Bad Behavior - Version 2.2.23

Version Description

Release Info

Developer	error
Plugin	Bad Behavior
Version	2.2.23
Comparing to
See all releases

Code changes from version 2.2.22 to 2.2.23

Files changed (8) hide show

README.txt +3 -3
bad-behavior-generic.php +2 -2
bad-behavior-mediawiki.php +2 -2
bad-behavior-wordpress-admin.php +6 -6
bad-behavior-wordpress.php +5 -5
bad-behavior/banned.inc.php +1 -1
bad-behavior/cloudflare.inc.php +1 -1
bad-behavior/searchengine.inc.php +3 -3

README.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Tags: comment,trackback,referrer,spam,robot,antispam
3	Contributors: error
4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5	Requires at least: 3.5
6	- Tested up to: 4.9.7
7	- Stable tag: 2.2.22
8
9	Bad Behavior prevents spammers from ever delivering their junk, and in many
10	cases, from ever reading your site in the first place.
	@@ -72,7 +72,7 @@ the following:
72	include( './extensions/Bad-Behavior/bad-behavior-mediawiki.php' );
73
74	For complete documentation and installation instructions, please visit
75	- ~~http~~://bad-behavior.ioerror.us/
76
77	== Screenshots ==
78


3	Contributors: error
4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5	Requires at least: 3.5
6	+ Tested up to: 5.2.2
7	+ Stable tag: 2.2.23
8
9	Bad Behavior prevents spammers from ever delivering their junk, and in many
10	cases, from ever reading your site in the first place.

72	include( './extensions/Bad-Behavior/bad-behavior-mediawiki.php' );
73
74	For complete documentation and installation instructions, please visit
75	+ https://bad-behavior.ioerror.us/
76
77	== Screenshots ==
78

bad-behavior-generic.php CHANGED Viewed

	@@ -16,7 +16,7 @@ You should have received a copy of the GNU Lesser General Public License along
16	with this program. If not, see <http://www.gnu.org/licenses/>.
17
18	Please report any problems to bad . bots AT ioerror DOT us
19	- ~~http~~://bad-behavior.ioerror.us/
20	*/
21
22	###############################################################################
	@@ -134,7 +134,7 @@ function bb2_insert_stats($force = false) {
134	if ($force \|\| $settings['display_stats']) {
135	$blocked = bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
136	if ($blocked !== FALSE) {
137	- echo sprintf('<p><a href="~~http~~://bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
138	}
139	}
140	}


16	with this program. If not, see <http://www.gnu.org/licenses/>.
17
18	Please report any problems to bad . bots AT ioerror DOT us
19	+ https://bad-behavior.ioerror.us/
20	*/
21
22	###############################################################################

134	if ($force \|\| $settings['display_stats']) {
135	$blocked = bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
136	if ($blocked !== FALSE) {
137	+ echo sprintf('<p><a href="https://bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
138	}
139	}
140	}

bad-behavior-mediawiki.php CHANGED Viewed

	@@ -16,7 +16,7 @@ You should have received a copy of the GNU Lesser General Public License along
16	with this program. If not, see <http://www.gnu.org/licenses/>.
17
18	Please report any problems to bad . bots AT ioerror DOT us
19	- ~~http~~://www.bad-behavior.ioerror.us/
20	*/
21
22	###############################################################################
	@@ -186,7 +186,7 @@ $wgExtensionCredits['other'][] = array(
186	'version' => BB2_VERSION,
187	'author' => 'Michael Hampton',
188	'description' => 'Detects and blocks unwanted Web accesses',
189	- 'url' => '~~http~~://bad-behavior.ioerror.us/'
190	);
191
192	$wgHooks['BeforePageDisplay'][] = 'bb2_mediawiki_timer';


16	with this program. If not, see <http://www.gnu.org/licenses/>.
17
18	Please report any problems to bad . bots AT ioerror DOT us
19	+ https://www.bad-behavior.ioerror.us/
20	*/
21
22	###############################################################################

186	'version' => BB2_VERSION,
187	'author' => 'Michael Hampton',
188	'description' => 'Detects and blocks unwanted Web accesses',
189	+ 'url' => 'https://bad-behavior.ioerror.us/'
190	);
191
192	$wgHooks['BeforePageDisplay'][] = 'bb2_mediawiki_timer';

bad-behavior-wordpress-admin.php CHANGED Viewed

	@@ -151,7 +151,7 @@ function bb2_manage() {
151	?>
152	<h2><?php _e("Bad Behavior Log"); ?></h2>
153	<form method="post" action="<?php echo admin_url("tools.php?page=bb2_manage") ?>">
154	- <p>For more information please visit the <a href="~~http~~://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
155	<p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options") ?>">Settings</a> \| <a href="<?php echo admin_url("options-general.php?page=bb2_whitelist") ?>">Whitelist</a></p>
156	<div class="tablenav">
157	<?php
	@@ -204,7 +204,7 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
204	$host .= "<br/>\n";
205	}
206	echo "<td><a href=\"" . esc_url( add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) ) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . esc_url( add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked", "permitted"), $request_uri)) ) . "\">" . $key["log"] . "</a>\n";
207	- if ($httpbl) echo "<br/><br/><a href=\"~~http~~://www.projecthoneypot.org/ip_{$result['ip']}\">http:BL</a>:<br/>$httpbl\n";
208	echo "</td>\n";
209	$headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
210	if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . esc_url( add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) ) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
	@@ -274,7 +274,7 @@ function bb2_whitelist()
274	<h2><?php _e("Bad Behavior Whitelist"); ?></h2>
275	<form method="post" action="<?php echo admin_url("options-general.php?page=bb2_whitelist"); ?>">
276	<p>Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN that you should.</p>
277	- <p>For more information please visit the <a href="~~http~~://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
278	<p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options") ?>">Settings</a> \| <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">Log</a></p>
279
280	<h3><?php _e('IP Address'); ?></h3>
	@@ -393,7 +393,7 @@ function bb2_options()
393	?>
394	<h2><?php _e("Bad Behavior"); ?></h2>
395	<form method="post" action="<?php echo admin_url("options-general.php?page=bb2_options"); ?>">
396	- <p>For more information please visit the <a href="~~http~~://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
397	<p>See also: <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">Log</a> \| <a href="<?php echo admin_url("options-general.php?page=bb2_whitelist") ?>">Whitelist</a></p>
398
399	<h3><?php _e('Statistics'); ?></h3>
	@@ -416,7 +416,7 @@ function bb2_options()
416	</table>
417
418	<h3><?php _e('http:BL'); ?></h3>
419	- <p>To use Bad Behavior's http:BL features you must have an <a href="~~http~~://www.projecthoneypot.org/httpbl_configure.php?rf=24694">http:BL Access Key</a>.</p>
420	<table class="form-table">
421	<tr><td><label><input type="text" size="12" maxlength="12" name="httpbl_key" value="<?php echo sanitize_text_field($settings['httpbl_key']); ?>" /> http:BL Access Key</label></td></tr>
422	<tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_threat" value="<?php echo intval($settings['httpbl_threat']); ?>" /> Minimum Threat Level (25 is recommended)</label></td></tr>
	@@ -426,7 +426,7 @@ function bb2_options()
426	<h3><?php _e('Reverse Proxy/Load Balancer'); ?></h3>
427	<p>If you are using Bad Behavior behind a reverse proxy, load balancer, HTTP accelerator, content cache or similar technology, enable the Reverse Proxy option.</p>
428	<p>If you have a chain of two or more reverse proxies between your server and the public Internet, you must specify <em>all</em> of the IP address ranges (in CIDR format) of all of your proxy servers, load balancers, etc. Otherwise, Bad Behavior may be unable to determine the client's true IP address.</p>
429	- <p>In addition, your reverse proxy servers must set the IP address of the Internet client from which they received the request in an HTTP header. If you don't specify a header, <a href="~~http~~://en.wikipedia.org/wiki/X-Forwarded-For">X-Forwarded-For</a> will be used. Most proxy servers already support X-Forwarded-For and you would then only need to ensure that it is enabled on your proxy servers. Some other header names in common use include <u>X-Real-Ip</u> (nginx) and <u>Cf-Connecting-Ip</u> (CloudFlare).</p>
430	<table class="form-table">
431	<tr><td><label><input type="checkbox" name="reverse_proxy" value="true" <?php if ($settings['reverse_proxy']) { ?>checked="checked" <?php } ?>/> <?php _e('Enable Reverse Proxy'); ?></label></td></tr>
432	<tr><td><label><input type="text" size="32" name="reverse_proxy_header" value="<?php echo sanitize_text_field($settings['reverse_proxy_header']); ?>" /> Header containing Internet clients' IP address</label></td></tr>


151	?>
152	<h2><?php _e("Bad Behavior Log"); ?></h2>
153	<form method="post" action="<?php echo admin_url("tools.php?page=bb2_manage") ?>">
154	+ <p>For more information please visit the <a href="https://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
155	<p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options") ?>">Settings</a> \| <a href="<?php echo admin_url("options-general.php?page=bb2_whitelist") ?>">Whitelist</a></p>
156	<div class="tablenav">
157	<?php

204	$host .= "<br/>\n";
205	}
206	echo "<td><a href=\"" . esc_url( add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) ) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . esc_url( add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked", "permitted"), $request_uri)) ) . "\">" . $key["log"] . "</a>\n";
207	+ if ($httpbl) echo "<br/><br/><a href=\"https://www.projecthoneypot.org/ip_{$result['ip']}\">http:BL</a>:<br/>$httpbl\n";
208	echo "</td>\n";
209	$headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
210	if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . esc_url( add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) ) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));

274	<h2><?php _e("Bad Behavior Whitelist"); ?></h2>
275	<form method="post" action="<?php echo admin_url("options-general.php?page=bb2_whitelist"); ?>">
276	<p>Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN that you should.</p>
277	+ <p>For more information please visit the <a href="https://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
278	<p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options") ?>">Settings</a> \| <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">Log</a></p>
279
280	<h3><?php _e('IP Address'); ?></h3>

393	?>
394	<h2><?php _e("Bad Behavior"); ?></h2>
395	<form method="post" action="<?php echo admin_url("options-general.php?page=bb2_options"); ?>">
396	+ <p>For more information please visit the <a href="https://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
397	<p>See also: <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">Log</a> \| <a href="<?php echo admin_url("options-general.php?page=bb2_whitelist") ?>">Whitelist</a></p>
398
399	<h3><?php _e('Statistics'); ?></h3>

416	</table>
417
418	<h3><?php _e('http:BL'); ?></h3>
419	+ <p>To use Bad Behavior's http:BL features you must have an <a href="https://www.projecthoneypot.org/httpbl_configure.php?rf=24694">http:BL Access Key</a>.</p>
420	<table class="form-table">
421	<tr><td><label><input type="text" size="12" maxlength="12" name="httpbl_key" value="<?php echo sanitize_text_field($settings['httpbl_key']); ?>" /> http:BL Access Key</label></td></tr>
422	<tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_threat" value="<?php echo intval($settings['httpbl_threat']); ?>" /> Minimum Threat Level (25 is recommended)</label></td></tr>

426	<h3><?php _e('Reverse Proxy/Load Balancer'); ?></h3>
427	<p>If you are using Bad Behavior behind a reverse proxy, load balancer, HTTP accelerator, content cache or similar technology, enable the Reverse Proxy option.</p>
428	<p>If you have a chain of two or more reverse proxies between your server and the public Internet, you must specify <em>all</em> of the IP address ranges (in CIDR format) of all of your proxy servers, load balancers, etc. Otherwise, Bad Behavior may be unable to determine the client's true IP address.</p>
429	+ <p>In addition, your reverse proxy servers must set the IP address of the Internet client from which they received the request in an HTTP header. If you don't specify a header, <a href="https://en.wikipedia.org/wiki/X-Forwarded-For">X-Forwarded-For</a> will be used. Most proxy servers already support X-Forwarded-For and you would then only need to ensure that it is enabled on your proxy servers. Some other header names in common use include <u>X-Real-Ip</u> (nginx) and <u>Cf-Connecting-Ip</u> (CloudFlare).</p>
430	<table class="form-table">
431	<tr><td><label><input type="checkbox" name="reverse_proxy" value="true" <?php if ($settings['reverse_proxy']) { ?>checked="checked" <?php } ?>/> <?php _e('Enable Reverse Proxy'); ?></label></td></tr>
432	<tr><td><label><input type="text" size="32" name="reverse_proxy_header" value="<?php echo sanitize_text_field($settings['reverse_proxy_header']); ?>" /> Header containing Internet clients' IP address</label></td></tr>

bad-behavior-wordpress.php CHANGED Viewed

	@@ -1,11 +1,11 @@
1	<?php
2	/*
3	Plugin Name: Bad Behavior
4	- Version: 2.2.22
5	Description: Deny automated spambots access to your PHP-based Web site.
6	- Plugin URI: ~~http~~://bad-behavior.ioerror.us/
7	Author: Michael Hampton
8	- Author URI: ~~http~~://bad-behavior.ioerror.us/
9	License: LGPLv3
10
11	Bad Behavior - detects and blocks unwanted Web accesses
	@@ -24,7 +24,7 @@ You should have received a copy of the GNU Lesser General Public License along
24	with this program. If not, see <http://www.gnu.org/licenses/>.
25
26	Please report any problems to bad . bots AT ioerror DOT us
27	- ~~http~~://bad-behavior.ioerror.us/
28	*/
29
30	###############################################################################
	@@ -161,7 +161,7 @@ function bb2_insert_stats($force = false) {
161	if ($force \|\| $settings['display_stats']) {
162	$blocked = bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
163	if ($blocked !== FALSE) {
164	- echo sprintf('<p><a href="~~http~~://bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
165	}
166	}
167	if (@!empty($bb2_result)) {


1	<?php
2	/*
3	Plugin Name: Bad Behavior
4	+ Version: 2.2.23
5	Description: Deny automated spambots access to your PHP-based Web site.
6	+ Plugin URI: https://bad-behavior.ioerror.us/
7	Author: Michael Hampton
8	+ Author URI: https://bad-behavior.ioerror.us/
9	License: LGPLv3
10
11	Bad Behavior - detects and blocks unwanted Web accesses

24	with this program. If not, see <http://www.gnu.org/licenses/>.
25
26	Please report any problems to bad . bots AT ioerror DOT us
27	+ https://bad-behavior.ioerror.us/
28	*/
29
30	###############################################################################

161	if ($force \|\| $settings['display_stats']) {
162	$blocked = bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
163	if ($blocked !== FALSE) {
164	+ echo sprintf('<p><a href="https://bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
165	}
166	}
167	if (@!empty($bb2_result)) {

bad-behavior/banned.inc.php CHANGED Viewed

	@@ -53,7 +53,7 @@ function bb2_display_denial($settings, $package, $key, $previous_key = false)
53	<?php echo htmlspecialchars($request_uri) ?> on this server.</p>
54	<p><?php echo $response['explanation']; ?></p>
55	<p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
56	- <p>You can use this key to <a href="~~http~~://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
57	<p>If you are unable to fix the problem yourself, please contact <a href="mailto:<?php echo htmlspecialchars(str_replace("@", "+nospam@nospam.", bb2_email())); ?>"><?php echo htmlspecialchars(str_replace("@", " at ", bb2_email())); ?></a> and be sure to provide the technical support key shown above.</p>
58	<?php
59	}


53	<?php echo htmlspecialchars($request_uri) ?> on this server.</p>
54	<p><?php echo $response['explanation']; ?></p>
55	<p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
56	+ <p>You can use this key to <a href="https://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
57	<p>If you are unable to fix the problem yourself, please contact <a href="mailto:<?php echo htmlspecialchars(str_replace("@", "+nospam@nospam.", bb2_email())); ?>"><?php echo htmlspecialchars(str_replace("@", " at ", bb2_email())); ?></a> and be sure to provide the technical support key shown above.</p>
58	<?php
59	}

bad-behavior/cloudflare.inc.php CHANGED Viewed

	@@ -6,7 +6,7 @@ require_once(BB2_CORE . "/roundtripdns.inc.php");
6
7	function bb2_cloudflare($package)
8	{
9	- # Disabled due to ~~http~~://bugs.php.net/bug.php?id=53092
10	# if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
11	# return '70e45496';
12	# }


6
7	function bb2_cloudflare($package)
8	{
9	+ # Disabled due to https://bugs.php.net/bug.php?id=53092
10	# if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
11	# return '70e45496';
12	# }

bad-behavior/searchengine.inc.php CHANGED Viewed

	@@ -11,7 +11,7 @@ function bb2_google($package)
11	return false; # Soft fail, must pass other screening
12	#return "f1182195"; # Hard fail
13	}
14	- # Disabled due to ~~http~~://bugs.php.net/bug.php?id=53092
15	# if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
16	# return "f1182195";
17	# }
	@@ -27,7 +27,7 @@ function bb2_msnbot($package)
27	return false; # Soft fail, must pass other screening
28	#return "e4de0453"; # Hard fail
29	}
30	- # Disabled due to ~~http~~://bugs.php.net/bug.php?id=53092
31	# if (!bb2_roundtripdns($package['ip'], "msn.com")) {
32	# return "e4de0453";
33	# }
	@@ -43,7 +43,7 @@ function bb2_yahoo($package)
43	return false; # Soft fail, must pass other screening
44	#return '71436a15'; # Hard fail
45	}
46	- # Disabled due to ~~http~~://bugs.php.net/bug.php?id=53092
47	# if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
48	# return "71436a15";
49	# }


11	return false; # Soft fail, must pass other screening
12	#return "f1182195"; # Hard fail
13	}
14	+ # Disabled due to https://bugs.php.net/bug.php?id=53092
15	# if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
16	# return "f1182195";
17	# }

27	return false; # Soft fail, must pass other screening
28	#return "e4de0453"; # Hard fail
29	}
30	+ # Disabled due to https://bugs.php.net/bug.php?id=53092
31	# if (!bb2_roundtripdns($package['ip'], "msn.com")) {
32	# return "e4de0453";
33	# }

43	return false; # Soft fail, must pass other screening
44	#return '71436a15'; # Hard fail
45	}
46	+ # Disabled due to https://bugs.php.net/bug.php?id=53092
47	# if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
48	# return "71436a15";
49	# }