Menu
▾
▴
[Sciret-svn] SF.net SVN: sciret:[722] trunk/libs
|
From: <al...@us...> - 2008-10-06 17:12:45
|
Revision: 722
http://sciret.svn.sourceforge.net/sciret/?rev=722&view=rev
Author: alpeb
Date: 2008-10-06 17:11:43 +0000 (Mon, 06 Oct 2008)
Log Message:
-----------
added bad-behavior antispam lib
Added Paths:
-----------
trunk/libs/bad-behavior/
trunk/libs/bad-behavior/COPYING
trunk/libs/bad-behavior/README.txt
trunk/libs/bad-behavior/bad-behavior/
trunk/libs/bad-behavior/bad-behavior/banned.inc.php
trunk/libs/bad-behavior/bad-behavior/blackhole.inc.php
trunk/libs/bad-behavior/bad-behavior/blacklist.inc.php
trunk/libs/bad-behavior/bad-behavior/common_tests.inc.php
trunk/libs/bad-behavior/bad-behavior/core.inc.php
trunk/libs/bad-behavior/bad-behavior/functions.inc.php
trunk/libs/bad-behavior/bad-behavior/google.inc.php
trunk/libs/bad-behavior/bad-behavior/housekeeping.inc.php
trunk/libs/bad-behavior/bad-behavior/index.html
trunk/libs/bad-behavior/bad-behavior/konqueror.inc.php
trunk/libs/bad-behavior/bad-behavior/lynx.inc.php
trunk/libs/bad-behavior/bad-behavior/movabletype.inc.php
trunk/libs/bad-behavior/bad-behavior/mozilla.inc.php
trunk/libs/bad-behavior/bad-behavior/msie.inc.php
trunk/libs/bad-behavior/bad-behavior/msnbot.inc.php
trunk/libs/bad-behavior/bad-behavior/opera.inc.php
trunk/libs/bad-behavior/bad-behavior/post.inc.php
trunk/libs/bad-behavior/bad-behavior/responses.inc.php
trunk/libs/bad-behavior/bad-behavior/safari.inc.php
trunk/libs/bad-behavior/bad-behavior/screener.inc.php
trunk/libs/bad-behavior/bad-behavior/trackback.inc.php
trunk/libs/bad-behavior/bad-behavior/version.inc.php
trunk/libs/bad-behavior/bad-behavior/whitelist.inc.php
trunk/libs/bad-behavior/bad-behavior-generic.php
trunk/libs/bad-behavior/bad-behavior-lifetype.php
trunk/libs/bad-behavior/bad-behavior-mediawiki.php
trunk/libs/bad-behavior/bad-behavior-wordpress-admin.php
trunk/libs/bad-behavior/bad-behavior-wordpress.php
trunk/libs/bad-behavior/index.html
Added: trunk/libs/bad-behavior/COPYING
===================================================================
--- trunk/libs/bad-behavior/COPYING (rev 0)
+++ trunk/libs/bad-behavior/COPYING 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,339 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
Added: trunk/libs/bad-behavior/README.txt
===================================================================
--- trunk/libs/bad-behavior/README.txt (rev 0)
+++ trunk/libs/bad-behavior/README.txt 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,102 @@
+=== Bad Behavior ===
+Tags: comment,trackback,referrer,spam,robot,antispam
+Contributors: error, MarkJaquith, Firas, skeltoac
+Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
+Requires at least: 1.2
+Tested up to: 2.7
+Stable tag: 2.0.24
+
+Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
+content management system free of link spam. Bad Behavior is a PHP-based
+solution for blocking link spam and the robots which deliver it.
+
+Bad Behavior complements other link spam solutions by acting as a gatekeeper,
+preventing spammers from ever delivering their junk, and in many cases, from
+ever reading your site in the first place. This keeps your site's load down,
+makes your site logs cleaner, and can help prevent denial of service
+conditions caused by spammers.
+
+Bad Behavior also transcends other link spam solutions by working in a
+completely different, unique way. Instead of merely looking at the content of
+potential spam, Bad Behavior analyzes the delivery method as well as the
+software the spammer is using. In this way, Bad Behavior can stop spam attacks
+even when nobody has ever seen the particular spam before.
+
+Bad Behavior is designed to work alongside existing spam prevention services
+to increase their effectiveness and efficiency. Whenever possible, you should
+run it in combination with a more traditional spam prevention service.
+
+Bad Behavior works on, or can be adapted to, virtually any PHP-based Web
+software package. Bad Behavior is available natively for WordPress, MediaWiki,
+Drupal, ExpressionEngine, and LifeType, and people have successfully made it
+work with Movable Type, phpBB, and many other packages.
+
+Installing and configuring Bad Behavior on most platforms is simple and takes
+only a few minutes. In most cases, no configuration at all is needed. Simply
+turn it on and stop worrying about spam!
+
+The core of Bad Behavior is free software released under the GNU General
+Public License. (On some non-free platforms, special license terms exist for
+Bad Behavior's platform connector.)
+
+== Installation ==
+
+*Warning*: If you are upgrading from a 1.x.x version of Bad Behavior,
+you must remove it from your system entirely, and delete all of its
+database tables, before installing Bad Behavior 2.0.x. You do not need
+to remove a 2.0.x version of Bad Behavior before upgrading to this
+release.
+
+Bad Behavior has been designed to install on each host software in the
+manner most appropriate to each platform. It's usually sufficient to
+follow the generic instructions for installing any plugin or extension
+for your host software.
+
+On MediaWiki, it is necessary to add a second line to LocalSettings.php
+when installing the extension. Your LocalSettings.php should include
+the following:
+
+` include_once( 'includes/DatabaseFunctions.php' );
+ include( './extensions/Bad-Behavior/bad-behavior-mediawiki.php' );
+
+For complete documentation and installation instructions, please visit
+http://www.bad-behavior.ioerror.us/
+
+== Release Notes ==
+
+= Bad Behavior 2.0 Known Issues =
+
+* Bad Behavior may be unable to protect cached pages on MediaWiki.
+
+* When upgrading from version 2.0.19 or prior on MediaWiki and WordPress,
+you must remove the old version of Bad Behavior from your system manually
+before manually installing the new version. Other platforms are not
+affected by this issue.
+
+* The basic functionality of Bad Behavior on WordPress requires version 1.2
+or later. The management page for WordPress, which allows browsing Bad
+Behavior's logs, requires version 2.1 or later. Users of older versions should
+use phpMyAdmin to browse Bad Behavior's logs, or upgrade WordPress.
+
+* On WordPress when using WordPress Advanced Cache (WP-Cache) or WP-Super
+Cache, Bad Behavior requires a patch to WP-Cache or WP-Super Cache in order to
+protect Cached pages. Bad Behavior cannot protect Super Cached pages.
+
+ Edit the wp-content/plugins/wp-cache/wp-cache-phase1.php or
+wp-content/plugins/wp-super-cache/wp-cache-phase1.php file and find the
+following two lines at around line 34 (line 56 in WP-Super Cache):
+
+` if (! ($meta = unserialize(@file_get_contents($meta_pathname))) )
+ return;`
+
+ Immediately after this, insert the following line:
+
+` require_once( ABSPATH . 'wp-content/plugins/Bad-Behavior/bad-behavior-generic.php');`
+
+ Then visit your site. Everything should work normally, but spammers will
+not be able to access your cached pages either.
+
+* When using Bad Behavior in conjunction with Spam Karma 2, you may see PHP
+warnings when Spam Karma 2 displays its internally generated CAPTCHA. This
+is a design problem in Spam Karma 2. Contact the author of Spam Karma 2 for
+a fix.
Added: trunk/libs/bad-behavior/bad-behavior/banned.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/banned.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/banned.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,49 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Functions called when a request has been denied
+// This part can be gawd-awful slow, doesn't matter :)
+
+require_once(BB2_CORE . "/responses.inc.php");
+
+function bb2_display_denial($settings, $key, $previous_key = false)
+{
+ if (!$previous_key) $previous_key = $key;
+ if ($key == "e87553e1") {
+ // FIXME: lookup the real key
+ }
+ // Create support key
+ $ip = explode(".", $_SERVER['REMOTE_ADDR']);
+ $ip_hex = "";
+ foreach ($ip as $octet) {
+ $ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
+ }
+ $support_key = implode("-", str_split("$ip_hex$key", 4));
+
+ // Get response data
+ $response = bb2_get_response($previous_key);
+ header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
+ header("Status: " . $response['response'] . " Bad Behavior");
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>HTTP Error <?php echo $response['response']; ?></title>
+</head>
+<body>
+<h1>Error <?php echo $response['response']; ?></h1>
+<p>We're sorry, but we could not fulfill your request for
+<?php echo htmlspecialchars($_SERVER['REQUEST_URI']) ?> on this server.</p>
+<p><?php echo $response['explanation']; ?></p>
+<p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
+<p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
+<p>If you are unable to fix the problem yourself, please contact <a href="mailto:<?php echo htmlspecialchars(str_replace("@", "+nospam@nospam.", bb2_email())); ?>"><?php echo htmlspecialchars(str_replace("@", " at ", bb2_email())); ?></a> and be sure to provide the technical support key shown above.</p>
+<?php
+}
+
+function bb2_log_denial($settings, $package, $key, $previous_key=false)
+{
+ if (!$settings['logging']) return;
+ bb2_db_query(bb2_insert($settings, $package, $key));
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/blackhole.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/blackhole.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/blackhole.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,51 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Look up address on various blackhole lists.
+// These cannot be used for GET requests under any circumstances!
+function bb2_blackhole($package) {
+ // Only conservative lists
+ $bb2_blackhole_lists = array(
+ "sbl-xbl.spamhaus.org", // All around nasties
+// "dnsbl.sorbs.net", // Old useless data.
+// "list.dsbl.org", // Old useless data.
+// "dnsbl.ioerror.us", // Bad Behavior Blackhole
+ );
+
+ // Things that shouldn't be blocked, from aggregate lists
+ $bb2_blackhole_exceptions = array(
+ "sbl-xbl.spamhaus.org" => array("127.0.0.4"), // CBL is problematic
+ "dnsbl.sorbs.net" => array("127.0.0.10",), // Dynamic IPs only
+ "list.dsbl.org" => array(),
+ "dnsbl.ioerror.us" => array(),
+ );
+
+ // Check the blackhole lists
+ $ip = $package['ip'];
+ $find = implode('.', array_reverse(explode('.', $ip)));
+ foreach ($bb2_blackhole_lists as $dnsbl) {
+ $result = gethostbynamel($find . "." . $dnsbl . ".");
+ if (!empty($result)) {
+ // Got a match and it isn't on the exception list
+ $result = @array_diff($result, $bb2_blackhole_exceptions[$dnsbl]);
+ if (!empty($result)) {
+ return '136673cd';
+ }
+ }
+ }
+ return false;
+}
+
+function bb2_httpbl($settings, $package) {
+ if (!$settings['httpbl_key']) return false;
+
+ $find = implode('.', array_reverse(explode('.', $package['ip'])));
+ $result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org.");
+ if (!empty($result)) {
+ $ip = explode('.', $result[0]);
+ if ($ip[0] == 127 && ($ip[3] & 7) && $ip[2] >= $settings['httpbl_threat'] && $ip[1] >= $settings['httpbl_maxage']) {
+ return '2b021b1f';
+ }
+ }
+ return false;
+}
+?>
Added: trunk/libs/bad-behavior/bad-behavior/blacklist.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/blacklist.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/blacklist.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,122 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+function bb2_blacklist($package) {
+
+ // Blacklisted user agents
+ // These user agent strings occur at the beginning of the line.
+ $bb2_spambots_0 = array(
+ "<sc", // XSS exploit attempts
+ "8484 Boston Project", // video poker/porn spam
+ "adwords", // referrer spam
+ "autoemailspider", // spam harvester
+ "blogsearchbot-martin", // from honeypot
+ "CherryPicker", // spam harvester
+ "core-project/", // FrontPage extension exploits
+ "Diamond", // delivers spyware/adware
+ "Digger", // spam harvester
+ "ecollector", // spam harvester
+ "EmailCollector", // spam harvester
+ "Email Siphon", // spam harvester
+ "EmailSiphon", // spam harvester
+ "grub crawler", // misc comment/email spam
+ "HttpProxy", // misc comment/email spam
+ "Internet Explorer", // XMLRPC exploits seen
+ "ISC Systems iRc", // spam harvester
+ "Jakarta Commons", // custommised spambots
+ "Java 1.", // definitely a spammer
+ "Java/1.", // definitely a spammer
+ "libwww-perl", // spambot scripts
+ "LWP", // spambot scripts
+ "Microsoft URL", // spam harvester
+ "Missigua", // spam harvester
+ "MJ12bot/v1.0.8", // malicious botnet
+ "Movable Type", // customised spambots
+ "Mozilla ", // malicious software
+ "Mozilla/4.0(", // from honeypot
+ "Mozilla/4.0+(", // suspicious harvester
+ "MSIE", // malicious software
+ "NutchCVS", // unidentified robots
+ "Nutscrape/", // misc comment spam
+ "OmniExplorer", // spam harvester
+ "psycheclone", // spam harvester
+ "PussyCat ", // misc comment spam
+ "PycURL", // misc comment spam
+// "Shockwave Flash", // spam harvester
+// WP 2.5 now has Flash; FIXME
+ "Super Happy Fun ", // spam harvester
+ "TrackBack/", // trackback spam
+ "user", // suspicious harvester
+ "User Agent: ", // spam harvester
+ "User-Agent: ", // spam harvester
+ "Winnie Poh", // Automated Coppermine hacks
+ "Wordpress", // malicious software
+ "\"", // malicious software
+ );
+
+ // These user agent strings occur anywhere within the line.
+ $bb2_spambots = array(
+ "\r", // A really dumb bot
+ "; Widows ", // misc comment/email spam
+ "a href=", // referrer spam
+ "Bad Behavior Test", // Add this to your user-agent to test BB
+ "compatible ; MSIE", // misc comment/email spam
+ "compatible-", // misc comment/email spam
+ "DTS Agent", // misc comment/email spam
+ "Email Extractor", // spam harvester
+ "Gecko/25", // revisit this in 500 years
+ "grub-client", // search engine ignores robots.txt
+ "hanzoweb", // very badly behaved crawler
+ "Indy Library", // misc comment/email spam
+ "larbin@unspecified", // stealth harvesters
+ "Murzillo compatible", // comment spam bot
+ ".NET CLR 1)", // free poker, etc.
+ "POE-Component-Client", // free poker, etc.
+ "Turing Machine", // www.anonymizer.com abuse
+ "User-agent: ", // spam harvester/splogger
+ "WebaltBot", // spam harvester
+ "WISEbot", // spam harvester
+ "WISEnutbot", // spam harvester
+ "Windows NT 4.0;)", // wikispam bot
+ "Windows NT 5.0;)", // wikispam bot
+ "Windows NT 5.1;)", // wikispam bot
+ "Windows XP 5", // spam harvester
+ "WordPress/4.01", // pingback spam
+ "\\\\)", // spam harvester
+ );
+
+ // These are regular expression matches.
+ $bb2_spambots_regex = array(
+ "/^[A-Z]{10}$/", // misc email spam
+ "/^Mozilla...[05]$/i", // fake user agent/email spam
+ "/[bcdfghjklmnpqrstvwxz ]{8,}/",
+// "/(;\){1,2}$/", // misc spammers/harvesters
+// "/MSIE.*Windows XP/", // misc comment spam
+ );
+
+ // Do not edit below this line.
+
+ @$ua = $package['headers_mixed']['User-Agent'];
+
+ foreach ($bb2_spambots_0 as $spambot) {
+ $pos = strpos($ua, $spambot);
+ if ($pos !== FALSE && $pos == 0) {
+ return "17f4e8c8";
+ }
+ }
+
+ foreach ($bb2_spambots as $spambot) {
+ if (strpos($ua, $spambot) !== FALSE) {
+ return "17f4e8c8";
+ }
+ }
+
+ foreach ($bb2_spambots_regex as $spambot) {
+ if (preg_match($spambot, $ua)) {
+ return "17f4e8c8";
+ }
+ }
+
+ return FALSE;
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/common_tests.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/common_tests.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/common_tests.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,138 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Enforce adherence to protocol version claimed by user-agent.
+
+function bb2_protocol($settings, $package)
+{
+ // Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
+ // Always run this test; we should never see Expect:
+ if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
+ return "a0105122";
+ }
+
+ // Is it claiming to be HTTP/1.1? Then it shouldn't do HTTP/1.0 things
+ // Blocks some common corporate proxy servers in strict mode
+ if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) {
+ if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) {
+ return "41feed15";
+ }
+ }
+ return false;
+}
+
+function bb2_cookies($settings, $package)
+{
+ // Enforce RFC 2965 sec 3.3.5 and 9.1
+ // Bots wanting new-style cookies should send Cookie2
+ // FIXME: Amazon Kindle is broken; Amazon has been notified 9/24/08
+ if (strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) {
+ return '6c502ff1';
+ }
+ return false;
+}
+
+function bb2_misc_headers($settings, $package)
+{
+ @$ua = $package['headers_mixed']['User-Agent'];
+
+ if (!strcmp($package['request_method'], "POST") && empty($ua)) {
+ return "f9f2b8b9";
+ }
+
+ // Broken spambots send URLs with various invalid characters
+ // Some broken browsers send the #vector in the referer field :(
+ // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
+ if (strpos($package['request_uri'], "#") !== FALSE) {
+ return "dfd9b1ad";
+ }
+
+ // Range: field exists and begins with 0
+ // Real user-agents do not start ranges at 0
+ // NOTE: this blocks the whois.sc bot. No big loss.
+ // Exceptions: MT (not fixable); LJ (refuses to fix; may be
+ // blocked again in the future)
+ if (array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
+ if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11)) {
+ return "7ad04a8a";
+ }
+ }
+
+ // Content-Range is a response header, not a request header
+ if (array_key_exists('Content-Range', $package['headers_mixed'])) {
+ return '7d12528e';
+ }
+
+ // Lowercase via is used by open proxies/referrer spammers
+ // Exceptions: Clearswift uses lowercase via (refuses to fix;
+ // may be blocked again in the future)
+ if (array_key_exists('via', $package['headers']) &&
+ strpos($package['headers']['via'],'Clearswift') === FALSE) {
+ return "9c9e4979";
+ }
+
+ // pinappleproxy is used by referrer spammers
+ if (array_key_exists('Via', $package['headers_mixed'])) {
+ if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) {
+ return "939a6fbb";
+ }
+ }
+
+ // TE: if present must have Connection: TE
+ // RFC 2616 14.39
+ // Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft
+ // to obtain a hotfix.
+ if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed'])) {
+ if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection'])) {
+ return "582ec5e4";
+ }
+ }
+
+ if (array_key_exists('Connection', $package['headers_mixed'])) {
+ // Connection: keep-alive and close are mutually exclusive
+ if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection'])) {
+ return "a52f0448";
+ }
+ // Close shouldn't appear twice
+ if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection'])) {
+ return "a52f0448";
+ }
+ // Keey-Alive shouldn't appear twice either
+ if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
+ return "a52f0448";
+ }
+ }
+
+
+ // Headers which are not seen from normal user agents; only malicious bots
+ if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed'])) {
+ return "b9cc1d86";
+ }
+ // Proxy-Connection does not exist and should never be seen in the wild
+ if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
+ return "b7830251";
+ }
+
+ if (array_key_exists('Referer', $package['headers_mixed'])) {
+ // Referer, if it exists, must not be blank
+ if (empty($package['headers_mixed'])) {
+ return "69920ee5";
+ }
+
+ // Referer, if it exists, must contain a :
+ // While a relative URL is technically valid in Referer, all known
+ // legit user-agents send an absolute URL
+ if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
+ return "45b35e30";
+ }
+ }
+
+ // "uk" is not a language (ISO 639) nor a country (ISO 3166)
+ // oops, yes it is :( Please shoot any Ukrainian spammers you see.
+# if (preg_match('/\buk\b/', $package['headers_mixed']['Accept-Language'])) {
+# return "35ea7ffa";
+# }
+
+ return false;
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/core.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/core.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/core.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,208 @@
+<?php if (!defined('BB2_CWD')) die("I said no cheating!");
+
+// Bad Behavior entry point is start_bad_behavior().
+// If you're reading this, you are probably lost.
+// Go read the bad-behavior-generic.php file.
+
+define('BB2_CORE', dirname(__FILE__));
+define('BB2_COOKIE', 'bb2_screener_');
+
+require_once(BB2_CORE . "/functions.inc.php");
+
+// Our log table structure
+function bb2_table_structure($name)
+{
+ // It's not paranoia if they really are out to get you.
+ $name_escaped = bb2_db_escape($name);
+ return "CREATE TABLE IF NOT EXISTS `$name_escaped` (
+ `id` INT(11) NOT NULL auto_increment,
+ `ip` TEXT NOT NULL,
+ `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
+ `request_method` TEXT NOT NULL,
+ `request_uri` TEXT NOT NULL,
+ `server_protocol` TEXT NOT NULL,
+ `http_headers` TEXT NOT NULL,
+ `user_agent` TEXT NOT NULL,
+ `request_entity` TEXT NOT NULL,
+ `key` TEXT NOT NULL,
+ INDEX (`ip`(15)),
+ INDEX (`user_agent`(10)),
+ PRIMARY KEY (`id`) );"; // TODO: INDEX might need tuning
+}
+
+// Insert a new record
+function bb2_insert($settings, $package, $key)
+{
+ $ip = bb2_db_escape($package['ip']);
+ $date = bb2_db_date();
+ $request_method = bb2_db_escape($package['request_method']);
+ $request_uri = bb2_db_escape($package['request_uri']);
+ $server_protocol = bb2_db_escape($package['server_protocol']);
+ $user_agent = bb2_db_escape($package['user_agent']);
+ $headers = "$request_method $request_uri $server_protocol\n";
+ foreach ($package['headers'] as $h => $v) {
+ $headers .= bb2_db_escape("$h: $v\n");
+ }
+ $request_entity = "";
+ if (!strcasecmp($request_method, "POST")) {
+ foreach ($package['request_entity'] as $h => $v) {
+ $request_entity .= bb2_db_escape("$h: $v\n");
+ }
+ }
+ return "INSERT INTO `" . bb2_db_escape($settings['log_table']) . "`
+ (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `user_agent`, `request_entity`, `key`) VALUES
+ ('$ip', '$date', '$request_method', '$request_uri', '$server_protocol', '$headers', '$user_agent', '$request_entity', '$key')";
+}
+
+// Kill 'em all!
+function bb2_banned($settings, $package, $key, $previous_key=false)
+{
+ // Some spambots hit too hard. Slow them down a bit.
+ sleep(2);
+
+ require_once(BB2_CORE . "/banned.inc.php");
+ bb2_display_denial($settings, $key, $previous_key);
+ bb2_log_denial($settings, $package, $key, $previous_key);
+ if (is_callable('bb2_banned_callback')) {
+ bb2_banned_callback($settings, $package, $key);
+ }
+ // Penalize the spammers some more
+ require_once(BB2_CORE . "/housekeeping.inc.php");
+ bb2_housekeeping($settings, $package);
+ die();
+}
+
+function bb2_approved($settings, $package)
+{
+ // Dirk wanted this
+ if (is_callable('bb2_approved_callback')) {
+ bb2_approved_callback($settings, $package);
+ }
+
+ // Decide what to log on approved requests.
+ if (($settings['verbose'] && $settings['logging']) || empty($package['user_agent'])) {
+ bb2_db_query(bb2_insert($settings, $package, "00000000"));
+ }
+}
+
+// Check the results of a particular test; see below for usage
+// Returns FALSE if test passed (yes this is backwards)
+function bb2_test($settings, $package, $result)
+{
+ if ($result !== FALSE)
+ {
+ bb2_banned($settings, $package, $result);
+ return TRUE;
+ }
+ return FALSE;
+}
+
+
+// Let God sort 'em out!
+function bb2_start($settings)
+{
+ // Gather up all the information we need, first of all.
+ $headers = bb2_load_headers();
+ // Postprocess the headers to mixed-case
+ // FIXME: get the world to stop using PHP as CGI
+ $headers_mixed = array();
+ foreach ($headers as $h => $v) {
+ $headers_mixed[uc_all($h)] = $v;
+ }
+
+ // We use these frequently. Keep a copy close at hand.
+ $ip = $_SERVER['REMOTE_ADDR'];
+ $request_method = $_SERVER['REQUEST_METHOD'];
+ $request_uri = $_SERVER['REQUEST_URI'];
+ $server_protocol = $_SERVER['SERVER_PROTOCOL'];
+ @$user_agent = $_SERVER['HTTP_USER_AGENT'];
+
+ // Reconstruct the HTTP entity, if present.
+ $request_entity = array();
+ if (!strcasecmp($request_method, "POST") || !strcasecmp($request_method, "PUT")) {
+ foreach ($_POST as $h => $v) {
+ $request_entity[$h] = $v;
+ }
+ }
+
+ $package = array('ip' => $ip, 'headers' => $headers, 'headers_mixed' => $headers_mixed, 'request_method' => $request_method, 'request_uri' => $request_uri, 'server_protocol' => $server_protocol, 'request_entity' => $request_entity, 'user_agent' => $user_agent, 'is_browser' => false);
+
+ // Please proceed to the security checkpoint and have your
+ // identification and boarding pass ready.
+
+ // First check the whitelist
+ require_once(BB2_CORE . "/whitelist.inc.php");
+ if (!bb2_whitelist($package)) {
+ // Now check the blacklist
+ require_once(BB2_CORE . "/blacklist.inc.php");
+ bb2_test($settings, $package, bb2_blacklist($package));
+
+ // Check the http:BL
+ require_once(BB2_CORE . "/blackhole.inc.php");
+ bb2_test($settings, $package, bb2_httpbl($settings, $package));
+
+ // Check for common stuff
+ require_once(BB2_CORE . "/common_tests.inc.php");
+ bb2_test($settings, $package, bb2_protocol($settings, $package));
+ bb2_test($settings, $package, bb2_cookies($settings, $package));
+ bb2_test($settings, $package, bb2_misc_headers($settings, $package));
+
+ // Specific checks
+ @$ua = $headers_mixed['User-Agent'];
+ // MSIE checks
+ if (stripos($ua, "MSIE") !== FALSE) {
+ $package['is_browser'] = true;
+ if (stripos($ua, "Opera") !== FALSE) {
+ require_once(BB2_CORE . "/opera.inc.php");
+ bb2_test($settings, $package, bb2_opera($package));
+ } else {
+ require_once(BB2_CORE . "/msie.inc.php");
+ bb2_test($settings, $package, bb2_msie($package));
+ }
+ } elseif (stripos($ua, "Konqueror") !== FALSE) {
+ $package['is_browser'] = true;
+ require_once(BB2_CORE . "/konqueror.inc.php");
+ bb2_test($settings, $package, bb2_konqueror($package));
+ } elseif (stripos($ua, "Opera") !== FALSE) {
+ $package['is_browser'] = true;
+ require_once(BB2_CORE . "/opera.inc.php");
+ bb2_test($settings, $package, bb2_opera($package));
+ } elseif (stripos($ua, "Safari") !== FALSE) {
+ $package['is_browser'] = true;
+ require_once(BB2_CORE . "/safari.inc.php");
+ bb2_test($settings, $package, bb2_safari($package));
+ } elseif (stripos($ua, "Lynx") !== FALSE) {
+ $package['is_browser'] = true;
+ require_once(BB2_CORE . "/lynx.inc.php");
+ bb2_test($settings, $package, bb2_lynx($package));
+ } elseif (stripos($ua, "MovableType") !== FALSE) {
+ require_once(BB2_CORE . "/movabletype.inc.php");
+ bb2_test($settings, $package, bb2_movabletype($package));
+ } elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
+ require_once(BB2_CORE . "/msnbot.inc.php");
+ bb2_test($settings, $package, bb2_msnbot($package));
+ } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE) {
+ require_once(BB2_CORE . "/google.inc.php");
+ bb2_test($settings, $package, bb2_google($package));
+ } elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
+ $package['is_browser'] = true;
+ require_once(BB2_CORE . "/mozilla.inc.php");
+ bb2_test($settings, $package, bb2_mozilla($package));
+ }
+
+ // More intensive screening applies to POST requests
+ if (!strcasecmp('POST', $package['request_method'])) {
+ require_once(BB2_CORE . "/post.inc.php");
+ bb2_test($settings, $package, bb2_post($settings, $package));
+ }
+ }
+
+ // Last chance screening.
+ require_once(BB2_CORE . "/screener.inc.php");
+ bb2_screener($settings, $package);
+
+ // And that's about it.
+ bb2_approved($settings, $package);
+ return true;
+}
+?>
Added: trunk/libs/bad-behavior/bad-behavior/functions.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/functions.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/functions.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,70 @@
+<?php if (!defined('BB2_CORE')) die("I said no cheating!");
+
+// Miscellaneous helper functions.
+
+// stripos() needed because stripos is only present on PHP 5
+if (!function_exists('stripos')) {
+ function stripos($haystack,$needle,$offset = 0) {
+ return(strpos(strtolower($haystack),strtolower($needle),$offset));
+ }
+}
+
+// str_split() needed because str_split is only present on PHP 5
+if (!function_exists('str_split')) {
+ function str_split($string, $split_length=1)
+ {
+ if ($split_length < 1) {
+ return false;
+ }
+
+ for ($pos=0, $chunks = array(); $pos < strlen($string); $pos+=$split_length) {
+ $chunks[] = substr($string, $pos, $split_length);
+ }
+ return $chunks;
+ }
+}
+
+// Convert a string to mixed-case on word boundaries.
+function uc_all($string) {
+ $temp = preg_split('/(\W)/', str_replace("_", "-", $string), -1, PREG_SPLIT_DELIM_CAPTURE);
+ foreach ($temp as $key=>$word) {
+ $temp[$key] = ucfirst(strtolower($word));
+ }
+ return join ('', $temp);
+}
+
+// Determine if an IP address resides in a CIDR netblock or netblocks.
+function match_cidr($addr, $cidr) {
+ $output = false;
+
+ if (is_array($cidr)) {
+ foreach ($cidr as $cidrlet) {
+ if (match_cidr($addr, $cidrlet)) {
+ $output = true;
+ }
+ }
+ } else {
+ @list($ip, $mask) = explode('/', $cidr);
+ if (!$mask) $mask = 32;
+ $mask = pow(2,32) - pow(2, (32 - $mask));
+ $output = ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
+ }
+ return $output;
+}
+
+// Obtain all the HTTP headers.
+// NB: on PHP-CGI we have to fake it out a bit, since we can't get the REAL
+// headers. Run PHP as Apache 2.0 module if possible for best results.
+function bb2_load_headers() {
+ if (!is_callable('getallheaders')) {
+ $headers = array();
+ foreach ($_SERVER as $h => $v)
+ if (ereg('HTTP_(.+)', $h, $hp))
+ $headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
+ } else {
+ $headers = getallheaders();
+ }
+ return $headers;
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/google.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/google.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/google.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,13 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Googlebot
+
+function bb2_google($package)
+{
+ if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
+ return "f1182195";
+ }
+ return false;
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/housekeeping.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/housekeeping.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/housekeeping.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,16 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+function bb2_housekeeping($settings, $package)
+{
+ // FIXME Yes, the interval's hard coded (again) for now.
+ $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
+ bb2_db_query($query);
+
+ // Waste a bunch more of the spammer's time, sometimes.
+ if (rand(1,1000) == 1) {
+ $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
+ bb2_db_query($query);
+ }
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/konqueror.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/konqueror.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/konqueror.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,17 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Konqueror
+
+function bb2_konqueror($package)
+{
+ // CafeKelsa is a dev project at Yahoo which indexes job listings for
+ // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
+ if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ }
+ return false;
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/lynx.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/lynx.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/lynx.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,13 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Lynx
+
+function bb2_lynx($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ return false;
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/movabletype.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/movabletype.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/movabletype.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,14 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+function bb2_movabletype($package)
+{
+ // Is it a trackback?
+ if (strcasecmp($package['request_method'], "POST")) {
+ if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
+ return "7d12528e";
+ }
+ }
+ return false;
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/mozilla.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/mozilla.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/mozilla.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,19 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Mozilla
+
+function bb2_mozilla($package)
+{
+ // First off, workaround for Google Desktop, until they fix it FIXME
+ // Google Desktop fixed it, but apparently some old versions are
+ // still out there. :(
+ // Always check accept header for Mozilla user agents
+ if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ }
+ return false;
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/msie.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/msie.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/msie.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,25 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be MSIE
+
+function bb2_msie($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+
+ // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
+ if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
+ return "a1084bad";
+ }
+
+ // MSIE does NOT send Connection: TE but Akamai does
+ // Bypass this test when Akamai detected
+ if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
+ return "2b90f772";
+ }
+
+ return false;
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/msnbot.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/msnbot.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/msnbot.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,13 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be msnbot
+
+function bb2_msnbot($package)
+{
+ if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
+ return "e4de0453";
+ }
+ return false;
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/opera.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/opera.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/opera.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,13 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Opera
+
+function bb2_opera($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ return false;
+}
+
+?>
Added: trunk/libs/bad-behavior/bad-behavior/post.inc.php
===================================================================
--- trunk/libs/bad-behavior/bad-behavior/post.inc.php (rev 0)
+++ trunk/libs/bad-behavior/bad-behavior/post.inc.php 2008-10-06 17:11:43 UTC (rev 722)
@@ -0,0 +1,80 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// All tests which apply specifically to POST requests
+function bb2_post($settings, $package)
+{
+ // Check blackhole lists for known spam/malicious activity
+ require_once(BB2_CORE . "/blackhole.inc.php");
+ bb2_test($settings, $package, bb2_blackhole($package));
+
+ // MovableType needs specialized screening
+ if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
+ if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
+ return "7d12528e";
+ }
+ }
+
+ // Trackbacks need special screening
+ $request_entity = $package['request_entity'];
+ if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
+ require_once(BB2_CORE . "/trackback.inc.php");
+ return bb2_trackback($package);
+ }
+
+ // Catch a few completely broken spambots
+ foreach ($request_entity as $key => $value) {
+ $pos = strpos($key, " document.write");
+ if ($pos !== FALSE) {
+ return "dfd9b1ad";
+ }
+ }
+
+ // If Referer exists, it should refer to a page on our site
+ if (array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
+ return "cd361abb";
+ }
+
+ // Screen by cookie/JavaScript form add
+ if (isset($_COOKIE[BB2_COOKIE])) {
+ $screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);
+ } else {
+ $screener1 = array(0);
+ }
+ if (isset($_POST[BB2_COOKIE])) {
+ $screener2 = explode(" ", $_POST[BB2_COOKIE]);
+ } else {
+ $screener2 = array(0);
+ }
+ $screener = max($screener1[0], $screener2[0]);
+
+ if ($screener > 0) {
+ // Posting too fast? 5 sec
+ // FIXME: even 5 sec is too intrusive
+ // if ($screener + 5 > time())
+ // return "408d7e72";
+ // Posting too slow? 48 hr
+ if ($screener + 172800 < time())
+ return "b40c8ddc";
+
+ // Screen by IP address
+ $ip = ip2long($package['ip']);
+ $ip_screener = ip2long($screener[1]);
+// FIXME: This is b0rked, but why?
+// if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
+// return "c1fa729b";
+
+ if (!empty($package['headers_mixed']['X-Forwarded-For'])) {
+ $ip = $package['headers_mixed']['X-Forwarded-For'];
+ }
+ // Screen for user agent changes
+ // User connected previously with blank user agent
+// $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_tabl...
[truncated message content] |
