Bad Behavior - Version 2.2.21

Version Description

Download this release

Release Info

Developer error
Plugin Icon wp plugin Bad Behavior
Version 2.2.21
Comparing to
See all releases

Code changes from version 2.2.20 to 2.2.21

Files changed (9) hide show
  1. README.txt +2 -2
  2. bad-behavior-generic.php +0 -1
  3. bad-behavior-mediawiki.php +0 -1
  4. bad-behavior-wordpress-admin.php +3 -12
  5. bad-behavior-wordpress.php +2 -2
  6. bad-behavior/core.inc.php +1 -1
  7. bad-behavior/post.inc.php +0 -40
  8. bad-behavior/screener.inc.php +0 -48
  9. settings-sample.ini +0 -1
README.txt CHANGED
@@ -3,8 +3,8 @@ Tags: comment,trackback,referrer,spam,robot,antispam
3
  Contributors: error
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 3.5
6
- Tested up to: 4.8.1
7
- Stable tag: 2.2.20
8
 
9
  Bad Behavior prevents spammers from ever delivering their junk, and in many
10
  cases, from ever reading your site in the first place.
3
  Contributors: error
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 3.5
6
+ Tested up to: 4.9.7
7
+ Stable tag: 2.2.21
8
 
9
  Bad Behavior prevents spammers from ever delivering their junk, and in many
10
  cases, from ever reading your site in the first place.
bad-behavior-generic.php CHANGED
@@ -38,7 +38,6 @@ $bb2_settings_defaults = array(
38
  'httpbl_threat' => '25',
39
  'httpbl_maxage' => '30',
40
  'offsite_forms' => false,
41
- 'eu_cookie' => false,
42
  'reverse_proxy' => false,
43
  'reverse_proxy_header' => 'X-Forwarded-For',
44
  'reverse_proxy_addresses' => array(),
38
  'httpbl_threat' => '25',
39
  'httpbl_maxage' => '30',
40
  'offsite_forms' => false,
 
41
  'reverse_proxy' => false,
42
  'reverse_proxy_header' => 'X-Forwarded-For',
43
  'reverse_proxy_addresses' => array(),
bad-behavior-mediawiki.php CHANGED
@@ -41,7 +41,6 @@ $bb2_settings_defaults = array(
41
  'httpbl_threat' => '25',
42
  'httpbl_maxage' => '30',
43
  'offsite_forms' => false,
44
- 'eu_cookie' => false,
45
  'reverse_proxy' => false,
46
  'reverse_proxy_header' => 'X-Forwarded-For',
47
  'reverse_proxy_addresses' => array(),
41
  'httpbl_threat' => '25',
42
  'httpbl_maxage' => '30',
43
  'offsite_forms' => false,
 
44
  'reverse_proxy' => false,
45
  'reverse_proxy_header' => 'X-Forwarded-For',
46
  'reverse_proxy_addresses' => array(),
bad-behavior-wordpress-admin.php CHANGED
@@ -9,7 +9,6 @@ function bb2_admin_pages() {
9
  add_options_page(__("Bad Behavior"), __("Bad Behavior"), 'manage_options', 'bb2_options', 'bb2_options');
10
  add_options_page(__("Bad Behavior Whitelist"), __("Bad Behavior Whitelist"), 'manage_options', 'bb2_whitelist', 'bb2_whitelist');
11
  add_management_page(__("Bad Behavior Log"), __("Bad Behavior Log"), 'manage_options', 'bb2_manage', 'bb2_manage');
12
- @session_start();
13
  }
14
  }
15
 
@@ -21,6 +20,8 @@ function bb2_clean_log_link($uri) {
21
  }
22
 
23
  function bb2_httpbl_lookup($ip) {
 
 
24
  // NB: Many of these are defunct
25
  $engines = array(
26
  1 => "AltaVista",
@@ -363,11 +364,7 @@ function bb2_options()
363
  } else {
364
  $settings['offsite_forms'] = false;
365
  }
366
- if ($_POST['eu_cookie']) {
367
- $settings['eu_cookie'] = true;
368
- } else {
369
- $settings['eu_cookie'] = false;
370
- }
371
  if ($_POST['reverse_proxy']) {
372
  $settings['reverse_proxy'] = true;
373
  } else {
@@ -426,12 +423,6 @@ function bb2_options()
426
  <tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_maxage" value="<?php echo intval($settings['httpbl_maxage']); ?>" /> Maximum Age of Data (30 is recommended)</label></td></tr>
427
  </table>
428
 
429
- <h3><?php _e('European Union Cookie'); ?></h3>
430
- <p>Select this option if you believe Bad Behavior's site security cookie is not exempt from the 2012 EU cookie regulation. <a href="http://bad-behavior.ioerror.us/2012/05/04/eu-cookie-requirement-disclosure/">More info</a></p>
431
- <table class="form-table">
432
- <tr><td><label><input type="checkbox" name="eu_cookie" value="true" <?php if ($settings['eu_cookie']) { ?>checked="checked" <?php } ?>/> <?php _e('EU cookie handling'); ?></label></td></tr>
433
- </table>
434
-
435
  <h3><?php _e('Reverse Proxy/Load Balancer'); ?></h3>
436
  <p>If you are using Bad Behavior behind a reverse proxy, load balancer, HTTP accelerator, content cache or similar technology, enable the Reverse Proxy option.</p>
437
  <p>If you have a chain of two or more reverse proxies between your server and the public Internet, you must specify <em>all</em> of the IP address ranges (in CIDR format) of all of your proxy servers, load balancers, etc. Otherwise, Bad Behavior may be unable to determine the client's true IP address.</p>
9
  add_options_page(__("Bad Behavior"), __("Bad Behavior"), 'manage_options', 'bb2_options', 'bb2_options');
10
  add_options_page(__("Bad Behavior Whitelist"), __("Bad Behavior Whitelist"), 'manage_options', 'bb2_whitelist', 'bb2_whitelist');
11
  add_management_page(__("Bad Behavior Log"), __("Bad Behavior Log"), 'manage_options', 'bb2_manage', 'bb2_manage');
 
12
  }
13
  }
14
 
20
  }
21
 
22
  function bb2_httpbl_lookup($ip) {
23
+ @session_start();
24
+
25
  // NB: Many of these are defunct
26
  $engines = array(
27
  1 => "AltaVista",
364
  } else {
365
  $settings['offsite_forms'] = false;
366
  }
367
+ unset($settings['eu_cookie']);
 
 
 
 
368
  if ($_POST['reverse_proxy']) {
369
  $settings['reverse_proxy'] = true;
370
  } else {
423
  <tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_maxage" value="<?php echo intval($settings['httpbl_maxage']); ?>" /> Maximum Age of Data (30 is recommended)</label></td></tr>
424
  </table>
425
 
 
 
 
 
 
 
426
  <h3><?php _e('Reverse Proxy/Load Balancer'); ?></h3>
427
  <p>If you are using Bad Behavior behind a reverse proxy, load balancer, HTTP accelerator, content cache or similar technology, enable the Reverse Proxy option.</p>
428
  <p>If you have a chain of two or more reverse proxies between your server and the public Internet, you must specify <em>all</em> of the IP address ranges (in CIDR format) of all of your proxy servers, load balancers, etc. Otherwise, Bad Behavior may be unable to determine the client's true IP address.</p>
bad-behavior-wordpress.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
- Version: 2.2.20
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://bad-behavior.ioerror.us/
7
  Author: Michael Hampton
@@ -107,7 +107,7 @@ function bb2_read_settings() {
107
  // Add in default settings when they aren't yet present in WP
108
  $settings = get_option('bad_behavior_settings');
109
  if (!$settings) $settings = array();
110
- return array_merge(array('log_table' => $wpdb->prefix . 'bad_behavior', 'display_stats' => false, 'strict' => false, 'verbose' => false, 'logging' => true, 'httpbl_key' => '', 'httpbl_threat' => '25', 'httpbl_maxage' => '30', 'offsite_forms' => false, 'eu_cookie' => false, 'reverse_proxy' => false, 'reverse_proxy_header' => 'X-Forwarded-For', 'reverse_proxy_addresses' => array(),), $settings);
111
 
112
 
113
  }
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
+ Version: 2.2.21
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://bad-behavior.ioerror.us/
7
  Author: Michael Hampton
107
  // Add in default settings when they aren't yet present in WP
108
  $settings = get_option('bad_behavior_settings');
109
  if (!$settings) $settings = array();
110
+ return array_merge(array('log_table' => $wpdb->prefix . 'bad_behavior', 'display_stats' => false, 'strict' => false, 'verbose' => false, 'logging' => true, 'httpbl_key' => '', 'httpbl_threat' => '25', 'httpbl_maxage' => '30', 'offsite_forms' => false, 'reverse_proxy' => false, 'reverse_proxy_header' => 'X-Forwarded-For', 'reverse_proxy_addresses' => array(),), $settings);
111
 
112
 
113
  }
bad-behavior/core.inc.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
- define('BB2_VERSION', "2.2.20");
3
 
4
  // Bad Behavior entry point is bb2_start()
5
  // If you're reading this, you are probably lost.
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
+ define('BB2_VERSION', "2.2.21");
3
 
4
  // Bad Behavior entry point is bb2_start()
5
  // If you're reading this, you are probably lost.
bad-behavior/post.inc.php CHANGED
@@ -65,45 +65,5 @@ function bb2_post($settings, $package)
65
  }
66
  }
67
 
68
- // Screen by cookie/JavaScript form add
69
- if (isset($_COOKIE[BB2_COOKIE]) && !$settings['eu_cookie']) {
70
- $screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);
71
- } else {
72
- $screener1 = array(0);
73
- }
74
- if (isset($_POST[BB2_COOKIE])) {
75
- $screener2 = explode(" ", $_POST[BB2_COOKIE]);
76
- } else {
77
- $screener2 = array(0);
78
- }
79
- $screener = max($screener1[0], $screener2[0]);
80
-
81
- if ($screener > 0) {
82
- // Posting too fast? 5 sec
83
- // FIXME: even 5 sec is too intrusive
84
- // if ($screener + 5 > time())
85
- // return "408d7e72";
86
- // Posting too slow? 48 hr
87
- if ($screener + 172800 < time())
88
- return "b40c8ddc";
89
-
90
- // Screen by IP address
91
- $ip = ip2long($package['ip']);
92
- $ip_screener = ip2long($screener[1]);
93
- // FIXME: This is b0rked, but why?
94
- // if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
95
- // return "c1fa729b";
96
-
97
- if (!empty($package['headers_mixed']['X-Forwarded-For'])) {
98
- $ip = $package['headers_mixed']['X-Forwarded-For'];
99
- }
100
- // Screen for user agent changes
101
- // User connected previously with blank user agent
102
- // $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
103
- // Damnit, too many ways for this to fail :(
104
- // if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0)
105
- // return "799165c2";
106
- }
107
-
108
  return false;
109
  }
65
  }
66
  }
67
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
68
  return false;
69
  }
bad-behavior/screener.inc.php CHANGED
@@ -9,55 +9,7 @@ function bb2_screener_cookie($settings, $package, $cookie_name, $cookie_value)
9
  setcookie($cookie_name, $cookie_value, 1, bb2_relative_path());
10
  }
11
 
12
- function bb2_screener_javascript($settings, $package, $cookie_name, $cookie_value)
13
- {
14
- global $bb2_javascript;
15
-
16
- // FIXME: do something
17
- $bb2_javascript = "<script type=\"text/javascript\">
18
- <!--
19
- function bb2_addLoadEvent(func) {
20
- var oldonload = window.onload;
21
- if (typeof window.onload != 'function') {
22
- window.onload = func;
23
- } else {
24
- window.onload = function() {
25
- oldonload();
26
- func();
27
- }
28
- }
29
- }
30
-
31
- bb2_addLoadEvent(function() {
32
- for ( i=0; i < document.forms.length; i++ ) {
33
- if (document.forms[i].method == 'post') {
34
- var myElement = document.createElement('input');
35
- myElement.setAttribute('type', 'hidden');
36
- myElement.name = '$cookie_name';
37
- myElement.value = '$cookie_value';
38
- document.forms[i].appendChild(myElement);
39
- }
40
- }
41
- });
42
- // --></script>
43
- ";
44
- }
45
-
46
  function bb2_screener($settings, $package)
47
  {
48
- $cookie_name = BB2_COOKIE;
49
-
50
- // Set up a simple cookie
51
- $screener = array(time(), $package['ip']);
52
- if (isset($package['headers_mixed']['X-Forwarded-For'])) {
53
- array_push($screener, $package['headers_mixed']['X-Forwarded-For']);
54
- }
55
- if (isset($package['headers_mixed']['Client-Ip'])) {
56
- array_push($screener, $package['headers_mixed']['Client-Ip']);
57
- }
58
-
59
- $cookie_value = implode(" ", $screener);
60
-
61
  bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
62
- bb2_screener_javascript($settings, $package, BB2_COOKIE, $cookie_value);
63
  }
9
  setcookie($cookie_name, $cookie_value, 1, bb2_relative_path());
10
  }
11
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12
  function bb2_screener($settings, $package)
13
  {
 
 
 
 
 
 
 
 
 
 
 
 
 
14
  bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
 
15
  }
settings-sample.ini CHANGED
@@ -9,7 +9,6 @@ httpbl_key = ""
9
  httpbl_threat = 25
10
  httpbl_maxage = 30
11
  offsite_forms = false
12
- eu_cookie = false
13
  reverse_proxy = false
14
  reverse_proxy_header = "X-Forwarded-For"
15
  ;reverse_proxy_addresses[] =
9
  httpbl_threat = 25
10
  httpbl_maxage = 30
11
  offsite_forms = false
 
12
  reverse_proxy = false
13
  reverse_proxy_header = "X-Forwarded-For"
14
  ;reverse_proxy_addresses[] =