Bad Behavior - Version 2.2.19

Version Description

Download this release

Release Info

Developer error
Plugin Icon wp plugin Bad Behavior
Version 2.2.19
Comparing to
See all releases

Code changes from version 2.2.18 to 2.2.19

Files changed (5) hide show
  1. README.txt +2 -2
  2. bad-behavior-wordpress-admin.php +9 -3
  3. bad-behavior-wordpress.php +1 -1
  4. bad-behavior/blacklist.inc.php +5 -3
  5. bad-behavior/core.inc.php +1 -1
README.txt CHANGED
@@ -3,8 +3,8 @@ Tags: comment,trackback,referrer,spam,robot,antispam
3
  Contributors: error
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 3.5
6
- Tested up to: 4.4.1
7
- Stable tag: 2.2.18
8
 
9
  Bad Behavior prevents spammers from ever delivering their junk, and in many
10
  cases, from ever reading your site in the first place.
3
  Contributors: error
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 3.5
6
+ Tested up to: 4.8
7
+ Stable tag: 2.2.19
8
 
9
  Bad Behavior prevents spammers from ever delivering their junk, and in many
10
  cases, from ever reading your site in the first place.
bad-behavior-wordpress-admin.php CHANGED
@@ -243,6 +243,7 @@ function bb2_whitelist()
243
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
244
 
245
  if ($_POST) {
 
246
  $_POST = array_map('stripslashes_deep', $_POST);
247
  if ($_POST['ip']) {
248
  $whitelists['ip'] = array_filter(preg_split("/\s+/m", $_POST['ip']));
@@ -277,19 +278,21 @@ function bb2_whitelist()
277
 
278
  <h3><?php _e('IP Address'); ?></h3>
279
  <table class="form-table">
280
- <tr><td><label>IP address or CIDR format address ranges to be whitelisted (one per line)<br/><textarea cols="24" rows="6" name="ip"><?php echo implode("\n", $whitelists['ip']); ?></textarea></td></tr>
281
  </table>
282
 
283
  <h3><?php _e('URL'); ?></h3>
284
  <table class="form-table">
285
- <tr><td><label>URL fragments beginning with the / after your web site hostname (one per line)<br/><textarea cols="48" rows="6" name="url"><?php echo implode("\n", $whitelists['url']); ?></textarea></td></tr>
286
  </table>
287
 
288
  <h3><?php _e('User Agent'); ?></h3>
289
  <table class="form-table">
290
- <tr><td><label>User agent strings to be whitelisted (one per line)<br/><textarea cols="48" rows="6" name="useragent"><?php echo implode("\n", $whitelists['useragent']); ?></textarea></td></tr>
291
  </table>
292
 
 
 
293
  <p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
294
  </form>
295
  <?php
@@ -304,6 +307,7 @@ function bb2_options()
304
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
305
 
306
  if ($_POST) {
 
307
  $_POST = array_map('stripslashes_deep', $_POST);
308
  if ($_POST['display_stats']) {
309
  $settings['display_stats'] = true;
@@ -438,6 +442,8 @@ function bb2_options()
438
  <tr><td><label>IP address or CIDR format address ranges for your proxy servers (one per line)<br/><textarea cols="24" rows="6" name="reverse_proxy_addresses"><?php echo esc_textarea(implode("\n", $settings['reverse_proxy_addresses'])); ?></textarea></td></tr>
439
  </table>
440
 
 
 
441
  <p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
442
  </form>
443
  </div>
243
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
244
 
245
  if ($_POST) {
246
+ check_admin_referer('bad-behavior-whitelist');
247
  $_POST = array_map('stripslashes_deep', $_POST);
248
  if ($_POST['ip']) {
249
  $whitelists['ip'] = array_filter(preg_split("/\s+/m", $_POST['ip']));
278
 
279
  <h3><?php _e('IP Address'); ?></h3>
280
  <table class="form-table">
281
+ <tr><td><label>IP address or CIDR format address ranges to be whitelisted (one per line)<br/><textarea cols="24" rows="6" name="ip"><?php echo esc_textarea(implode("\n", $whitelists['ip'])); ?></textarea></td></tr>
282
  </table>
283
 
284
  <h3><?php _e('URL'); ?></h3>
285
  <table class="form-table">
286
+ <tr><td><label>URL fragments beginning with the / after your web site hostname (one per line)<br/><textarea cols="48" rows="6" name="url"><?php echo esc_textarea(implode("\n", $whitelists['url'])); ?></textarea></td></tr>
287
  </table>
288
 
289
  <h3><?php _e('User Agent'); ?></h3>
290
  <table class="form-table">
291
+ <tr><td><label>User agent strings to be whitelisted (one per line)<br/><textarea cols="48" rows="6" name="useragent"><?php echo esc_textarea(implode("\n", $whitelists['useragent'])); ?></textarea></td></tr>
292
  </table>
293
 
294
+ <?php wp_nonce_field('bad-behavior-whitelist'); ?>
295
+
296
  <p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
297
  </form>
298
  <?php
307
  if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
308
 
309
  if ($_POST) {
310
+ check_admin_referer('bad-behavior-options');
311
  $_POST = array_map('stripslashes_deep', $_POST);
312
  if ($_POST['display_stats']) {
313
  $settings['display_stats'] = true;
442
  <tr><td><label>IP address or CIDR format address ranges for your proxy servers (one per line)<br/><textarea cols="24" rows="6" name="reverse_proxy_addresses"><?php echo esc_textarea(implode("\n", $settings['reverse_proxy_addresses'])); ?></textarea></td></tr>
443
  </table>
444
 
445
+ <?php wp_nonce_field('bad-behavior-options'); ?>
446
+
447
  <p class="submit"><input class="button" type="submit" name="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
448
  </form>
449
  </div>
bad-behavior-wordpress.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
- Version: 2.2.18
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://bad-behavior.ioerror.us/
7
  Author: Michael Hampton
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
+ Version: 2.2.19
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://bad-behavior.ioerror.us/
7
  Author: Michael Hampton
bad-behavior/blacklist.inc.php CHANGED
@@ -5,6 +5,7 @@ function bb2_blacklist($package) {
5
  // Blacklisted user agents
6
  // These user agent strings occur at the beginning of the line.
7
  $bb2_spambots_0 = array(
 
8
  "8484 Boston Project", // video poker/porn spam
9
  "ArchiveTeam", // ignores robots.txt and hammers server
10
  "adwords", // referrer spam
@@ -36,6 +37,7 @@ function bb2_blacklist($package) {
36
  "MJ12bot/v1.0.8", // malicious botnet
37
  "Morfeus", // vulnerability scanner
38
  "Movable Type", // customised spambots
 
39
  //"Mozilla ", // malicious software
40
  "Mozilla/0", // malicious software
41
  "Mozilla/1", // malicious software
@@ -77,6 +79,8 @@ function bb2_blacklist($package) {
77
  "\r", // A really dumb bot
78
  "<sc", // XSS exploit attempts
79
  "; Widows ", // misc comment/email spam
 
 
80
  "a href=", // referrer spam
81
  "ArchiveBot", // ignores robots.txt and hammers server
82
  "Bad Behavior Test", // Add this to your user-agent to test BB
@@ -129,11 +133,9 @@ function bb2_blacklist($package) {
129
  // These are regular expression matches.
130
  $bb2_spambots_regex = array(
131
  "/^[A-Z]{10}$/", // misc email spam
132
- // msnbot is using this fake user agent string now
133
- // "/^Mozilla...[05]$/i", // fake user agent/email spam
134
  "/[bcdfghjklmnpqrstvwxz ]{8,}/",
135
  // "/(;\){1,2}$/", // misc spammers/harvesters
136
- // "/MSIE.*Windows XP/", // misc comment spam
137
  "/MSIE [2345]/", // too old; assumed robot
138
  );
139
 
5
  // Blacklisted user agents
6
  // These user agent strings occur at the beginning of the line.
7
  $bb2_spambots_0 = array(
8
+ "-", // brute force password attempts, malicious botnet
9
  "8484 Boston Project", // video poker/porn spam
10
  "ArchiveTeam", // ignores robots.txt and hammers server
11
  "adwords", // referrer spam
37
  "MJ12bot/v1.0.8", // malicious botnet
38
  "Morfeus", // vulnerability scanner
39
  "Movable Type", // customised spambots
40
+ // msnbot is using this fake user agent string now
41
  //"Mozilla ", // malicious software
42
  "Mozilla/0", // malicious software
43
  "Mozilla/1", // malicious software
79
  "\r", // A really dumb bot
80
  "<sc", // XSS exploit attempts
81
  "; Widows ", // misc comment/email spam
82
+ ": ;", // shellshock
83
+ ":;", // shellshock
84
  "a href=", // referrer spam
85
  "ArchiveBot", // ignores robots.txt and hammers server
86
  "Bad Behavior Test", // Add this to your user-agent to test BB
133
  // These are regular expression matches.
134
  $bb2_spambots_regex = array(
135
  "/^[A-Z]{10}$/", // misc email spam
 
 
136
  "/[bcdfghjklmnpqrstvwxz ]{8,}/",
137
  // "/(;\){1,2}$/", // misc spammers/harvesters
138
+ "/MSIE.*Windows XP/", // misc comment spam
139
  "/MSIE [2345]/", // too old; assumed robot
140
  );
141
 
bad-behavior/core.inc.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
- define('BB2_VERSION', "2.2.18");
3
 
4
  // Bad Behavior entry point is bb2_start()
5
  // If you're reading this, you are probably lost.
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
+ define('BB2_VERSION', "2.2.19");
3
 
4
  // Bad Behavior entry point is bb2_start()
5
  // If you're reading this, you are probably lost.