[Xfce4-commits] [www/forum.xfce.org] 69/79: Update bad behaviour to 2.2.13.

noreply at xfce.org noreply at xfce.org
Tue May 21 14:49:04 CEST 2019 

This is an automated email from the git hooks/post-receive script.

s   k   u   n   n   y   k       p   u   s   h   e   d       a       c   o   m   m   i   t       t   o       b   r   a   n   c   h       o   l   d   f   o   r   u   m   
   in repository www/forum.xfce.org.

commit 367efbae6252e02a28fc3246c8203bd8607e3a65
Author: Nick Schermer <nick at xfce.org>
Date:   Sun Jan 13 17:35:07 2013 +0100

    Update bad behaviour to 2.2.13.
---
 include/bad-behavior/blacklist.inc.php    |  3 ---
 include/bad-behavior/core.inc.php         |  9 ++++++++-
 include/bad-behavior/searchengine.inc.php | 29 +++++++++++++++++++++++------
 3 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/include/bad-behavior/blacklist.inc.php b/include/bad-behavior/blacklist.inc.php
index b122ca6..89009e5 100644
--- a/include/bad-behavior/blacklist.inc.php
+++ b/include/bad-behavior/blacklist.inc.php
@@ -140,9 +140,6 @@ function bb2_blacklist($package) {
 		"..\\",				// path traversal
 		"%60information_schema%60",	// SQL injection probe
 		"+%2F*%21",			// SQL injection probe
-		"+and+%",			// SQL injection probe
-		"+and+1%",			// SQL injection probe
-		"+and+if",			// SQL injection probe
 		"%27--",			// SQL injection
 		"%27 --",			// SQL injection
 		"%27%23",			// SQL injection
diff --git a/include/bad-behavior/core.inc.php b/include/bad-behavior/core.inc.php
index 441ad59..20c40e5 100644
--- a/include/bad-behavior/core.inc.php
+++ b/include/bad-behavior/core.inc.php
@@ -1,5 +1,5 @@
 <?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.2.11");
+define('BB2_VERSION', "2.2.13");
 
 // Bad Behavior entry point is bb2_start()
 // If you're reading this, you are probably lost.
@@ -165,6 +165,13 @@ function bb2_screen($settings, $package)
 				return $r;
 			}
 			return false;
+		} elseif (stripos($ua, "Baidu") !== FALSE) {
+			require_once(BB2_CORE . "/searchengine.inc.php");
+			if ($r = bb2_baidu($package)) {
+				if ($r == 1) return false;	# whitelisted
+				return $r;
+			}
+			return false;
 		}
 		// MSIE checks
 		if (stripos($ua, "; MSIE") !== FALSE) {
diff --git a/include/bad-behavior/searchengine.inc.php b/include/bad-behavior/searchengine.inc.php
index 27858b7..2e49459 100644
--- a/include/bad-behavior/searchengine.inc.php
+++ b/include/bad-behavior/searchengine.inc.php
@@ -6,40 +6,57 @@ require_once(BB2_CORE . "/roundtripdns.inc.php");
 
 function bb2_google($package)
 {
+	if (@is_ipv6($package['ip'])) return false;	# TODO
 	if (match_cidr($package['ip'], array("66.249.64.0/19", "64.233.160.0/19", "72.14.192.0/18", "203.208.32.0/19", "74.125.0.0/16", "216.239.32.0/19", "209.85.128.0/17")) === FALSE) {
-		return "f1182195";
+		return false;	# Soft fail, must pass other screening
+		#return "f1182195";	# Hard fail
 	}
 #	Disabled due to http://bugs.php.net/bug.php?id=53092
 #	if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
 #		return "f1182195";
 #	}
-	return false;
+	return 1;	# Real Googlebot; bypass all other checks
 }
 
 // Analyze user agents claiming to be msnbot
 
 function bb2_msnbot($package)
 {
+	if (@is_ipv6($package['ip'])) return false;	# TODO
 	if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14", "131.253.21.0/24", "131.253.22.0/23", "131.253.24.0/21", "131.253.32.0/20")) === FALSE) {
-		return "e4de0453";
+		return false;	# Soft fail, must pass other screening
+		#return "e4de0453";	# Hard fail
 	}
 #	Disabled due to http://bugs.php.net/bug.php?id=53092
 #	if (!bb2_roundtripdns($package['ip'], "msn.com")) {
 #		return "e4de0453";
 #	}
-	return false;
+	return 1;	# Real msnbot; bypass all other checks
 }
 
 // Analyze user agents claiming to be Yahoo!
 
 function bb2_yahoo($package)
 {
+	if (@is_ipv6($package['ip'])) return false;	# TODO
 	if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
-		return '71436a15';
+		return false;	# Soft fail, must pass other screening
+		#return '71436a15';	# Hard fail
 	}
 #	Disabled due to http://bugs.php.net/bug.php?id=53092
 #	if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
 #		return "71436a15";
 #	}
-	return false;
+	return 1;	# Real Yahoo bot; bypass all other checks
+}
+
+// Analyze user agents claiming to be Baidu
+
+function bb2_baidu($package)
+{
+	if (@is_ipv6($package['ip'])) return false;	# TODO
+	if (match_cidr($package['ip'], array("119.63.192.0/21", "123.125.71.0/24", "180.76.0.0/16", "220.181.0.0/16")) === FALSE) {
+		return false;	# Soft fail, must pass other screening
+	}
+	return 1;	# Real Baidu bot; bypass all other checks
 }

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Xfce4-commits mailing list