Bad Behavior - Version 2.1.4

Version Description

Release Info

Developer	error
Plugin	Bad Behavior
Version	2.1.4
Comparing to
See all releases

Code changes from version 2.1.0 to 2.1.4

Files changed (16) hide show

README.txt +2 -2
bad-behavior-generic.php +8 -2
bad-behavior-wordpress-admin.php +5 -1
bad-behavior-wordpress.php +3 -2
bad-behavior/banned.inc.php +3 -1
bad-behavior/blackhole.inc.php +0 -5
bad-behavior/cloudflare.inc.php +17 -0
bad-behavior/common_tests.inc.php +9 -4
bad-behavior/core.inc.php +10 -1
bad-behavior/functions.inc.php +5 -0
bad-behavior/google.inc.php +6 -1
bad-behavior/msnbot.inc.php +6 -1
bad-behavior/responses.inc.php +2 -0
bad-behavior/roundtripdns.inc.php +20 -0
bad-behavior/version.inc.php +1 -1
bad-behavior/whitelist.inc.php +1 -1

README.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Tags: comment,trackback,referrer,spam,robot,antispam
3	Contributors: error, MarkJaquith, Firas, skeltoac
4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5	Requires at least: 1.5
6	- Tested up to: 2.9
7	- Stable tag: 2.0.35
8
9	Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10	content management system free of link spam. Bad Behavior is a PHP-based


3	Contributors: error, MarkJaquith, Firas, skeltoac
4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5	Requires at least: 1.5
6	+ Tested up to: 3.0
7	+ Stable tag: 2.0.38
8
9	Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
10	content management system free of link spam. Bad Behavior is a PHP-based

bad-behavior-generic.php CHANGED Viewed

	@@ -85,10 +85,16 @@ function bb2_db_rows($result) {
85	return $result;
86	}
87







88	// Return emergency contact email address.
89	function bb2_email() {
90	- // return "example@example.com"; // You need to change this.
91	- return "badbots@ioerror.us"; // You need to change this.
92	}
93
94	// retrieve settings from database


85	return $result;
86	}
87
88	+ // Create the SQL query for inserting a record in the database.
89	+ // See example for MySQL elsewhere.
90	+ function bb2_insert($settings, $package, $key)
91	+ {
92	+ return "--";
93	+ }
94	+
95	// Return emergency contact email address.
96	function bb2_email() {
97	+ return "example@example.com"; // You need to change this.

98	}
99
100	// retrieve settings from database

bad-behavior-wordpress-admin.php CHANGED Viewed

	@@ -98,6 +98,7 @@ function bb2_manage() {
98	global $wpdb;
99
100	$request_uri = $_SERVER["REQUEST_URI"];

101	$settings = bb2_read_settings();
102	$rows_per_page = 100;
103	$where = "";
	@@ -178,7 +179,7 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
178	$host .= "<br/>\n";
179	}
180	echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
181	- if ($httpbl) echo "<br/><br/>http:BL:<br/>$httpbl\n";
182	echo "</td>\n";
183	$headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
184	if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
	@@ -207,6 +208,9 @@ function bb2_options()
207	{
208	$settings = bb2_read_settings();
209



210	if ($_POST) {
211	if ($_POST['display_stats']) {
212	$settings['display_stats'] = true;


98	global $wpdb;
99
100	$request_uri = $_SERVER["REQUEST_URI"];
101	+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
102	$settings = bb2_read_settings();
103	$rows_per_page = 100;
104	$where = "";

179	$host .= "<br/>\n";
180	}
181	echo "<td><a href=\"" . add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked"), $request_uri)) . "\">" . $key["log"] . "</a>\n";
182	+ if ($httpbl) echo "<br/><br/><a href=\"http://www.projecthoneypot.org/ip_{$result['ip']}\">http:BL</a>:<br/>$httpbl\n";
183	echo "</td>\n";
184	$headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
185	if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));

208	{
209	$settings = bb2_read_settings();
210
211	+ $request_uri = $_SERVER["REQUEST_URI"];
212	+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
213	+
214	if ($_POST) {
215	if ($_POST['display_stats']) {
216	$settings['display_stats'] = true;

bad-behavior-wordpress.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/*
3	Plugin Name: Bad Behavior
4	- Version: 2.1.0
5	Description: Deny automated spambots access to your PHP-based Web site.
6	Plugin URI: http://www.bad-behavior.ioerror.us/
7	Author: Michael Hampton
	@@ -80,7 +80,8 @@ function bb2_db_query($query) {
80
81	$wpdb->hide_errors();
82	$result = $wpdb->get_results($query, ARRAY_A);
83	- ~~$wpdb->show_errors~~();

84	if (mysql_error()) {
85	return FALSE;
86	}


1	<?php
2	/*
3	Plugin Name: Bad Behavior
4	+ Version: 2.1.4
5	Description: Deny automated spambots access to your PHP-based Web site.
6	Plugin URI: http://www.bad-behavior.ioerror.us/
7	Author: Michael Hampton

80
81	$wpdb->hide_errors();
82	$result = $wpdb->get_results($query, ARRAY_A);
83	+ if ( defined('WP_DEBUG') and WP_DEBUG == true )
84	+ $wpdb->show_errors();
85	if (mysql_error()) {
86	return FALSE;
87	}

bad-behavior/banned.inc.php CHANGED Viewed

	@@ -24,6 +24,8 @@ function bb2_display_denial($settings, $key, $previous_key = false)
24	$response = bb2_get_response($previous_key);
25	header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
26	header("Status: " . $response['response'] . " Bad Behavior");


27	?>
28	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
29	<!--< html xmlns="http://www.w3.org/1999/xhtml">-->
	@@ -33,7 +35,7 @@ function bb2_display_denial($settings, $key, $previous_key = false)
33	<body>
34	<h1>Error <?php echo $response['response']; ?></h1>
35	<p>We're sorry, but we could not fulfill your request for
36	- <?php echo htmlspecialchars($~~_SERVER['REQUEST_URI']~~) ?> on this server.</p>
37	<p><?php echo $response['explanation']; ?></p>
38	<p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
39	<p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>


24	$response = bb2_get_response($previous_key);
25	header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
26	header("Status: " . $response['response'] . " Bad Behavior");
27	+ $request_uri = $_SERVER["REQUEST_URI"];
28	+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
29	?>
30	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
31	<!--< html xmlns="http://www.w3.org/1999/xhtml">-->

35	<body>
36	<h1>Error <?php echo $response['response']; ?></h1>
37	<p>We're sorry, but we could not fulfill your request for
38	+ <?php echo htmlspecialchars($request_uri) ?> on this server.</p>
39	<p><?php echo $response['explanation']; ?></p>
40	<p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
41	<p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>

bad-behavior/blackhole.inc.php CHANGED Viewed

	@@ -1,10 +1,5 @@
1	<?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
3	- // Quick and dirty check for an IPv6 address
4	- function is_ipv6($address) {
5	- return (strpos($address, ":")) ? TRUE : FALSE;
6	- }
7	-
8	// Look up address on various blackhole lists.
9	// These should not be used for GET requests under any circumstances!
10	// FIXME: Note that this code is no longer in use


1	<?php if (!defined('BB2_CORE')) die('I said no cheating!');
2





3	// Look up address on various blackhole lists.
4	// These should not be used for GET requests under any circumstances!
5	// FIXME: Note that this code is no longer in use

bad-behavior/cloudflare.inc.php ADDED Viewed

	@@ -0,0 +1,17 @@


1	+ <?php if (!defined('BB2_CORE')) die('I said no cheating!');
2	+
3	+ // Analyze requests claiming to be from CloudFlare
4	+
5	+ require_once(BB2_CORE . "/roundtripdns.inc.php");
6	+
7	+ function bb2_cloudflare(&$package)
8	+ {
9	+ if (bb2_roundtripdns($package['ip'], "cloudflare.com")) {
10	+ $package['ip'] = $package['headers_mixed']['Cf-Connecting-Ip'];
11	+ } else {
12	+ return '70e45496';
13	+ }
14	+ return false;
15	+ }
16	+
17	+ ?>

bad-behavior/common_tests.inc.php CHANGED Viewed

	@@ -4,7 +4,6 @@
4
5	function bb2_protocol($settings, $package)
6	{
7	- // Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
8	// Always run this test; we should never see Expect:
9	if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
10	return "a0105122";
	@@ -54,9 +53,9 @@ function bb2_misc_headers($settings, $package)
54	// Real user-agents do not start ranges at 0
55	// NOTE: this blocks the whois.sc bot. No big loss.
56	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
57	- // blocked again in the future)
58	if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
59	- if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11)) {
60	return "7ad04a8a";
61	}
62	}
	@@ -105,6 +104,12 @@ function bb2_misc_headers($settings, $package)
105	if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
106	return "a52f0448";
107	}






108	}
109
110
	@@ -113,7 +118,7 @@ function bb2_misc_headers($settings, $package)
113	return "b9cc1d86";
114	}
115	// Proxy-Connection does not exist and should never be seen in the wild
116	- if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
117	return "b7830251";
118	}
119


4
5	function bb2_protocol($settings, $package)
6	{

7	// Always run this test; we should never see Expect:
8	if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
9	return "a0105122";

53	// Real user-agents do not start ranges at 0
54	// NOTE: this blocks the whois.sc bot. No big loss.
55	// Exceptions: MT (not fixable); LJ (refuses to fix; may be
56	+ // blocked again in the future); Facebook
57	if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
58	+ if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua, "facebookexternalhit", 19)) {
59	return "7ad04a8a";
60	}
61	}

104	if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
105	return "a52f0448";
106	}
107	+ // Keep-Alive format in RFC 2068; some bots mangle these headers
108	+ if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
109	+ return "b0924802";
110	+ }
111	+ // Close should not be oddly capitalized
112	+
113	}
114
115

118	return "b9cc1d86";
119	}
120	// Proxy-Connection does not exist and should never be seen in the wild
121	+ if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
122	return "b7830251";
123	}
124

bad-behavior/core.inc.php CHANGED Viewed

	@@ -64,7 +64,9 @@ function bb2_start($settings)
64	}
65	}
66
67	- ~~@$package = array('ip' =>~~ $~~_SERVER['REMOTE_ADDR'], 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], '~~request_uri' => $_SERVER['REQUEST_URI']~~, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false)~~;


68
69	$result = bb2_screen($settings, $package);
70	if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);
	@@ -83,6 +85,13 @@ function bb2_screen($settings, $package)
83	require_once(BB2_CORE . "/blacklist.inc.php");
84	if ($r = bb2_blacklist($package)) return $r;
85







86	// Check the http:BL
87	require_once(BB2_CORE . "/blackhole.inc.php");
88	if ($r = bb2_httpbl($settings, $package)) return $r;


64	}
65	}
66
67	+ $request_uri = $_SERVER["REQUEST_URI"];
68	+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
69	+ @$package = array('ip' => $_SERVER['REMOTE_ADDR'], 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false);
70
71	$result = bb2_screen($settings, $package);
72	if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package, $result);

85	require_once(BB2_CORE . "/blacklist.inc.php");
86	if ($r = bb2_blacklist($package)) return $r;
87
88	+ // Check for CloudFlare CDN
89	+ if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
90	+ require_once(BB2_CORE . "/cloudflare.inc.php");
91	+ $r = bb2_cloudflare($package);
92	+ if ($r !== false && $r != $package['ip']) return $r;
93	+ }
94	+
95	// Check the http:BL
96	require_once(BB2_CORE . "/blackhole.inc.php");
97	if ($r = bb2_httpbl($settings, $package)) return $r;

bad-behavior/functions.inc.php CHANGED Viewed

	@@ -2,6 +2,11 @@
2
3	// Miscellaneous helper functions.
4





5	// stripos() needed because stripos is only present on PHP 5
6	if (!function_exists('stripos')) {
7	function stripos($haystack,$needle,$offset = 0) {


2
3	// Miscellaneous helper functions.
4
5	+ // Quick and dirty check for an IPv6 address
6	+ function is_ipv6($address) {
7	+ return (strpos($address, ":")) ? TRUE : FALSE;
8	+ }
9	+
10	// stripos() needed because stripos is only present on PHP 5
11	if (!function_exists('stripos')) {
12	function stripos($haystack,$needle,$offset = 0) {

bad-behavior/google.inc.php CHANGED Viewed

	@@ -2,9 +2,14 @@
2
3	// Analyze user agents claiming to be Googlebot
4


5	function bb2_google($package)
6	{
7	- if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {



8	return "f1182195";
9	}
10	return false;


2
3	// Analyze user agents claiming to be Googlebot
4
5	+ require_once(BB2_CORE . "/roundtripdns.inc.php");
6	+
7	function bb2_google($package)
8	{
9	+ # if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
10	+ # return "f1182195";
11	+ # }
12	+ if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
13	return "f1182195";
14	}
15	return false;

bad-behavior/msnbot.inc.php CHANGED Viewed

	@@ -2,9 +2,14 @@
2
3	// Analyze user agents claiming to be msnbot
4


5	function bb2_msnbot($package)
6	{
7	- if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {



8	return "e4de0453";
9	}
10	return false;


2
3	// Analyze user agents claiming to be msnbot
4
5	+ require_once(BB2_CORE . "/roundtripdns.inc.php");
6	+
7	function bb2_msnbot($package)
8	{
9	+ # if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
10	+ # return "e4de0453";
11	+ # }
12	+ if (!bb2_roundtripdns($package['ip'], "search.msn.com")) {
13	return "e4de0453";
14	}
15	return false;

bad-behavior/responses.inc.php CHANGED Viewed

	@@ -19,6 +19,7 @@ function bb2_get_response($key) {
19	'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
20	'69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
21	'6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),

22	'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
23	'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
24	'7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
	@@ -28,6 +29,7 @@ function bb2_get_response($key) {
28	'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
29	'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
30	'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),

31	'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
32	'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
33	'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),


19	'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
20	'69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
21	'6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
22	+ '70e45496' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User agent claimed to be CloudFlare, claim appears false'),
23	'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
24	'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
25	'7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),

29	'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
30	'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
31	'a52f0448' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server or browser privacy software. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator.', 'log' => 'Header \'Connection\' contains invalid values'),
32	+ 'b0924802' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by malicious software on your computer.', 'log' => 'Incorrect form of HTTP/1.0 Keep-Alive'),
33	'b40c8ddc' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST more than two days after GET'),
34	'b7830251' => array('response' => 400, 'explanation' => 'Your proxy server sent an invalid request. Please contact the proxy server administrator to have this problem fixed.', 'log' => 'Prohibited header \'Proxy-Connection\' present'),
35	'b9cc1d86' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),

bad-behavior/roundtripdns.inc.php ADDED Viewed

	@@ -0,0 +1,20 @@


1	+ <?php if (!defined('BB2_CORE')) die("I said no cheating!");
2	+
3	+ # Round trip DNS verification
4	+
5	+ # Returns TRUE if DNS matches; FALSE on mismatch
6	+ # Returns $ip if an error occurs
7	+ # TODO: Not IPv6 safe
8	+ # FIXME: Returns false on DNS server failure; PHP provides no distinction
9	+ # between no records and error condition
10	+ function bb2_roundtripdns($ip,$domain)
11	+ {
12	+ if (@is_ipv6($ip)) return $ip;
13	+
14	+ $host = gethostbyaddr($ip);
15	+ $host_result = strpos(strrev($host), strrev($domain));
16	+ if ($host_result === false \|\| $host_result > 0) return false;
17	+ $addrs = gethostbynamel($host);
18	+ if (in_array($ip, $addrs)) return true;
19	+ return false;
20	+ }

bad-behavior/version.inc.php CHANGED Viewed

	@@ -1,3 +1,3 @@
1	<?php if (!defined('BB2_CWD')) die("I said no cheating!");
2	- define('BB2_VERSION', "2.1.0");
3	?>


1	<?php if (!defined('BB2_CWD')) die("I said no cheating!");
2	+ define('BB2_VERSION', "2.1.4");
3	?>

bad-behavior/whitelist.inc.php CHANGED Viewed

	@@ -18,7 +18,7 @@ function bb2_whitelist($package)
18	if (strpos($package['request_uri'], "?") === FALSE) {
19	$request_uri = $package['request_uri'];
20	} else {
21	- $request_uri = substr($package['request_uri'], 0, strpos($~~settings~~['request_uri'], "?"));
22	}
23	foreach ($whitelists['url'] as $url) {
24	if (!strcmp($request_uri, $url)) return true;


18	if (strpos($package['request_uri'], "?") === FALSE) {
19	$request_uri = $package['request_uri'];
20	} else {
21	+ $request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
22	}
23	foreach ($whitelists['url'] as $url) {
24	if (!strcmp($request_uri, $url)) return true;