ }
37
+ $request_entity = "";
38
+ if (!strcasecmp($request_method, "POST")) {
39
+ foreach ($package['request_entity'] as $h => $v) {
40
+ $request_entity .= bb2_db_escape("$h: $v\n");
41
+ }
42
+ }
43
+ return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
44
+ (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
45
+ ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
46
+ }
bad-behavior-wordpress-admin.php CHANGED
@@ -178,7 +178,7 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
178
  $host .= "<br/>\n";
179
  }
180
  echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
181
- if ($httpbl) echo "<br/><br/>http:BL:<br/>$httpbl\n";
182
  echo "</td>\n";
183
  $headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
184
  if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
178
  $host .= "<br/>\n";
179
  }
180
  echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
181
+ if ($httpbl) echo "<br/><br/><a href=\"http://www.projecthoneypot.org/ip_{$result['ip']}\">http:BL</a>:<br/>$httpbl\n";
182
  echo "</td>\n";
183
  $headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
184
  if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
bad-behavior-wordpress.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
- Version: 2.0.36
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://www.bad-behavior.ioerror.us/
7
  Author: Michael Hampton
@@ -44,6 +44,7 @@ $bb2_timer_start = $bb2_mtime[1] + $bb2_mtime[0];
44
  define('BB2_CWD', dirname(__FILE__));
45
 
46
  // Bad Behavior callback functions.
 
47
 
48
  // Return current time in the format preferred by your database.
49
  function bb2_db_date() {
@@ -140,6 +141,10 @@ function bb2_insert_stats($force = false) {
140
  echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
141
  }
142
  }
 
 
 
 
143
  }
144
 
145
  // Return the top-level relative path of wherever we are (for cookies)
@@ -165,7 +170,7 @@ if (is_admin() || strstr($_SERVER['PHP_SELF'], 'wp-admin/')) { // 1.5 kludge
165
  require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
166
  }
167
 
168
- bb2_start(bb2_read_settings());
169
 
170
  $bb2_mtime = explode(" ", microtime());
171
  $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
+ Version: 2.1.3
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://www.bad-behavior.ioerror.us/
7
  Author: Michael Hampton
44
  define('BB2_CWD', dirname(__FILE__));
45
 
46
  // Bad Behavior callback functions.
47
+ require_once("bad-behavior-mysql.php");
48
 
49
  // Return current time in the format preferred by your database.
50
  function bb2_db_date() {
141
  echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
142
  }
143
  }
144
+ if (@!empty($_SESSION['BB2_RESULT'])) {
145
+ echo sprintf("\n<!-- Bad Behavior result was %s! This request would have been blocked. -->\n", $_SESSION['BB2_RESULT']);
146
+ unset($_SESSION['BB2_RESULT']);
147
+ }
148
  }
149
 
150
  // Return the top-level relative path of wherever we are (for cookies)
170
  require_once(BB2_CWD . "/bad-behavior-wordpress-admin.php");
171
  }
172
 
173
+ $_SESSION['BB2_RESULT'] = bb2_start(bb2_read_settings());
174
 
175
  $bb2_mtime = explode(" ", microtime());
176
  $bb2_timer_stop = $bb2_mtime[1] + $bb2_mtime[0];
bad-behavior/blackhole.inc.php CHANGED
@@ -1,10 +1,5 @@
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
3
- // Quick and dirty check for an IPv6 address
4
- function is_ipv6($address) {
5
- return (strpos($address, ":")) ? TRUE : FALSE;
6
- }
7
-
8
  // Look up address on various blackhole lists.
9
  // These should not be used for GET requests under any circumstances!
10
  // FIXME: Note that this code is no longer in use
1
  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
 
 
 
 
 
 
3
  // Look up address on various blackhole lists.
4
  // These should not be used for GET requests under any circumstances!
5
  // FIXME: Note that this code is no longer in use
bad-behavior/blacklist.inc.php CHANGED
@@ -69,11 +69,12 @@ function bb2_blacklist($package) {
69
  "grub-client", // search engine ignores robots.txt
70
  "hanzoweb", // very badly behaved crawler
71
  "Indy Library", // misc comment/email spam
72
- "larbin@unspecified", // stealth harvesters
73
  "Murzillo compatible", // comment spam bot
74
  ".NET CLR 1)", // free poker, etc.
75
  "POE-Component-Client", // free poker, etc.
76
  "Turing Machine", // www.anonymizer.com abuse
 
77
  "User-agent: ", // spam harvester/splogger
78
  "WebaltBot", // spam harvester
79
  "WISEbot", // spam harvester
@@ -83,6 +84,7 @@ function bb2_blacklist($package) {
83
  "Windows NT 5.1;)", // wikispam bot
84
  "Windows XP 5", // spam harvester
85
  "WordPress/4.01", // pingback spam
 
86
  "\\\\)", // spam harvester
87
  );
88
 
69
  "grub-client", // search engine ignores robots.txt
70
  "hanzoweb", // very badly behaved crawler
71
  "Indy Library", // misc comment/email spam
72
+ "MSIE 7.0; Windows NT 5.2", // Cyveillance
73
  "Murzillo compatible", // comment spam bot
74
  ".NET CLR 1)", // free poker, etc.
75
  "POE-Component-Client", // free poker, etc.
76
  "Turing Machine", // www.anonymizer.com abuse
77
+ "unspecified.mail", // stealth harvesters
78
  "User-agent: ", // spam harvester/splogger
79
  "WebaltBot", // spam harvester
80
  "WISEbot", // spam harvester
84
  "Windows NT 5.1;)", // wikispam bot
85
  "Windows XP 5", // spam harvester
86
  "WordPress/4.01", // pingback spam
87
+ "Xedant Human Emulator",// spammer script engine
88
  "\\\\)", // spam harvester
89
  );
90
 
bad-behavior/cloudflare.inc.php ADDED
@@ -0,0 +1,17 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
+
3
+ // Analyze requests claiming to be from CloudFlare
4
+
5
+ require_once(BB2_CORE . "/roundtripdns.inc.php");
6
+
7
+ function bb2_cloudflare(&$package)
8
+ {
9
+ if (bb2_roundtripdns($package['ip'], "cloudflare.com")) {
10
+ $package['ip'] = $package['headers_mixed']['Cf-Connecting-Ip'];
11
+ } else {
12
+ return '70e45496';
13
+ }
14
+ return false;
15
+ }
16
+
17
+ ?>
bad-behavior/common_tests.inc.php CHANGED
@@ -4,7 +4,6 @@
4
 
5
  function bb2_protocol($settings, $package)
6
  {
7
- // Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
8
  // Always run this test; we should never see Expect:
9
  if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
10
  return "a0105122";
@@ -69,7 +68,6 @@ function bb2_misc_headers($settings, $package)
69
  // Lowercase via is used by open proxies/referrer spammers
70
  // Exceptions: Clearswift uses lowercase via (refuses to fix;
71
  // may be blocked again in the future)
72
- // Coral CDN uses lowercase via
73
  if (array_key_exists('via', $package['headers']) &&
74
  strpos($package['headers']['via'],'Clearswift') === FALSE &&
75
  strpos($ua,'CoralWebPrx') === FALSE) {
@@ -106,6 +104,12 @@ function bb2_misc_headers($settings, $package)
106
  if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
107
  return "a52f0448";
108
  }
 
 
 
 
 
 
109
  }
110
 
111
 
@@ -114,7 +118,7 @@ function bb2_misc_headers($settings, $package)
114
  return "b9cc1d86";
115
  }
116
  // Proxy-Connection does not exist and should never be seen in the wild
117
- if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
118
  return "b7830251";
119
  }
120
 
4
 
5
  function bb2_protocol($settings, $package)
6
  {
 
7
  // Always run this test; we should never see Expect:
8
  if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
9
  return "a0105122";
68
  // Lowercase via is used by open proxies/referrer spammers
69
  // Exceptions: Clearswift uses lowercase via (refuses to fix;
70
  // may be blocked again in the future)
 
71
  if (array_key_exists('via', $package['headers']) &&
72
  strpos($package['headers']['via'],'Clearswift') === FALSE &&
73
  strpos($ua,'CoralWebPrx') === FALSE) {
104
  if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
105
  return "a52f0448";
106
  }
107
+ // Keep-Alive format in RFC 2068; some bots mangle these headers
108
+ if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
109
+ return "b0924802";
110
+ }
111
+ // Close should not be oddly capitalized
112
+
113
  }
114
 
115
 
118
  return "b9cc1d86";
119
  }
120
  // Proxy-Connection does not exist and should never be seen in the wild
121
+ if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
122
  return "b7830251";
123
  }
124
 
bad-behavior/core.inc.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
 
3
- // Bad Behavior entry point is start_bad_behavior().
4
  // If you're reading this, you are probably lost.
5
  // Go read the bad-behavior-generic.php file.
6
 
@@ -9,51 +9,6 @@ define('BB2_COOKIE', 'bb2_screener_');
9
 
10
  require_once(BB2_CORE . "/functions.inc.php");
11
 
12
- // Our log table structure
13
- function bb2_table_structure($name)
14
- {
15
- // It's not paranoia if they really are out to get you.
16
- $name_escaped = bb2_db_escape($name);
17
- return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
18
- `id` INT(11) NOT NULL auto_increment,
19
- `ip` TEXT NOT NULL,
20
- `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
21
- `request_method` TEXT NOT NULL,
22
- `request_uri` TEXT NOT NULL,
23
- `server_protocol` TEXT NOT NULL,
24
- `http_headers` TEXT NOT NULL,
25
- `user_agent` TEXT NOT NULL,
26
- `request_entity` TEXT NOT NULL,
27
- `key` TEXT NOT NULL,
28
- INDEX (`ip`(15)),
29
- INDEX (`user_agent`(10)),
30
- PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
31
- }
32
-
33
- // Insert a new record
34
- function bb2_insert($settings, $package, $key)
35
- {
36
- $ip = bb2_db_escape($package['ip']);
37
- $date = bb2_db_date();
38
- $request_method = bb2_db_escape($package['request_method']);
39
- $request_uri = bb2_db_escape($package['request_uri']);
40
- $server_protocol = bb2_db_escape($package['server_protocol']);
41
- $user_agent = bb2_db_escape($package['user_agent']);
42
- $headers = "$request_method $request_uri $server_protocol\n";
43
- foreach ($package['headers'] as $h => $v) {
44
- $headers .= bb2_db_escape("$h: $v\n");
45
- }
46
- $request_entity = "";
47
- if (!strcasecmp($request_method, "POST")) {
48
- foreach ($package['request_entity'] as $h => $v) {
49
- $request_entity .= bb2_db_escape("$h: $v\n");
50
- }
51
- }
52
- return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
53
- (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
54
- ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
55
- }
56
-
57
  // Kill 'em all!
58
  function bb2_banned($settings, $package, $key, $previous_key=false)
59
  {
@@ -85,18 +40,6 @@ function bb2_approved($settings, $package)
85
  }
86
  }
87
 
88
- // Check the results of a particular test; see below for usage
89
- // Returns FALSE if test passed (yes this is backwards)
90
- function bb2_test($settings, $package, $result)
91
- {
92
- if ($result !== FALSE)
93
- {
94
- bb2_banned($settings, $package, $result);
95
- return TRUE;
96
- }
97
- return FALSE;
98
- }
99
-
100
 
101
  // Let God sort 'em out!
102
  function bb2_start($settings)
@@ -104,7 +47,7 @@ function bb2_start($settings)
104
  // Gather up all the information we need, first of all.
105
  $headers = bb2_load_headers();
106
  // Postprocess the headers to mixed-case
107
- // FIXME: get the world to stop using PHP as CGI
108
  $headers_mixed = array();
109
  foreach ($headers as $h => $v) {
110
  $headers_mixed[uc_all($h)] = $v;
@@ -112,23 +55,24 @@ function bb2_start($settings)
112
 
113
  // IPv6 - IPv4 compatibility mode hack
114
  $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
115
- // We use these frequently. Keep a copy close at hand.
116
- $ip = $_SERVER['REMOTE_ADDR'];
117
- $request_method = $_SERVER['REQUEST_METHOD'];
118
- $request_uri = $_SERVER['REQUEST_URI'];
119
- $server_protocol = $_SERVER['SERVER_PROTOCOL'];
120
- @$user_agent = $_SERVER['HTTP_USER_AGENT'];
121
 
122
  // Reconstruct the HTTP entity, if present.
123
  $request_entity = array();
124
- if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
125
  foreach ($_POST as $h => $v) {
126
  $request_entity[$h] = $v;
127
  }
128
  }
129
 
130
- $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
131
 
 
 
 
 
 
 
 
132
  // Please proceed to the security checkpoint and have your
133
  // identification and boarding pass ready.
134
 
@@ -137,65 +81,71 @@ function bb2_start($settings)
137
  if (!bb2_whitelist($package)) {
138
  // Now check the blacklist
139
  require_once(BB2_CORE . "/blacklist.inc.php");
140
- bb2_test($settings, $package, bb2_blacklist($package));
 
 
 
 
 
 
141
 
142
  // Check the http:BL
143
  require_once(BB2_CORE . "/blackhole.inc.php");
144
- bb2_test($settings, $package, bb2_httpbl($settings, $package));
145
 
146
  // Check for common stuff
147
  require_once(BB2_CORE . "/common_tests.inc.php");
148
- bb2_test($settings, $package, bb2_protocol($settings, $package));
149
- bb2_test($settings, $package, bb2_cookies($settings, $package));
150
- bb2_test($settings, $package, bb2_misc_headers($settings, $package));
151
 
152
  // Specific checks
153
- @$ua = $headers_mixed['User-Agent'];
154
  // MSIE checks
155
- if (stripos($ua, "MSIE") !== FALSE) {
156
  $package['is_browser'] = true;
157
  if (stripos($ua, "Opera") !== FALSE) {
158
  require_once(BB2_CORE . "/opera.inc.php");
159
- bb2_test($settings, $package, bb2_opera($package));
160
  } else {
161
  require_once(BB2_CORE . "/msie.inc.php");
162
- bb2_test($settings, $package, bb2_msie($package));
163
  }
164
  } elseif (stripos($ua, "Konqueror") !== FALSE) {
165
  $package['is_browser'] = true;
166
  require_once(BB2_CORE . "/konqueror.inc.php");
167
- bb2_test($settings, $package, bb2_konqueror($package));
168
  } elseif (stripos($ua, "Opera") !== FALSE) {
169
  $package['is_browser'] = true;
170
  require_once(BB2_CORE . "/opera.inc.php");
171
- bb2_test($settings, $package, bb2_opera($package));
172
  } elseif (stripos($ua, "Safari") !== FALSE) {
173
  $package['is_browser'] = true;
174
  require_once(BB2_CORE . "/safari.inc.php");
175
- bb2_test($settings, $package, bb2_safari($package));
176
  } elseif (stripos($ua, "Lynx") !== FALSE) {
177
  $package['is_browser'] = true;
178
  require_once(BB2_CORE . "/lynx.inc.php");
179
- bb2_test($settings, $package, bb2_lynx($package));
180
  } elseif (stripos($ua, "MovableType") !== FALSE) {
181
  require_once(BB2_CORE . "/movabletype.inc.php");
182
- bb2_test($settings, $package, bb2_movabletype($package));
183
  } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
184
  require_once(BB2_CORE . "/msnbot.inc.php");
185
- bb2_test($settings, $package, bb2_msnbot($package));
186
  } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
187
  require_once(BB2_CORE . "/google.inc.php");
188
- bb2_test($settings, $package, bb2_google($package));
189
  } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
190
  $package['is_browser'] = true;
191
  require_once(BB2_CORE . "/mozilla.inc.php");
192
- bb2_test($settings, $package, bb2_mozilla($package));
193
  }
194
 
195
  // More intensive screening applies to POST requests
196
  if (!strcasecmp('POST', $package['request_method'])) {
197
  require_once(BB2_CORE . "/post.inc.php");
198
- bb2_test($settings, $package, bb2_post($settings, $package));
199
  }
200
  }
201
 
@@ -205,6 +155,6 @@ function bb2_start($settings)
205
 
206
  // And that's about it.
207
  bb2_approved($settings, $package);
208
- return true;
209
  }
210
  ?>
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
 
3
+ // Bad Behavior entry point is bb2_start()
4
  // If you're reading this, you are probably lost.
5
  // Go read the bad-behavior-generic.php file.
6
 
9
 
10
  require_once(BB2_CORE . "/functions.inc.php");
11
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  // Kill 'em all!
13
  function bb2_banned($settings, $package, $key, $previous_key=false)
14
  {
40
  }
41
  }
42
 
 
 
 
 
 
 
 
 
 
 
 
 
43
 
44
  // Let God sort 'em out!
45
  function bb2_start($settings)
47
  // Gather up all the information we need, first of all.
48
  $headers = bb2_load_headers();
49
  // Postprocess the headers to mixed-case
50
+ // TODO: get the world to stop using PHP as CGI
51
  $headers_mixed = array();
52
  foreach ($headers as $h => $v) {
53
  $headers_mixed[uc_all($h)] = $v;
55
 
56
  // IPv6 - IPv4 compatibility mode hack
57
  $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
 
 
 
 
 
 
58
 
59
  // Reconstruct the HTTP entity, if present.
60
  $request_entity = array();
61
+ if (!strcasecmp($_SERVER['REQUEST_METHOD'], "POST") || !strcasecmp($_SERVER['REQUEST_METHOD'], "PUT")) {
62
  foreach ($_POST as $h => $v) {
63
  $request_entity[$h] = $v;
64
  }
65
  }
66
 
67
+ @$package = array('ip' => $_SERVER['REMOTE_ADDR'], 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $_SERVER['REQUEST_URI'], 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false);
68
 
69
+ $result = bb2_screen($settings, $package);
70
+ if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
71
+ return $result;
72
+ }
73
+
74
+ function bb2_screen($settings, $package)
75
+ {
76
  // Please proceed to the security checkpoint and have your
77
  // identification and boarding pass ready.
78
 
81
  if (!bb2_whitelist($package)) {
82
  // Now check the blacklist
83
  require_once(BB2_CORE . "/blacklist.inc.php");
84
+ if ($r = bb2_blacklist($package)) return $r;
85
+
86
+ // Check for CloudFlare CDN
87
+ if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
88
+ require_once(BB2_CORE . "/cloudflare.inc.php");
89
+ bb2_test($settings, $package, bb2_cloudflare($package));
90
+ }
91
 
92
  // Check the http:BL
93
  require_once(BB2_CORE . "/blackhole.inc.php");
94
+ if ($r = bb2_httpbl($settings, $package)) return $r;
95
 
96
  // Check for common stuff
97
  require_once(BB2_CORE . "/common_tests.inc.php");
98
+ if ($r = bb2_protocol($settings, $package)) return $r;
99
+ if ($r = bb2_cookies($settings, $package)) return $r;
100
+ if ($r = bb2_misc_headers($settings, $package)) return $r;
101
 
102
  // Specific checks
103
+ @$ua = $package['user_agent'];
104
  // MSIE checks
105
+ if (stripos($ua, "; MSIE") !== FALSE) {
106
  $package['is_browser'] = true;
107
  if (stripos($ua, "Opera") !== FALSE) {
108
  require_once(BB2_CORE . "/opera.inc.php");
109
+ if ($r = bb2_opera($package)) return $r;
110
  } else {
111
  require_once(BB2_CORE . "/msie.inc.php");
112
+ if ($r = bb2_msie($package)) return $r;
113
  }
114
  } elseif (stripos($ua, "Konqueror") !== FALSE) {
115
  $package['is_browser'] = true;
116
  require_once(BB2_CORE . "/konqueror.inc.php");
117
+ if ($r = bb2_konqueror($package)) return $r;
118
  } elseif (stripos($ua, "Opera") !== FALSE) {
119
  $package['is_browser'] = true;
120
  require_once(BB2_CORE . "/opera.inc.php");
121
+ if ($r = bb2_opera($package)) return $r;
122
  } elseif (stripos($ua, "Safari") !== FALSE) {
123
  $package['is_browser'] = true;
124
  require_once(BB2_CORE . "/safari.inc.php");
125
+ if ($r = bb2_safari($package)) return $r;
126
  } elseif (stripos($ua, "Lynx") !== FALSE) {
127
  $package['is_browser'] = true;
128
  require_once(BB2_CORE . "/lynx.inc.php");
129
+ if ($r = bb2_lynx($package)) return $r;
130
  } elseif (stripos($ua, "MovableType") !== FALSE) {
131
  require_once(BB2_CORE . "/movabletype.inc.php");
132
+ if ($r = bb2_movabletype($package)) return $r;
133
  } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
134
  require_once(BB2_CORE . "/msnbot.inc.php");
135
+ if ($r = bb2_msnbot($package)) return $r;
136
  } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
137
  require_once(BB2_CORE . "/google.inc.php");
138
+ if ($r = bb2_google($package)) return $r;
139
  } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
140
  $package['is_browser'] = true;
141
  require_once(BB2_CORE . "/mozilla.inc.php");
142
+ if ($r = bb2_mozilla($package)) return $r;
143
  }
144
 
145
  // More intensive screening applies to POST requests
146
  if (!strcasecmp('POST', $package['request_method'])) {
147
  require_once(BB2_CORE . "/post.inc.php");
148
+ if ($r = bb2_post($settings, $package)) return $r;
149
  }
150
  }
151
 
155
 
156
  // And that's about it.
157
  bb2_approved($settings, $package);
158
+ return false;
159
  }
160
  ?>
bad-behavior/functions.inc.php CHANGED
@@ -2,6 +2,11 @@
2
 
3
  // Miscellaneous helper functions.
4
 
 
 
 
 
 
5
  // stripos() needed because stripos is only present on PHP 5
6
  if (!function_exists('stripos')) {
7
  function stripos($haystack,$needle,$offset = 0) {
2
 
3
  // Miscellaneous helper functions.
4
 
5
+ // Quick and dirty check for an IPv6 address
6
+ function is_ipv6($address) {
7
+ return (strpos($address, ":")) ? TRUE : FALSE;
8
+ }
9
+
10
  // stripos() needed because stripos is only present on PHP 5
11
  if (!function_exists('stripos')) {
12
  function stripos($haystack,$needle,$offset = 0) {
bad-behavior/google.inc.php CHANGED
@@ -2,9 +2,14 @@
2
 
3
  // Analyze user agents claiming to be Googlebot
4
 
 
 
5
  function bb2_google($package)
6
  {
7
- if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
 
 
 
8
  return "f1182195";
9
  }
10
  return false;
2
 
3
  // Analyze user agents claiming to be Googlebot
4
 
5
+ require_once(BB2_CORE . "/roundtripdns.inc.php");
6
+
7
  function bb2_google($package)
8
  {
9
+ # if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
10
+ # return "f1182195";
11
+ # }
12
+ if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
13
  return "f1182195";
14
  }
15
  return false;
bad-behavior/msnbot.inc.php CHANGED
@@ -2,9 +2,14 @@
2
 
3
  // Analyze user agents claiming to be msnbot
4
 
 
 
5
  function bb2_msnbot($package)
6
  {
7
- if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
 
 
 
8
  return "e4de0453";
9
  }
10
  return false;
2
 
3
  // Analyze user agents claiming to be msnbot
4
 
5
+ require_once(BB2_CORE . "/roundtripdns.inc.php");
6
+
7
  function bb2_msnbot($package)
8
  {
9
+ # if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
10
+ # return "e4de0453";
11
+ # }
12
+ if (!bb2_roundtripdns($package['ip'], "search.msn.com")) {
13
  return "e4de0453";
14
  }
15
  return false;
bad-behavior/post.inc.php CHANGED
@@ -5,7 +5,7 @@ function bb2_post($settings, $package)
5
  {
6
  // Check blackhole lists for known spam/malicious activity
7
  // require_once(BB2_CORE . "/blackhole.inc.php");
8
- // bb2_test($settings, $package, bb2_blackhole($package));
9
 
10
  // MovableType needs specialized screening
11
  if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
5
  {
6
  // Check blackhole lists for known spam/malicious activity
7
  // require_once(BB2_CORE . "/blackhole.inc.php");
8
+ // if ($r = bb2_blackhole($package)) return $r;
9
 
10
  // MovableType needs specialized screening
11
  if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
bad-behavior/responses.inc.php CHANGED
@@ -19,6 +19,7 @@ function bb2_get_response($key) {
19
  '582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
20
  '69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
21
  '6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
 
22
  '799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
23
  '7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
24
  '7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
@@ -28,6 +29,7 @@ function bb2_get_response($key) {
28
  'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
29
  'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
30
  'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
 
31
  'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
32
  'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
33
  'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
19
  '582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
20
  '69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
21
  '6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
22
+ '70e45496' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User agent claimed to be CloudFlare, claim appears false'),
23
  '799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
24
  '7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
25
  '7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
29
  'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
30
  'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
31
  'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
32
+ 'b0924802' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by malicious software on your computer.', 'log' => 'Incorrect form of HTTP/1.0 Keep-Alive'),
33
  'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
34
  'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
35
  'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
bad-behavior/roundtripdns.inc.php ADDED
@@ -0,0 +1,20 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php if (!defined('BB2_CORE')) die("I said no cheating!");
2
+
3
+ # Round trip DNS verification
4
+
5
+ # Returns TRUE if DNS matches; FALSE on mismatch
6
+ # Returns $ip if an error occurs
7
+ # TODO: Not IPv6 safe
8
+ # FIXME: Returns false on DNS server failure; PHP provides no distinction
9
+ # between no records and error condition
10
+ function bb2_roundtripdns($ip,$domain)
11
+ {
12
+ if (@is_ipv6($ip)) return $ip;
13
+
14
+ $host = gethostbyaddr($ip);
15
+ $host_result = strpos(strrev($host), strrev($domain));
16
+ if ($host_result === false || $host_result > 0) return false;
17
+ $addrs = gethostbynamel($host);
18
+ if (in_array($ip, $addrs)) return true;
19
+ return false;
20
+ }
bad-behavior/version.inc.php CHANGED
@@ -1,3 +1,3 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
- define('BB2_VERSION', "2.0.36");
3
  ?>
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
+ define('BB2_VERSION', "2.1.3");
3
  ?>
bad-behavior/whitelist.inc.php CHANGED
@@ -2,78 +2,25 @@
2
 
3
  function bb2_whitelist($package)
4
  {
5
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
6
 
7
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
8
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
9
- // are 100% CERTAIN that you should.
10
-
11
- // IP address ranges use the CIDR format.
12
-
13
- // Includes four examples of whitelisting by IP address and netblock.
14
- $bb2_whitelist_ip_ranges = array(
15
- "64.191.203.34", // Digg whitelisted as of 2.0.12
16
- "208.67.217.130", // Digg whitelisted as of 2.0.12
17
- "10.0.0.0/8",
18
- "172.16.0.0/12",
19
- "192.168.0.0/16",
20
- // "127.0.0.1",
21
- );
22
-
23
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
24
-
25
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
26
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
27
- // are 100% CERTAIN that you should.
28
-
29
- // You should not whitelist search engines by user agent. Use the IP
30
- // netblock for the search engine instead. See http://whois.arin.net/
31
- // to locate the netblocks for an IP.
32
-
33
- // User agents are matched by exact match only.
34
-
35
- // Includes one example of whitelisting by user agent.
36
- // All are commented out.
37
- $bb2_whitelist_user_agents = array(
38
- // "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
39
- );
40
-
41
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
42
-
43
- // Inappropriate whitelisting WILL expose you to spam, or cause Bad
44
- // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
45
- // are 100% CERTAIN that you should.
46
-
47
- // URLs are matched from the first / after the server name up to,
48
- // but not including, the ? (if any).
49
-
50
- // Includes two examples of whitelisting by URL.
51
- $bb2_whitelist_urls = array(
52
- // "/example.php",
53
- // "/openid/server",
54
- );
55
-
56
- // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
57
-
58
- // Do not edit below this line
59
-
60
- if (!empty($bb2_whitelist_ip_ranges)) {
61
- foreach ($bb2_whitelist_ip_ranges as $range) {
62
  if (match_cidr($package['ip'], $range)) return true;
63
  }
64
  }
65
- if (!empty($bb2_whitelist_user_agents)) {
66
- foreach ($bb2_whitelist_user_agents as $user_agent) {
67
  if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
68
  }
69
  }
70
- if (!empty($bb2_whitelist_urls)) {
71
  if (strpos($package['request_uri'], "?") === FALSE) {
72
  $request_uri = $package['request_uri'];
73
  } else {
74
- $request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
75
  }
76
- foreach ($bb2_whitelist_urls as $url) {
77
  if (!strcmp($request_uri, $url)) return true;
78
  }
79
  }
2
 
3
  function bb2_whitelist($package)
4
  {
5
+ $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
6
 
7
+ if (@!empty($whitelists['ip'])) {
8
+ foreach ($whitelists['ip'] as $range) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
9
  if (match_cidr($package['ip'], $range)) return true;
10
  }
11
  }
12
+ if (@!empty($whitelists['useragent'])) {
13
+ foreach ($whitelists['useragent'] as $user_agent) {
14
  if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
15
  }
16
  }
17
+ if (@!empty($whitelists['url'])) {
18
  if (strpos($package['request_uri'], "?") === FALSE) {
19
  $request_uri = $package['request_uri'];
20
  } else {
21
+ $request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
22
  }
23
+ foreach ($whitelists['url'] as $url) {
24
  if (!strcmp($request_uri, $url)) return true;
25
  }
26
  }
settings.ini ADDED
@@ -0,0 +1,9 @@
 
 
 
 
 
 
 
 
 
1
+ [settings]
2
+ display_stats = true
3
+ strict = false
4
+ verbose = false
5
+ logging = true
6
+ httpbl_key = ""
7
+ httpbl_threat = 25
8
+ httpbl_maxage = 30
9
+ offsite_forms = false
whitelist.ini ADDED
@@ -0,0 +1,26 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ; Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior
2
+ ; to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN
3
+ ; that you should.
4
+
5
+ ; IP address ranges use the CIDR format.
6
+
7
+ [ip]
8
+ ; Digg whitelisted as of 2.0.12
9
+ ip[] = "64.191.203.34"
10
+ ip[] = "208.67.217.130"
11
+ ; RFC 1918 addresses
12
+ ip[] = "10.0.0.0/8"
13
+ ip[] = "172.16.0.0/12"
14
+ ip[] = "192.168.0.0/16"
15
+
16
+ ; User agents are matched by exact match only.
17
+
18
+ [useragent]
19
+ useragent[] = "Mozilla/4.0 (It's me, let me in)"
20
+
21
+ ; URLs are matched from the first / after the server name up to, but not
22
+ ; including, the ? (if any). The URL to be whitelisted is a URL on YOUR site.
23
+
24
+ [url]
25
+ url[] = "/example.php"
26
+ url[] = "/openid/server"