This is an automated email from the git hooks/post-receive script. s k u n n y k p u s h e d a c o m m i t t o b r a n c h o l d f o r u m in repository www/forum.xfce.org.
commit 67c47615e4ce0e5daf1cdae568b0f292478475e3 Author: Nick Schermer <n...@xfce.org> Date: Sun Jan 16 20:48:56 2011 +0100 Update to bad-behaviour 2.1.8. --- include/bad-behavior-fluxbb.php | 1 - include/bad-behavior/banned.inc.php | 13 +++++ include/bad-behavior/blacklist.inc.php | 6 ++- include/bad-behavior/browser.inc.php | 86 +++++++++++++++++++++++++++++++ include/bad-behavior/cloudflare.inc.php | 7 +-- include/bad-behavior/common_tests.inc.php | 12 +++-- include/bad-behavior/core.inc.php | 30 ++++++----- include/bad-behavior/functions.inc.php | 2 +- include/bad-behavior/google.inc.php | 18 ------- include/bad-behavior/housekeeping.inc.php | 16 ------ include/bad-behavior/konqueror.inc.php | 17 ------ include/bad-behavior/lynx.inc.php | 13 ----- include/bad-behavior/mozilla.inc.php | 19 ------- include/bad-behavior/msie.inc.php | 26 ---------- include/bad-behavior/msnbot.inc.php | 18 ------- include/bad-behavior/opera.inc.php | 13 ----- include/bad-behavior/post.inc.php | 26 +++++++++- include/bad-behavior/responses.inc.php | 1 + include/bad-behavior/safari.inc.php | 13 ----- include/bad-behavior/searchengine.inc.php | 47 +++++++++++++++++ include/bad-behavior/trackback.inc.php | 28 ---------- include/bad-behavior/version.inc.php | 3 -- 22 files changed, 206 insertions(+), 209 deletions(-) diff --git a/include/bad-behavior-fluxbb.php b/include/bad-behavior-fluxbb.php index 5eb5dbf..a041590 100644 --- a/include/bad-behavior-fluxbb.php +++ b/include/bad-behavior-fluxbb.php @@ -166,7 +166,6 @@ function bb2_relative_path() { } // Calls inward to Bad Behavor itself. -require_once(BB2_CWD . "/bad-behavior/version.inc.php"); require_once(BB2_CWD . "/bad-behavior/core.inc.php"); bb2_install(); diff --git a/include/bad-behavior/banned.inc.php b/include/bad-behavior/banned.inc.php index 2b26cb1..a92178a 100644 --- a/include/bad-behavior/banned.inc.php +++ b/include/bad-behavior/banned.inc.php @@ -5,6 +5,19 @@ require_once(BB2_CORE . "/responses.inc.php"); +function bb2_housekeeping($settings, $package) +{ + // FIXME Yes, the interval's hard coded (again) for now. + $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)"; + bb2_db_query($query); + + // Waste a bunch more of the spammer's time, sometimes. + if (rand(1,1000) == 1) { + $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`"; + bb2_db_query($query); + } +} + function bb2_display_denial($settings, $package, $key, $previous_key = false) { define('DONOTCACHEPAGE', true); // WP Super Cache diff --git a/include/bad-behavior/blacklist.inc.php b/include/bad-behavior/blacklist.inc.php index e9ca62a..2b1c666 100644 --- a/include/bad-behavior/blacklist.inc.php +++ b/include/bad-behavior/blacklist.inc.php @@ -18,6 +18,7 @@ function bb2_blacklist($package) { "EmailCollector", // spam harvester "Email Siphon", // spam harvester "EmailSiphon", // spam harvester + "Forum Poster", // forum spambot "grub crawler", // misc comment/email spam "HttpProxy", // misc comment/email spam "Internet Explorer", // XMLRPC exploits seen @@ -34,7 +35,7 @@ function bb2_blacklist($package) { "Mozilla ", // malicious software "Mozilla/2", // malicious software "Mozilla/4.0(", // from honeypot - "Mozilla/4.0+(", // suspicious harvester + "Mozilla/4.0+(compatible;+", // suspicious harvester "MSIE", // malicious software "NutchCVS", // unidentified robots "Nutscrape/", // misc comment spam @@ -42,8 +43,9 @@ function bb2_blacklist($package) { "psycheclone", // spam harvester "PussyCat ", // misc comment spam "PycURL", // misc comment spam -// "Shockwave Flash", // spam harvester + "Python-urllib", // commonly abused // WP 2.5 now has Flash; FIXME +// "Shockwave Flash", // spam harvester "Super Happy Fun ", // spam harvester "TrackBack/", // trackback spam "user", // suspicious harvester diff --git a/include/bad-behavior/browser.inc.php b/include/bad-behavior/browser.inc.php new file mode 100644 index 0000000..773d6ef --- /dev/null +++ b/include/bad-behavior/browser.inc.php @@ -0,0 +1,86 @@ +<?php if (!defined('BB2_CORE')) die('I said no cheating!'); + +// Analyze user agents claiming to be Konqueror + +function bb2_konqueror($package) +{ + // CafeKelsa is a dev project at Yahoo which indexes job listings for + // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks. + if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) { + if (!array_key_exists('Accept', $package['headers_mixed'])) { + return "17566707"; + } + } + return false; +} + +// Analyze user agents claiming to be Lynx + +function bb2_lynx($package) +{ + if (!array_key_exists('Accept', $package['headers_mixed'])) { + return "17566707"; + } + return false; +} + +// Analyze user agents claiming to be Mozilla + +function bb2_mozilla($package) +{ + // First off, workaround for Google Desktop, until they fix it FIXME + // Google Desktop fixed it, but apparently some old versions are + // still out there. :( + // Always check accept header for Mozilla user agents + if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) { + if (!array_key_exists('Accept', $package['headers_mixed'])) { + return "17566707"; + } + } + return false; +} + +// Analyze user agents claiming to be MSIE + +function bb2_msie($package) +{ + if (!array_key_exists('Accept', $package['headers_mixed'])) { + return "17566707"; + } + + // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent + if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) { + return "a1084bad"; + } + + // MSIE does NOT send Connection: TE but Akamai does + // Bypass this test when Akamai detected + // The latest version of IE for Windows CE also uses Connection: TE + if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) { + return "2b90f772"; + } + + return false; +} + +// Analyze user agents claiming to be Opera + +function bb2_opera($package) +{ + if (!array_key_exists('Accept', $package['headers_mixed'])) { + return "17566707"; + } + return false; +} + +// Analyze user agents claiming to be Safari + +function bb2_safari($package) +{ + if (!array_key_exists('Accept', $package['headers_mixed'])) { + return "17566707"; + } + return false; +} + +?> diff --git a/include/bad-behavior/cloudflare.inc.php b/include/bad-behavior/cloudflare.inc.php index 4f77f48..99319f5 100644 --- a/include/bad-behavior/cloudflare.inc.php +++ b/include/bad-behavior/cloudflare.inc.php @@ -6,9 +6,10 @@ require_once(BB2_CORE . "/roundtripdns.inc.php"); function bb2_cloudflare($package) { - if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) { - return '70e45496'; - } +# Disabled due to http://bugs.php.net/bug.php?id=53092 +# if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) { +# return '70e45496'; +# } return false; } diff --git a/include/bad-behavior/common_tests.inc.php b/include/bad-behavior/common_tests.inc.php index fea693f..2826ee5 100644 --- a/include/bad-behavior/common_tests.inc.php +++ b/include/bad-behavior/common_tests.inc.php @@ -4,8 +4,8 @@ function bb2_protocol($settings, $package) { - // Always run this test; we should never see Expect: - if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) { + // We should never see Expect: for HTTP/1.0 requests + if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) { return "a0105122"; } @@ -40,6 +40,8 @@ function bb2_misc_headers($settings, $package) // Broken spambots send URLs with various invalid characters // Some broken browsers send the #vector in the referer field :( + // Worse yet, some Javascript client-side apps do the same in + // blatant violation of the protocol and good sense. // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) { if (strpos($package['request_uri'], "#") !== FALSE) { return "dfd9b1ad"; @@ -108,8 +110,6 @@ function bb2_misc_headers($settings, $package) if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) { return "b0924802"; } - // Close should not be oddly capitalized - } @@ -118,6 +118,8 @@ function bb2_misc_headers($settings, $package) return "b9cc1d86"; } // Proxy-Connection does not exist and should never be seen in the wild + // http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html + // http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) { return "b7830251"; } @@ -130,7 +132,7 @@ function bb2_misc_headers($settings, $package) // Referer, if it exists, must contain a : // While a relative URL is technically valid in Referer, all known - // legit user-agents send an absolute URL + // legitimate user-agents send an absolute URL if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) { return "45b35e30"; } diff --git a/include/bad-behavior/core.inc.php b/include/bad-behavior/core.inc.php index a9d2bbf..663e44b 100644 --- a/include/bad-behavior/core.inc.php +++ b/include/bad-behavior/core.inc.php @@ -1,4 +1,5 @@ <?php if (!defined('BB2_CWD')) die("I said no cheating!"); +define('BB2_VERSION', "2.1.8"); // Bad Behavior entry point is bb2_start() // If you're reading this, you are probably lost. @@ -22,7 +23,6 @@ function bb2_banned($settings, $package, $key, $previous_key=false) bb2_banned_callback($settings, $package, $key); } // Penalize the spammers some more - require_once(BB2_CORE . "/housekeeping.inc.php"); bb2_housekeeping($settings, $package); die(); } @@ -80,8 +80,8 @@ function bb2_start($settings) function bb2_screen($settings, $package) { - // Please proceed to the security checkpoint and have your - // identification and boarding pass ready. + // Please proceed to the security checkpoint, have your identification + // and boarding pass ready, and prepare to be nakedized or fondled. // Check for CloudFlare CDN since IP to be screened may be different // Thanks to butchs at Simple Machines @@ -89,6 +89,10 @@ function bb2_screen($settings, $package) require_once(BB2_CORE . "/cloudflare.inc.php"); $r = bb2_cloudflare($package); if ($r !== false && $r != $package['ip']) return $r; + # FIXME: For Cloudflare we are bypassing all checks for now + # See cloudflare.inc.php for more detail + bb2_approved($settings, $package); + return false; } // First check the whitelist @@ -113,41 +117,43 @@ function bb2_screen($settings, $package) // MSIE checks if (stripos($ua, "; MSIE") !== FALSE) { $package['is_browser'] = true; + require_once(BB2_CORE . "/browser.inc.php"); if (stripos($ua, "Opera") !== FALSE) { - require_once(BB2_CORE . "/opera.inc.php"); if ($r = bb2_opera($package)) return $r; } else { - require_once(BB2_CORE . "/msie.inc.php"); if ($r = bb2_msie($package)) return $r; } } elseif (stripos($ua, "Konqueror") !== FALSE) { $package['is_browser'] = true; - require_once(BB2_CORE . "/konqueror.inc.php"); + require_once(BB2_CORE . "/browser.inc.php"); if ($r = bb2_konqueror($package)) return $r; } elseif (stripos($ua, "Opera") !== FALSE) { $package['is_browser'] = true; - require_once(BB2_CORE . "/opera.inc.php"); + require_once(BB2_CORE . "/browser.inc.php"); if ($r = bb2_opera($package)) return $r; } elseif (stripos($ua, "Safari") !== FALSE) { $package['is_browser'] = true; - require_once(BB2_CORE . "/safari.inc.php"); + require_once(BB2_CORE . "/browser.inc.php"); if ($r = bb2_safari($package)) return $r; } elseif (stripos($ua, "Lynx") !== FALSE) { $package['is_browser'] = true; - require_once(BB2_CORE . "/lynx.inc.php"); + require_once(BB2_CORE . "/browser.inc.php"); if ($r = bb2_lynx($package)) return $r; } elseif (stripos($ua, "MovableType") !== FALSE) { require_once(BB2_CORE . "/movabletype.inc.php"); if ($r = bb2_movabletype($package)) return $r; } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) { - require_once(BB2_CORE . "/msnbot.inc.php"); + require_once(BB2_CORE . "/searchengine.inc.php"); if ($r = bb2_msnbot($package)) return $r; } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) { - require_once(BB2_CORE . "/google.inc.php"); + require_once(BB2_CORE . "/searchengine.inc.php"); if ($r = bb2_google($package)) return $r; + } elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) { + require_once(BB2_CORE . "/searchengine.inc.php"); + if ($r = bb2_yahoo($package)) return $r; } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) { $package['is_browser'] = true; - require_once(BB2_CORE . "/mozilla.inc.php"); + require_once(BB2_CORE . "/browser.inc.php"); if ($r = bb2_mozilla($package)) return $r; } diff --git a/include/bad-behavior/functions.inc.php b/include/bad-behavior/functions.inc.php index 1c27cb1..436cf6a 100644 --- a/include/bad-behavior/functions.inc.php +++ b/include/bad-behavior/functions.inc.php @@ -64,7 +64,7 @@ function bb2_load_headers() { if (!is_callable('getallheaders')) { $headers = array(); foreach ($_SERVER as $h => $v) - if (ereg('HTTP_(.+)', $h, $hp)) + if (preg_match('/HTTP_(.+)/', $h, $hp)) $headers[str_replace("_", "-", uc_all($hp[1]))] = $v; } else { $headers = getallheaders(); diff --git a/include/bad-behavior/google.inc.php b/include/bad-behavior/google.inc.php deleted file mode 100644 index 61d424d..0000000 --- a/include/bad-behavior/google.inc.php +++ /dev/null @@ -1,18 +0,0 @@ -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); - -// Analyze user agents claiming to be Googlebot - -require_once(BB2_CORE . "/roundtripdns.inc.php"); - -function bb2_google($package) -{ -# if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) { -# return "f1182195"; -# } - if (!bb2_roundtripdns($package['ip'], "googlebot.com")) { - return "f1182195"; - } - return false; -} - -?> diff --git a/include/bad-behavior/housekeeping.inc.php b/include/bad-behavior/housekeeping.inc.php deleted file mode 100644 index b837ee0..0000000 --- a/include/bad-behavior/housekeeping.inc.php +++ /dev/null @@ -1,16 +0,0 @@ -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); - -function bb2_housekeeping($settings, $package) -{ - // FIXME Yes, the interval's hard coded (again) for now. - $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)"; - bb2_db_query($query); - - // Waste a bunch more of the spammer's time, sometimes. - if (rand(1,1000) == 1) { - $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`"; - bb2_db_query($query); - } -} - -?> diff --git a/include/bad-behavior/konqueror.inc.php b/include/bad-behavior/konqueror.inc.php deleted file mode 100644 index 3a84dba..0000000 --- a/include/bad-behavior/konqueror.inc.php +++ /dev/null @@ -1,17 +0,0 @@ -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); - -// Analyze user agents claiming to be Konqueror - -function bb2_konqueror($package) -{ - // CafeKelsa is a dev project at Yahoo which indexes job listings for - // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks. - if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) { - if (!array_key_exists('Accept', $package['headers_mixed'])) { - return "17566707"; - } - } - return false; -} - -?> diff --git a/include/bad-behavior/lynx.inc.php b/include/bad-behavior/lynx.inc.php deleted file mode 100644 index a59ba10..0000000 --- a/include/bad-behavior/lynx.inc.php +++ /dev/null @@ -1,13 +0,0 @@ -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); - -// Analyze user agents claiming to be Lynx - -function bb2_lynx($package) -{ - if (!array_key_exists('Accept', $package['headers_mixed'])) { - return "17566707"; - } - return false; -} - -?> diff --git a/include/bad-behavior/mozilla.inc.php b/include/bad-behavior/mozilla.inc.php deleted file mode 100644 index a1cac82..0000000 --- a/include/bad-behavior/mozilla.inc.php +++ /dev/null @@ -1,19 +0,0 @@ -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); - -// Analyze user agents claiming to be Mozilla - -function bb2_mozilla($package) -{ - // First off, workaround for Google Desktop, until they fix it FIXME - // Google Desktop fixed it, but apparently some old versions are - // still out there. :( - // Always check accept header for Mozilla user agents - if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) { - if (!array_key_exists('Accept', $package['headers_mixed'])) { - return "17566707"; - } - } - return false; -} - -?> diff --git a/include/bad-behavior/msie.inc.php b/include/bad-behavior/msie.inc.php deleted file mode 100644 index 3c49f26..0000000 --- a/include/bad-behavior/msie.inc.php +++ /dev/null @@ -1,26 +0,0 @@ -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); - -// Analyze user agents claiming to be MSIE - -function bb2_msie($package) -{ - if (!array_key_exists('Accept', $package['headers_mixed'])) { - return "17566707"; - } - - // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent - if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) { - return "a1084bad"; - } - - // MSIE does NOT send Connection: TE but Akamai does - // Bypass this test when Akamai detected - // The latest version of IE for Windows CE also uses Connection: TE - if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) { - return "2b90f772"; - } - - return false; -} - -?> diff --git a/include/bad-behavior/msnbot.inc.php b/include/bad-behavior/msnbot.inc.php deleted file mode 100644 index f647082..0000000 --- a/include/bad-behavior/msnbot.inc.php +++ /dev/null @@ -1,18 +0,0 @@ -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); - -// Analyze user agents claiming to be msnbot - -require_once(BB2_CORE . "/roundtripdns.inc.php"); - -function bb2_msnbot($package) -{ -# if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) { -# return "e4de0453"; -# } - if (!bb2_roundtripdns($package['ip'], "msn.com")) { - return "e4de0453"; - } - return false; -} - -?> diff --git a/include/bad-behavior/opera.inc.php b/include/bad-behavior/opera.inc.php deleted file mode 100644 index e29a8c7..0000000 --- a/include/bad-behavior/opera.inc.php +++ /dev/null @@ -1,13 +0,0 @@ -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); - -// Analyze user agents claiming to be Opera - -function bb2_opera($package) -{ - if (!array_key_exists('Accept', $package['headers_mixed'])) { - return "17566707"; - } - return false; -} - -?> diff --git a/include/bad-behavior/post.inc.php b/include/bad-behavior/post.inc.php index 5857f1a..e1d8ffa 100644 --- a/include/bad-behavior/post.inc.php +++ b/include/bad-behavior/post.inc.php @@ -1,5 +1,30 @@ <?php if (!defined('BB2_CORE')) die('I said no cheating!'); +// Specialized screening for trackbacks +function bb2_trackback($package) +{ + // Web browsers don't send trackbacks + if ($package['is_browser']) { + return 'f0dcb3fd'; + } + + // Proxy servers don't send trackbacks either + if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) { + return 'd60b87c7'; + } + + // Fake WordPress trackbacks + // Real ones do not contain Accept:, and have a charset defined + // Real WP trackbacks may contain Accept: depending on the HTTP + // transport being used by the sending host + if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) { + if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) { + return 'e3990b47'; + } + } + return false; +} + // All tests which apply specifically to POST requests function bb2_post($settings, $package) { @@ -17,7 +42,6 @@ function bb2_post($settings, $package) // Trackbacks need special screening $request_entity = $package['request_entity']; if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) { - require_once(BB2_CORE . "/trackback.inc.php"); return bb2_trackback($package); } diff --git a/include/bad-behavior/responses.inc.php b/include/bad-behavior/responses.inc.php index bc1ff9c..48e9702 100644 --- a/include/bad-behavior/responses.inc.php +++ b/include/bad-behavior/responses.inc.php @@ -20,6 +20,7 @@ function bb2_get_response($key) { '69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'), '6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'), '70e45496' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User agent claimed to be CloudFlare, claim appears false'), + '71436a15' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Yahoo, claim appears to be false'), '799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'), '7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'), '7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'), diff --git a/include/bad-behavior/safari.inc.php b/include/bad-behavior/safari.inc.php deleted file mode 100644 index 523bdd5..0000000 --- a/include/bad-behavior/safari.inc.php +++ /dev/null @@ -1,13 +0,0 @@ -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); - -// Analyze user agents claiming to be Safari - -function bb2_safari($package) -{ - if (!array_key_exists('Accept', $package['headers_mixed'])) { - return "17566707"; - } - return false; -} - -?> diff --git a/include/bad-behavior/searchengine.inc.php b/include/bad-behavior/searchengine.inc.php new file mode 100644 index 0000000..582bf0f --- /dev/null +++ b/include/bad-behavior/searchengine.inc.php @@ -0,0 +1,47 @@ +<?php if (!defined('BB2_CORE')) die('I said no cheating!'); + +require_once(BB2_CORE . "/roundtripdns.inc.php"); + +// Analyze user agents claiming to be Googlebot + +function bb2_google($package) +{ + if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18")) === FALSE) { + return "f1182195"; + } +# Disabled due to http://bugs.php.net/bug.php?id=53092 +# if (!bb2_roundtripdns($package['ip'], "googlebot.com")) { +# return "f1182195"; +# } + return false; +} + +// Analyze user agents claiming to be msnbot + +function bb2_msnbot($package) +{ + if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) { + return "e4de0453"; + } +# Disabled due to http://bugs.php.net/bug.php?id=53092 +# if (!bb2_roundtripdns($package['ip'], "msn.com")) { +# return "e4de0453"; +# } + return false; +} + +// Analyze user agents claiming to be Yahoo! + +function bb2_yahoo($package) +{ + if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14")) === FALSE) { + return '71436a15'; + } +# Disabled due to http://bugs.php.net/bug.php?id=53092 +# if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) { +# return "71436a15"; +# } + return false; +} + +?> diff --git a/include/bad-behavior/trackback.inc.php b/include/bad-behavior/trackback.inc.php deleted file mode 100644 index b284f67..0000000 --- a/include/bad-behavior/trackback.inc.php +++ /dev/null @@ -1,28 +0,0 @@ -<?php if (!defined('BB2_CORE')) die('I said no cheating!'); - -// Specialized screening for trackbacks -function bb2_trackback($package) -{ - // Web browsers don't send trackbacks - if ($package['is_browser']) { - return 'f0dcb3fd'; - } - - // Proxy servers don't send trackbacks either - if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) { - return 'd60b87c7'; - } - - // Fake WordPress trackbacks - // Real ones do not contain Accept:, and have a charset defined - // Real WP trackbacks may contain Accept: depending on the HTTP - // transport being used by the sending host - if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) { - if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) { - return 'e3990b47'; - } - } - return false; -} - -?> diff --git a/include/bad-behavior/version.inc.php b/include/bad-behavior/version.inc.php deleted file mode 100644 index 9b7cde8..0000000 --- a/include/bad-behavior/version.inc.php +++ /dev/null @@ -1,3 +0,0 @@ -<?php if (!defined('BB2_CWD')) die("I said no cheating!"); -define('BB2_VERSION', "2.1.7"); -?> -- To stop receiving notification emails like this one, please contact the administrator of this repository. _______________________________________________ Xfce4-commits mailing list Xfce4-commits@xfce.org https://mail.xfce.org/mailman/listinfo/xfce4-commits