[Xfce4-commits] <forum:master> Update bad-behaviour.

Tue Dec 4 19:38:02 CET 2012

Updating branch refs/heads/master
         to 97f4505a894099542126f74312e6e5e3f75bd1c9 (commit)
       from b0aace746d4fb0e611c7c899206d0ad09e8a0398 (commit)

commit 97f4505a894099542126f74312e6e5e3f75bd1c9
Author: Nick Schermer <nick at xfce.org>
Date:   Tue Dec 4 19:36:13 2012 +0100

    Update bad-behaviour.

 include/bad-behavior/blacklist.inc.php |   10 +++++++++-
 include/bad-behavior/core.inc.php      |    2 +-
 include/bad-behavior/whitelist.inc.php |    6 +++---
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/include/bad-behavior/blacklist.inc.php b/include/bad-behavior/blacklist.inc.php
index ba4554e..b122ca6 100644
--- a/include/bad-behavior/blacklist.inc.php
+++ b/include/bad-behavior/blacklist.inc.php
@@ -33,16 +33,19 @@ function bb2_blacklist($package) {
 		"Microsoft URL",	// unidentified robots
 		"Missigua",		// spam harvester
 		"MJ12bot/v1.0.8",	// malicious botnet
+		"Morfeus",		// vulnerability scanner
 		"Movable Type",		// customised spambots
-		"Mozilla ",		// malicious software
+		//"Mozilla ",		// malicious software
 		"Mozilla/0",		// malicious software
 		"Mozilla/1",		// malicious software
 		"Mozilla/2",		// malicious software
 		"Mozilla/3",		// malicious software
 		"Mozilla/4.0(",		// from honeypot
 		"Mozilla/4.0+(compatible;+",	// suspicious harvester
+		"Mozilla/4.0 (Hydra)",	// brute force tool
 		"MSIE",			// malicious software
 		"MVAClient",		// automated hacking attempts
+		"Nessus",		// vulnerability scanner
 		"NutchCVS",		// unidentified robots
 		"Nutscrape/",		// misc comment spam
 		"OmniExplorer",		// spam harvester
@@ -53,11 +56,13 @@ function bb2_blacklist($package) {
 		"Python-urllib",	// commonly abused
 //		WP 2.5 now has Flash; FIXME
 //		"Shockwave Flash",	// spam harvester
+		"sqlmap/",		// SQL injection
 		"Super Happy Fun ",	// spam harvester
 		"TrackBack/",		// trackback spam
 		"user",			// suspicious harvester
 		"User Agent: ",		// spam harvester
 		"User-Agent: ",		// spam harvester
+		"w3af",			// vulnerability scanner
 		"WebSite-X Suite",	// misc comment spam
 		"Winnie Poh",		// Automated Coppermine hacks
 		"Wordpress",		// malicious software
@@ -81,12 +86,15 @@ function bb2_blacklist($package) {
 		"hanzoweb",		// very badly behaved crawler
 		"Havij",		// SQL injection tool
 		"Indy Library",		// misc comment/email spam
+		"Ming Mong",		// brute force tool
 		"MSIE 7.0;  Windows NT 5.2",	// Cyveillance
 		"Murzillo compatible",	// comment spam bot
 		".NET CLR 1)",		// free poker, etc.
 		".NET CLR1",		// spam harvester
+		"Nikto/",		// vulnerability scanner
 		"Perman Surfer",	// old and very broken harvester
 		"POE-Component-Client",	// free poker, etc.
+		"Teh Forest Lobster",	// brute force tool
 		"Turing Machine",	// www.anonymizer.com abuse
 		"Ubuntu/9.25",		// comment spam bot
 		"unspecified.mail",	// stealth harvesters
diff --git a/include/bad-behavior/core.inc.php b/include/bad-behavior/core.inc.php
index 7210d3a..441ad59 100644
--- a/include/bad-behavior/core.inc.php
+++ b/include/bad-behavior/core.inc.php
@@ -1,5 +1,5 @@
 <?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.2.10");
+define('BB2_VERSION', "2.2.11");
 
 // Bad Behavior entry point is bb2_start()
 // If you're reading this, you are probably lost.
diff --git a/include/bad-behavior/whitelist.inc.php b/include/bad-behavior/whitelist.inc.php
index 0e1e710..67a1f6b 100644
--- a/include/bad-behavior/whitelist.inc.php
+++ b/include/bad-behavior/whitelist.inc.php
@@ -10,12 +10,12 @@ function bb2_run_whitelist($package)
 	}
 
 	if (@!empty($whitelists['ip'])) {
-		foreach ($whitelists['ip'] as $range) {
+		foreach (array_filter($whitelists['ip']) as $range) {
 			if (match_cidr($package['ip'], $range)) return true;
 		}
 	}
 	if (@!empty($whitelists['useragent'])) {
-		foreach ($whitelists['useragent'] as $user_agent) {
+		foreach (array_filter($whitelists['useragent']) as $user_agent) {
 			if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
 		}
 	}
@@ -25,7 +25,7 @@ function bb2_run_whitelist($package)
 		} else {
 			$request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
 		}
-		foreach ($whitelists['url'] as $url) {
+		foreach (array_filter($whitelists['url']) as $url) {
 			$pos = strpos($request_uri, $url);
 			if ($pos !== false && $pos == 0) return true;
 		}
