Bad Behavior - Version 2.2.9

Version Description

Download this release

Release Info

Developer error
Plugin Icon wp plugin Bad Behavior
Version 2.2.9
Comparing to
See all releases

Code changes from version 2.2.8 to 2.2.9

Files changed (7) hide show
  1. README.txt +2 -2
  2. bad-behavior-wordpress-admin.php +0 -1
  3. bad-behavior-wordpress.php +1 -1
  4. bad-behavior/blacklist.inc.php +34 -0
  5. bad-behavior/core.inc.php +1 -1
  6. bad-behavior/responses.inc.php +1 -0
  7. bad-behavior/searchengine.inc.php +1 -1
README.txt CHANGED
@@ -3,8 +3,8 @@ Tags: comment,trackback,referrer,spam,robot,antispam
3
  Contributors: error, markjaquith, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 3.1
6
- Tested up to: 3.4
7
- Stable tag: 2.2.8
8
 
9
  Bad Behavior prevents spammers from ever delivering their junk, and in many
10
  cases, from ever reading your site in the first place.
3
  Contributors: error, markjaquith, skeltoac
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
5
  Requires at least: 3.1
6
+ Tested up to: 3.4.1
7
+ Stable tag: 2.2.9
8
 
9
  Bad Behavior prevents spammers from ever delivering their junk, and in many
10
  cases, from ever reading your site in the first place.
bad-behavior-wordpress-admin.php CHANGED
@@ -267,7 +267,6 @@ function bb2_whitelist()
267
  ?>
268
  <div class="wrap">
269
  <?php
270
- $whitelists = bb2_read_whitelist();
271
  echo bb2_donate_button(admin_url("options-general.php?page=bb2_whitelist"));
272
  ?>
273
  <h2><?php _e("Bad Behavior Whitelist"); ?></h2>
267
  ?>
268
  <div class="wrap">
269
  <?php
 
270
  echo bb2_donate_button(admin_url("options-general.php?page=bb2_whitelist"));
271
  ?>
272
  <h2><?php _e("Bad Behavior Whitelist"); ?></h2>
bad-behavior-wordpress.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
- Version: 2.2.8
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://bad-behavior.ioerror.us/
7
  Author: Michael Hampton
1
  <?php
2
  /*
3
  Plugin Name: Bad Behavior
4
+ Version: 2.2.9
5
  Description: Deny automated spambots access to your PHP-based Web site.
6
  Plugin URI: http://bad-behavior.ioerror.us/
7
  Author: Michael Hampton
bad-behavior/blacklist.inc.php CHANGED
@@ -79,6 +79,7 @@ function bb2_blacklist($package) {
79
  "Gecko/25", // revisit this in 500 years
80
  "grub-client", // search engine ignores robots.txt
81
  "hanzoweb", // very badly behaved crawler
 
82
  "Indy Library", // misc comment/email spam
83
  "MSIE 7.0; Windows NT 5.2", // Cyveillance
84
  "Murzillo compatible", // comment spam bot
@@ -108,6 +109,7 @@ function bb2_blacklist($package) {
108
  "Windows XP 5", // spam harvester
109
  "WordPress/4.01", // pingback spam
110
  "Xedant Human Emulator",// spammer script engine
 
111
  "\\\\)", // spam harvester
112
  );
113
 
@@ -122,9 +124,35 @@ function bb2_blacklist($package) {
122
  "/MSIE [2345]/", // too old; assumed robot
123
  );
124
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
125
  // Do not edit below this line.
126
 
127
  @$ua = $package['headers_mixed']['User-Agent'];
 
128
 
129
  foreach ($bb2_spambots_0 as $spambot) {
130
  $pos = strpos($ua, $spambot);
@@ -145,5 +173,11 @@ function bb2_blacklist($package) {
145
  }
146
  }
147
 
 
 
 
 
 
 
148
  return FALSE;
149
  }
79
  "Gecko/25", // revisit this in 500 years
80
  "grub-client", // search engine ignores robots.txt
81
  "hanzoweb", // very badly behaved crawler
82
+ "Havij", // SQL injection tool
83
  "Indy Library", // misc comment/email spam
84
  "MSIE 7.0; Windows NT 5.2", // Cyveillance
85
  "Murzillo compatible", // comment spam bot
109
  "Windows XP 5", // spam harvester
110
  "WordPress/4.01", // pingback spam
111
  "Xedant Human Emulator",// spammer script engine
112
+ "ZmEu", // exploit scanner
113
  "\\\\)", // spam harvester
114
  );
115
 
124
  "/MSIE [2345]/", // too old; assumed robot
125
  );
126
 
127
+ // Blacklisted URL strings
128
+ // These strings are considered case-insensitive.
129
+ $bb2_spambots_url = array(
130
+ "0x31303235343830303536", // Havij
131
+ "../", // path traversal
132
+ "..\\", // path traversal
133
+ "%60information_schema%60", // SQL injection probe
134
+ "+%2F*%21", // SQL injection probe
135
+ "+and+%", // SQL injection probe
136
+ "+and+1%", // SQL injection probe
137
+ "+and+if", // SQL injection probe
138
+ "%27--", // SQL injection
139
+ "%27 --", // SQL injection
140
+ "%27%23", // SQL injection
141
+ "%27 %23", // SQL injection
142
+ "benchmark%28", // SQL injection probe
143
+ "insert+into+", // SQL injection
144
+ "r3dm0v3", // SQL injection probe
145
+ "select+1+from", // SQL injection probe
146
+ "union+all+select", // SQL injection probe
147
+ "union+select", // SQL injection probe
148
+ "waitfor+delay+", // SQL injection probe
149
+ "w00tw00t", // vulnerability scanner
150
+ );
151
+
152
  // Do not edit below this line.
153
 
154
  @$ua = $package['headers_mixed']['User-Agent'];
155
+ @$uri = $package['request_uri'];
156
 
157
  foreach ($bb2_spambots_0 as $spambot) {
158
  $pos = strpos($ua, $spambot);
173
  }
174
  }
175
 
176
+ foreach ($bb2_spambots_utl as $spambot) {
177
+ if (stripos($uri, $spambot) !== FALSE) {
178
+ return "96c0bd29";
179
+ }
180
+ }
181
+
182
  return FALSE;
183
  }
bad-behavior/core.inc.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
- define('BB2_VERSION', "2.2.8");
3
 
4
  // Bad Behavior entry point is bb2_start()
5
  // If you're reading this, you are probably lost.
1
  <?php if (!defined('BB2_CWD')) die("I said no cheating!");
2
+ define('BB2_VERSION', "2.2.9");
3
 
4
  // Bad Behavior entry point is bb2_start()
5
  // If you're reading this, you are probably lost.
bad-behavior/responses.inc.php CHANGED
@@ -26,6 +26,7 @@ function bb2_get_response($key) {
26
  '7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
27
  '7d12528e' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Prohibited header \'Range\' or \'Content-Range\' in POST request'),
28
  '939a6fbb' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Banned proxy server in use'),
 
29
  '9c9e4979' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'via\' present'),
30
  'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
31
  'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
26
  '7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
27
  '7d12528e' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Prohibited header \'Range\' or \'Content-Range\' in POST request'),
28
  '939a6fbb' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Banned proxy server in use'),
29
+ '96c0bd29' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'URL pattern found on blacklist'),
30
  '9c9e4979' => array('response' => 403, 'explanation' => 'The proxy server you are using is not permitted to access this server. Please bypass the proxy server, or contact your proxy server administrator.', 'log' => 'Prohibited header \'via\' present'),
31
  'a0105122' => array('response' => 417, 'explanation' => 'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\' prohibited; resend without Expect'),
32
  'a1084bad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User-Agent claimed to be MSIE, with invalid Windows version'),
bad-behavior/searchengine.inc.php CHANGED
@@ -20,7 +20,7 @@ function bb2_google($package)
20
 
21
  function bb2_msnbot($package)
22
  {
23
- if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
24
  return "e4de0453";
25
  }
26
  # Disabled due to http://bugs.php.net/bug.php?id=53092
20
 
21
  function bb2_msnbot($package)
22
  {
23
+ if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14", "131.253.21.0/24", "131.253.22.0/23", "131.253.24.0/21", "131.253.32.0/20")) === FALSE) {
24
  return "e4de0453";
25
  }
26
  # Disabled due to http://bugs.php.net/bug.php?id=53092