[Xfce4-commits] <forum:master> Update to bad-behaviour 2.1.8.
Nick Schermer
noreply at xfce.org
Sun Jan 16 20:50:02 CET 2011
Updating branch refs/heads/master
to 67c47615e4ce0e5daf1cdae568b0f292478475e3 (commit)
from d75a3ee4f73180e63471e27bd339aaf56dfebe9a (commit)
commit 67c47615e4ce0e5daf1cdae568b0f292478475e3
Author: Nick Schermer <nick at xfce.org>
Date: Sun Jan 16 20:48:56 2011 +0100
Update to bad-behaviour 2.1.8.
include/bad-behavior-fluxbb.php | 1 -
include/bad-behavior/banned.inc.php | 13 ++++
include/bad-behavior/blacklist.inc.php | 6 +-
include/bad-behavior/browser.inc.php | 86 +++++++++++++++++++++++++++++
include/bad-behavior/cloudflare.inc.php | 7 +-
include/bad-behavior/common_tests.inc.php | 12 ++--
include/bad-behavior/core.inc.php | 30 ++++++----
include/bad-behavior/functions.inc.php | 2 +-
include/bad-behavior/google.inc.php | 18 ------
include/bad-behavior/housekeeping.inc.php | 16 -----
include/bad-behavior/konqueror.inc.php | 17 ------
include/bad-behavior/lynx.inc.php | 13 ----
include/bad-behavior/mozilla.inc.php | 19 ------
include/bad-behavior/msie.inc.php | 26 ---------
include/bad-behavior/msnbot.inc.php | 18 ------
include/bad-behavior/opera.inc.php | 13 ----
include/bad-behavior/post.inc.php | 26 ++++++++-
include/bad-behavior/responses.inc.php | 1 +
include/bad-behavior/safari.inc.php | 13 ----
include/bad-behavior/searchengine.inc.php | 47 ++++++++++++++++
include/bad-behavior/trackback.inc.php | 28 ---------
include/bad-behavior/version.inc.php | 3 -
22 files changed, 206 insertions(+), 209 deletions(-)
diff --git a/include/bad-behavior-fluxbb.php b/include/bad-behavior-fluxbb.php
index 5eb5dbf..a041590 100644
--- a/include/bad-behavior-fluxbb.php
+++ b/include/bad-behavior-fluxbb.php
@@ -166,7 +166,6 @@ function bb2_relative_path() {
}
// Calls inward to Bad Behavor itself.
-require_once(BB2_CWD . "/bad-behavior/version.inc.php");
require_once(BB2_CWD . "/bad-behavior/core.inc.php");
bb2_install();
diff --git a/include/bad-behavior/banned.inc.php b/include/bad-behavior/banned.inc.php
index 2b26cb1..a92178a 100644
--- a/include/bad-behavior/banned.inc.php
+++ b/include/bad-behavior/banned.inc.php
@@ -5,6 +5,19 @@
require_once(BB2_CORE . "/responses.inc.php");
+function bb2_housekeeping($settings, $package)
+{
+ // FIXME Yes, the interval's hard coded (again) for now.
+ $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
+ bb2_db_query($query);
+
+ // Waste a bunch more of the spammer's time, sometimes.
+ if (rand(1,1000) == 1) {
+ $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
+ bb2_db_query($query);
+ }
+}
+
function bb2_display_denial($settings, $package, $key, $previous_key = false)
{
define('DONOTCACHEPAGE', true); // WP Super Cache
diff --git a/include/bad-behavior/blacklist.inc.php b/include/bad-behavior/blacklist.inc.php
index e9ca62a..2b1c666 100644
--- a/include/bad-behavior/blacklist.inc.php
+++ b/include/bad-behavior/blacklist.inc.php
@@ -18,6 +18,7 @@ function bb2_blacklist($package) {
"EmailCollector", // spam harvester
"Email Siphon", // spam harvester
"EmailSiphon", // spam harvester
+ "Forum Poster", // forum spambot
"grub crawler", // misc comment/email spam
"HttpProxy", // misc comment/email spam
"Internet Explorer", // XMLRPC exploits seen
@@ -34,7 +35,7 @@ function bb2_blacklist($package) {
"Mozilla ", // malicious software
"Mozilla/2", // malicious software
"Mozilla/4.0(", // from honeypot
- "Mozilla/4.0+(", // suspicious harvester
+ "Mozilla/4.0+(compatible;+", // suspicious harvester
"MSIE", // malicious software
"NutchCVS", // unidentified robots
"Nutscrape/", // misc comment spam
@@ -42,8 +43,9 @@ function bb2_blacklist($package) {
"psycheclone", // spam harvester
"PussyCat ", // misc comment spam
"PycURL", // misc comment spam
-// "Shockwave Flash", // spam harvester
+ "Python-urllib", // commonly abused
// WP 2.5 now has Flash; FIXME
+// "Shockwave Flash", // spam harvester
"Super Happy Fun ", // spam harvester
"TrackBack/", // trackback spam
"user", // suspicious harvester
diff --git a/include/bad-behavior/browser.inc.php b/include/bad-behavior/browser.inc.php
new file mode 100644
index 0000000..773d6ef
--- /dev/null
+++ b/include/bad-behavior/browser.inc.php
@@ -0,0 +1,86 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze user agents claiming to be Konqueror
+
+function bb2_konqueror($package)
+{
+ // CafeKelsa is a dev project at Yahoo which indexes job listings for
+ // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
+ if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ }
+ return false;
+}
+
+// Analyze user agents claiming to be Lynx
+
+function bb2_lynx($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ return false;
+}
+
+// Analyze user agents claiming to be Mozilla
+
+function bb2_mozilla($package)
+{
+ // First off, workaround for Google Desktop, until they fix it FIXME
+ // Google Desktop fixed it, but apparently some old versions are
+ // still out there. :(
+ // Always check accept header for Mozilla user agents
+ if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ }
+ return false;
+}
+
+// Analyze user agents claiming to be MSIE
+
+function bb2_msie($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+
+ // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
+ if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
+ return "a1084bad";
+ }
+
+ // MSIE does NOT send Connection: TE but Akamai does
+ // Bypass this test when Akamai detected
+ // The latest version of IE for Windows CE also uses Connection: TE
+ if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
+ return "2b90f772";
+ }
+
+ return false;
+}
+
+// Analyze user agents claiming to be Opera
+
+function bb2_opera($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ return false;
+}
+
+// Analyze user agents claiming to be Safari
+
+function bb2_safari($package)
+{
+ if (!array_key_exists('Accept', $package['headers_mixed'])) {
+ return "17566707";
+ }
+ return false;
+}
+
+?>
diff --git a/include/bad-behavior/cloudflare.inc.php b/include/bad-behavior/cloudflare.inc.php
index 4f77f48..99319f5 100644
--- a/include/bad-behavior/cloudflare.inc.php
+++ b/include/bad-behavior/cloudflare.inc.php
@@ -6,9 +6,10 @@ require_once(BB2_CORE . "/roundtripdns.inc.php");
function bb2_cloudflare($package)
{
- if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
- return '70e45496';
- }
+# Disabled due to http://bugs.php.net/bug.php?id=53092
+# if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
+# return '70e45496';
+# }
return false;
}
diff --git a/include/bad-behavior/common_tests.inc.php b/include/bad-behavior/common_tests.inc.php
index fea693f..2826ee5 100644
--- a/include/bad-behavior/common_tests.inc.php
+++ b/include/bad-behavior/common_tests.inc.php
@@ -4,8 +4,8 @@
function bb2_protocol($settings, $package)
{
- // Always run this test; we should never see Expect:
- if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
+ // We should never see Expect: for HTTP/1.0 requests
+ if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE && !strcmp($package['server_protocol'], "HTTP/1.0")) {
return "a0105122";
}
@@ -40,6 +40,8 @@ function bb2_misc_headers($settings, $package)
// Broken spambots send URLs with various invalid characters
// Some broken browsers send the #vector in the referer field :(
+ // Worse yet, some Javascript client-side apps do the same in
+ // blatant violation of the protocol and good sense.
// if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
if (strpos($package['request_uri'], "#") !== FALSE) {
return "dfd9b1ad";
@@ -108,8 +110,6 @@ function bb2_misc_headers($settings, $package)
if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
return "b0924802";
}
- // Close should not be oddly capitalized
-
}
@@ -118,6 +118,8 @@ function bb2_misc_headers($settings, $package)
return "b9cc1d86";
}
// Proxy-Connection does not exist and should never be seen in the wild
+ // http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0032.html
+ // http://lists.w3.org/Archives/Public/ietf-http-wg-old/1999JanApr/0040.html
if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
return "b7830251";
}
@@ -130,7 +132,7 @@ function bb2_misc_headers($settings, $package)
// Referer, if it exists, must contain a :
// While a relative URL is technically valid in Referer, all known
- // legit user-agents send an absolute URL
+ // legitimate user-agents send an absolute URL
if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
return "45b35e30";
}
diff --git a/include/bad-behavior/core.inc.php b/include/bad-behavior/core.inc.php
index a9d2bbf..663e44b 100644
--- a/include/bad-behavior/core.inc.php
+++ b/include/bad-behavior/core.inc.php
@@ -1,4 +1,5 @@
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
+define('BB2_VERSION', "2.1.8");
// Bad Behavior entry point is bb2_start()
// If you're reading this, you are probably lost.
@@ -22,7 +23,6 @@ function bb2_banned($settings, $package, $key, $previous_key=false)
bb2_banned_callback($settings, $package, $key);
}
// Penalize the spammers some more
- require_once(BB2_CORE . "/housekeeping.inc.php");
bb2_housekeeping($settings, $package);
die();
}
@@ -80,8 +80,8 @@ function bb2_start($settings)
function bb2_screen($settings, $package)
{
- // Please proceed to the security checkpoint and have your
- // identification and boarding pass ready.
+ // Please proceed to the security checkpoint, have your identification
+ // and boarding pass ready, and prepare to be nakedized or fondled.
// Check for CloudFlare CDN since IP to be screened may be different
// Thanks to butchs at Simple Machines
@@ -89,6 +89,10 @@ function bb2_screen($settings, $package)
require_once(BB2_CORE . "/cloudflare.inc.php");
$r = bb2_cloudflare($package);
if ($r !== false && $r != $package['ip']) return $r;
+ # FIXME: For Cloudflare we are bypassing all checks for now
+ # See cloudflare.inc.php for more detail
+ bb2_approved($settings, $package);
+ return false;
}
// First check the whitelist
@@ -113,41 +117,43 @@ function bb2_screen($settings, $package)
// MSIE checks
if (stripos($ua, "; MSIE") !== FALSE) {
$package['is_browser'] = true;
+ require_once(BB2_CORE . "/browser.inc.php");
if (stripos($ua, "Opera") !== FALSE) {
- require_once(BB2_CORE . "/opera.inc.php");
if ($r = bb2_opera($package)) return $r;
} else {
- require_once(BB2_CORE . "/msie.inc.php");
if ($r = bb2_msie($package)) return $r;
}
} elseif (stripos($ua, "Konqueror") !== FALSE) {
$package['is_browser'] = true;
- require_once(BB2_CORE . "/konqueror.inc.php");
+ require_once(BB2_CORE . "/browser.inc.php");
if ($r = bb2_konqueror($package)) return $r;
} elseif (stripos($ua, "Opera") !== FALSE) {
$package['is_browser'] = true;
- require_once(BB2_CORE . "/opera.inc.php");
+ require_once(BB2_CORE . "/browser.inc.php");
if ($r = bb2_opera($package)) return $r;
} elseif (stripos($ua, "Safari") !== FALSE) {
$package['is_browser'] = true;
- require_once(BB2_CORE . "/safari.inc.php");
+ require_once(BB2_CORE . "/browser.inc.php");
if ($r = bb2_safari($package)) return $r;
} elseif (stripos($ua, "Lynx") !== FALSE) {
$package['is_browser'] = true;
- require_once(BB2_CORE . "/lynx.inc.php");
+ require_once(BB2_CORE . "/browser.inc.php");
if ($r = bb2_lynx($package)) return $r;
} elseif (stripos($ua, "MovableType") !== FALSE) {
require_once(BB2_CORE . "/movabletype.inc.php");
if ($r = bb2_movabletype($package)) return $r;
} elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
- require_once(BB2_CORE . "/msnbot.inc.php");
+ require_once(BB2_CORE . "/searchengine.inc.php");
if ($r = bb2_msnbot($package)) return $r;
} elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
- require_once(BB2_CORE . "/google.inc.php");
+ require_once(BB2_CORE . "/searchengine.inc.php");
if ($r = bb2_google($package)) return $r;
+ } elseif (stripos($ua, "Yahoo! Slurp") !== FALSE || stripos($ua, "Yahoo! SearchMonkey") !== FALSE) {
+ require_once(BB2_CORE . "/searchengine.inc.php");
+ if ($r = bb2_yahoo($package)) return $r;
} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
$package['is_browser'] = true;
- require_once(BB2_CORE . "/mozilla.inc.php");
+ require_once(BB2_CORE . "/browser.inc.php");
if ($r = bb2_mozilla($package)) return $r;
}
diff --git a/include/bad-behavior/functions.inc.php b/include/bad-behavior/functions.inc.php
index 1c27cb1..436cf6a 100644
--- a/include/bad-behavior/functions.inc.php
+++ b/include/bad-behavior/functions.inc.php
@@ -64,7 +64,7 @@ function bb2_load_headers() {
if (!is_callable('getallheaders')) {
$headers = array();
foreach ($_SERVER as $h => $v)
- if (ereg('HTTP_(.+)', $h, $hp))
+ if (preg_match('/HTTP_(.+)/', $h, $hp))
$headers[str_replace("_", "-", uc_all($hp[1]))] = $v;
} else {
$headers = getallheaders();
diff --git a/include/bad-behavior/google.inc.php b/include/bad-behavior/google.inc.php
deleted file mode 100644
index 61d424d..0000000
--- a/include/bad-behavior/google.inc.php
+++ /dev/null
@@ -1,18 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Googlebot
-
-require_once(BB2_CORE . "/roundtripdns.inc.php");
-
-function bb2_google($package)
-{
-# if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
-# return "f1182195";
-# }
- if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
- return "f1182195";
- }
- return false;
-}
-
-?>
diff --git a/include/bad-behavior/housekeeping.inc.php b/include/bad-behavior/housekeeping.inc.php
deleted file mode 100644
index b837ee0..0000000
--- a/include/bad-behavior/housekeeping.inc.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-function bb2_housekeeping($settings, $package)
-{
- // FIXME Yes, the interval's hard coded (again) for now.
- $query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` < DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
- bb2_db_query($query);
-
- // Waste a bunch more of the spammer's time, sometimes.
- if (rand(1,1000) == 1) {
- $query = "OPTIMIZE TABLE `" . $settings['log_table'] . "`";
- bb2_db_query($query);
- }
-}
-
-?>
diff --git a/include/bad-behavior/konqueror.inc.php b/include/bad-behavior/konqueror.inc.php
deleted file mode 100644
index 3a84dba..0000000
--- a/include/bad-behavior/konqueror.inc.php
+++ /dev/null
@@ -1,17 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Konqueror
-
-function bb2_konqueror($package)
-{
- // CafeKelsa is a dev project at Yahoo which indexes job listings for
- // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
- if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
- }
- return false;
-}
-
-?>
diff --git a/include/bad-behavior/lynx.inc.php b/include/bad-behavior/lynx.inc.php
deleted file mode 100644
index a59ba10..0000000
--- a/include/bad-behavior/lynx.inc.php
+++ /dev/null
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Lynx
-
-function bb2_lynx($package)
-{
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
- return false;
-}
-
-?>
diff --git a/include/bad-behavior/mozilla.inc.php b/include/bad-behavior/mozilla.inc.php
deleted file mode 100644
index a1cac82..0000000
--- a/include/bad-behavior/mozilla.inc.php
+++ /dev/null
@@ -1,19 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Mozilla
-
-function bb2_mozilla($package)
-{
- // First off, workaround for Google Desktop, until they fix it FIXME
- // Google Desktop fixed it, but apparently some old versions are
- // still out there. :(
- // Always check accept header for Mozilla user agents
- if (strpos($package['headers_mixed']['User-Agent'], "Google Desktop") === FALSE && strpos($package['headers_mixed']['User-Agent'], "PLAYSTATION 3") === FALSE) {
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
- }
- return false;
-}
-
-?>
diff --git a/include/bad-behavior/msie.inc.php b/include/bad-behavior/msie.inc.php
deleted file mode 100644
index 3c49f26..0000000
--- a/include/bad-behavior/msie.inc.php
+++ /dev/null
@@ -1,26 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be MSIE
-
-function bb2_msie($package)
-{
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
-
- // MSIE does NOT send "Windows ME" or "Windows XP" in the user agent
- if (strpos($package['headers_mixed']['User-Agent'], "Windows ME") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows XP") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Windows 2000") !== FALSE || strpos($package['headers_mixed']['User-Agent'], "Win32") !== FALSE) {
- return "a1084bad";
- }
-
- // MSIE does NOT send Connection: TE but Akamai does
- // Bypass this test when Akamai detected
- // The latest version of IE for Windows CE also uses Connection: TE
- if (!array_key_exists('Akamai-Origin-Hop', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "IEMobile") === FALSE && @preg_match('/\bTE\b/i', $package['headers_mixed']['Connection'])) {
- return "2b90f772";
- }
-
- return false;
-}
-
-?>
diff --git a/include/bad-behavior/msnbot.inc.php b/include/bad-behavior/msnbot.inc.php
deleted file mode 100644
index f647082..0000000
--- a/include/bad-behavior/msnbot.inc.php
+++ /dev/null
@@ -1,18 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be msnbot
-
-require_once(BB2_CORE . "/roundtripdns.inc.php");
-
-function bb2_msnbot($package)
-{
-# if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
-# return "e4de0453";
-# }
- if (!bb2_roundtripdns($package['ip'], "msn.com")) {
- return "e4de0453";
- }
- return false;
-}
-
-?>
diff --git a/include/bad-behavior/opera.inc.php b/include/bad-behavior/opera.inc.php
deleted file mode 100644
index e29a8c7..0000000
--- a/include/bad-behavior/opera.inc.php
+++ /dev/null
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Opera
-
-function bb2_opera($package)
-{
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
- return false;
-}
-
-?>
diff --git a/include/bad-behavior/post.inc.php b/include/bad-behavior/post.inc.php
index 5857f1a..e1d8ffa 100644
--- a/include/bad-behavior/post.inc.php
+++ b/include/bad-behavior/post.inc.php
@@ -1,5 +1,30 @@
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+// Specialized screening for trackbacks
+function bb2_trackback($package)
+{
+ // Web browsers don't send trackbacks
+ if ($package['is_browser']) {
+ return 'f0dcb3fd';
+ }
+
+ // Proxy servers don't send trackbacks either
+ if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
+ return 'd60b87c7';
+ }
+
+ // Fake WordPress trackbacks
+ // Real ones do not contain Accept:, and have a charset defined
+ // Real WP trackbacks may contain Accept: depending on the HTTP
+ // transport being used by the sending host
+ if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
+ if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
+ return 'e3990b47';
+ }
+ }
+ return false;
+}
+
// All tests which apply specifically to POST requests
function bb2_post($settings, $package)
{
@@ -17,7 +42,6 @@ function bb2_post($settings, $package)
// Trackbacks need special screening
$request_entity = $package['request_entity'];
if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
- require_once(BB2_CORE . "/trackback.inc.php");
return bb2_trackback($package);
}
diff --git a/include/bad-behavior/responses.inc.php b/include/bad-behavior/responses.inc.php
index bc1ff9c..48e9702 100644
--- a/include/bad-behavior/responses.inc.php
+++ b/include/bad-behavior/responses.inc.php
@@ -20,6 +20,7 @@ function bb2_get_response($key) {
'69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
'6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
'70e45496' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'User agent claimed to be CloudFlare, claim appears false'),
+ '71436a15' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be Yahoo, claim appears to be false'),
'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
'7ad04a8a' => array('response' => 400, 'explanation' => 'The automated program you are using is not permitted to access this server. Please use a different program or a standard Web browser.', 'log' => 'Prohibited header \'Range\' present'),
diff --git a/include/bad-behavior/safari.inc.php b/include/bad-behavior/safari.inc.php
deleted file mode 100644
index 523bdd5..0000000
--- a/include/bad-behavior/safari.inc.php
+++ /dev/null
@@ -1,13 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Analyze user agents claiming to be Safari
-
-function bb2_safari($package)
-{
- if (!array_key_exists('Accept', $package['headers_mixed'])) {
- return "17566707";
- }
- return false;
-}
-
-?>
diff --git a/include/bad-behavior/searchengine.inc.php b/include/bad-behavior/searchengine.inc.php
new file mode 100644
index 0000000..582bf0f
--- /dev/null
+++ b/include/bad-behavior/searchengine.inc.php
@@ -0,0 +1,47 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+require_once(BB2_CORE . "/roundtripdns.inc.php");
+
+// Analyze user agents claiming to be Googlebot
+
+function bb2_google($package)
+{
+ if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18")) === FALSE) {
+ return "f1182195";
+ }
+# Disabled due to http://bugs.php.net/bug.php?id=53092
+# if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
+# return "f1182195";
+# }
+ return false;
+}
+
+// Analyze user agents claiming to be msnbot
+
+function bb2_msnbot($package)
+{
+ if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
+ return "e4de0453";
+ }
+# Disabled due to http://bugs.php.net/bug.php?id=53092
+# if (!bb2_roundtripdns($package['ip'], "msn.com")) {
+# return "e4de0453";
+# }
+ return false;
+}
+
+// Analyze user agents claiming to be Yahoo!
+
+function bb2_yahoo($package)
+{
+ if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14")) === FALSE) {
+ return '71436a15';
+ }
+# Disabled due to http://bugs.php.net/bug.php?id=53092
+# if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
+# return "71436a15";
+# }
+ return false;
+}
+
+?>
diff --git a/include/bad-behavior/trackback.inc.php b/include/bad-behavior/trackback.inc.php
deleted file mode 100644
index b284f67..0000000
--- a/include/bad-behavior/trackback.inc.php
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-
-// Specialized screening for trackbacks
-function bb2_trackback($package)
-{
- // Web browsers don't send trackbacks
- if ($package['is_browser']) {
- return 'f0dcb3fd';
- }
-
- // Proxy servers don't send trackbacks either
- if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
- return 'd60b87c7';
- }
-
- // Fake WordPress trackbacks
- // Real ones do not contain Accept:, and have a charset defined
- // Real WP trackbacks may contain Accept: depending on the HTTP
- // transport being used by the sending host
- if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
- if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
- return 'e3990b47';
- }
- }
- return false;
-}
-
-?>
diff --git a/include/bad-behavior/version.inc.php b/include/bad-behavior/version.inc.php
deleted file mode 100644
index 9b7cde8..0000000
--- a/include/bad-behavior/version.inc.php
+++ /dev/null
@@ -1,3 +0,0 @@
-<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.1.7");
-?>
More information about the Xfce4-commits
mailing list