[Xfce4-commits] [www/forum.xfce.org] 65/79: Update bad-behaviour.

noreply at xfce.org noreply at xfce.org
Tue May 21 14:49:00 CEST 2019 

This is an automated email from the git hooks/post-receive script.

s   k   u   n   n   y   k       p   u   s   h   e   d       a       c   o   m   m   i   t       t   o       b   r   a   n   c   h       o   l   d   f   o   r   u   m   
   in repository www/forum.xfce.org.

commit 97f4505a894099542126f74312e6e5e3f75bd1c9
Author: Nick Schermer <nick at xfce.org>
Date:   Tue Dec 4 19:36:13 2012 +0100

    Update bad-behaviour.
---
 include/bad-behavior/blacklist.inc.php | 10 +++++++++-
 include/bad-behavior/core.inc.php      |  2 +-
 include/bad-behavior/whitelist.inc.php |  6 +++---
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/include/bad-behavior/blacklist.inc.php b/include/bad-behavior/blacklist.inc.php
index ba4554e..b122ca6 100644
--- a/include/bad-behavior/blacklist.inc.php
+++ b/include/bad-behavior/blacklist.inc.php
@@ -33,16 +33,19 @@ function bb2_blacklist($package) {
 		"Microsoft URL",	// unidentified robots
 		"Missigua",		// spam harvester
 		"MJ12bot/v1.0.8",	// malicious botnet
+		"Morfeus",		// vulnerability scanner
 		"Movable Type",		// customised spambots
-		"Mozilla ",		// malicious software
+		//"Mozilla ",		// malicious software
 		"Mozilla/0",		// malicious software
 		"Mozilla/1",		// malicious software
 		"Mozilla/2",		// malicious software
 		"Mozilla/3",		// malicious software
 		"Mozilla/4.0(",		// from honeypot
 		"Mozilla/4.0+(compatible;+",	// suspicious harvester
+		"Mozilla/4.0 (Hydra)",	// brute force tool
 		"MSIE",			// malicious software
 		"MVAClient",		// automated hacking attempts
+		"Nessus",		// vulnerability scanner
 		"NutchCVS",		// unidentified robots
 		"Nutscrape/",		// misc comment spam
 		"OmniExplorer",		// spam harvester
@@ -53,11 +56,13 @@ function bb2_blacklist($package) {
 		"Python-urllib",	// commonly abused
 //		WP 2.5 now has Flash; FIXME
 //		"Shockwave Flash",	// spam harvester
+		"sqlmap/",		// SQL injection
 		"Super Happy Fun ",	// spam harvester
 		"TrackBack/",		// trackback spam
 		"user",			// suspicious harvester
 		"User Agent: ",		// spam harvester
 		"User-Agent: ",		// spam harvester
+		"w3af",			// vulnerability scanner
 		"WebSite-X Suite",	// misc comment spam
 		"Winnie Poh",		// Automated Coppermine hacks
 		"Wordpress",		// malicious software
@@ -81,12 +86,15 @@ function bb2_blacklist($package) {
 		"hanzoweb",		// very badly behaved crawler
 		"Havij",		// SQL injection tool
 		"Indy Library",		// misc comment/email spam
+		"Ming Mong",		// brute force tool
 		"MSIE 7.0;  Windows NT 5.2",	// Cyveillance
 		"Murzillo compatible",	// comment spam bot
 		".NET CLR 1)",		// free poker, etc.
 		".NET CLR1",		// spam harvester
+		"Nikto/",		// vulnerability scanner
 		"Perman Surfer",	// old and very broken harvester
 		"POE-Component-Client",	// free poker, etc.
+		"Teh Forest Lobster",	// brute force tool
 		"Turing Machine",	// www.anonymizer.com abuse
 		"Ubuntu/9.25",		// comment spam bot
 		"unspecified.mail",	// stealth harvesters
diff --git a/include/bad-behavior/core.inc.php b/include/bad-behavior/core.inc.php
index 7210d3a..441ad59 100644
--- a/include/bad-behavior/core.inc.php
+++ b/include/bad-behavior/core.inc.php
@@ -1,5 +1,5 @@
 <?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.2.10");
+define('BB2_VERSION', "2.2.11");
 
 // Bad Behavior entry point is bb2_start()
 // If you're reading this, you are probably lost.
diff --git a/include/bad-behavior/whitelist.inc.php b/include/bad-behavior/whitelist.inc.php
index 0e1e710..67a1f6b 100644
--- a/include/bad-behavior/whitelist.inc.php
+++ b/include/bad-behavior/whitelist.inc.php
@@ -10,12 +10,12 @@ function bb2_run_whitelist($package)
 	}
 
 	if (@!empty($whitelists['ip'])) {
-		foreach ($whitelists['ip'] as $range) {
+		foreach (array_filter($whitelists['ip']) as $range) {
 			if (match_cidr($package['ip'], $range)) return true;
 		}
 	}
 	if (@!empty($whitelists['useragent'])) {
-		foreach ($whitelists['useragent'] as $user_agent) {
+		foreach (array_filter($whitelists['useragent']) as $user_agent) {
 			if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
 		}
 	}
@@ -25,7 +25,7 @@ function bb2_run_whitelist($package)
 		} else {
 			$request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
 		}
-		foreach ($whitelists['url'] as $url) {
+		foreach (array_filter($whitelists['url']) as $url) {
 			$pos = strpos($request_uri, $url);
 			if ($pos !== false && $pos == 0) return true;
 		}

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Xfce4-commits mailing list