This is an automated email from the git hooks/post-receive script.
s���k���u���n���n���y���k��� ���p���u���s���h���e���d��� ���a���
���c���o���m���m���i���t��� ���t���o��� ���b���r���a���n���c���h���
���o���l���d���f���o���r���u���m���
���in repository www/forum.xfce.org.
commit a47fa75336802e076e6b74af60fdff016693d9de
Author: Nick Schermer <n...@xfce.org>
Date: Sat Nov 13 11:30:17 2010 +0100
Update bad behaviour plugin to 2.1.7.
---
include/bad-behavior/banned.inc.php | 8 +++++---
include/bad-behavior/blackhole.inc.php | 5 -----
include/bad-behavior/cloudflare.inc.php | 15 +++++++++++++++
include/bad-behavior/common_tests.inc.php | 13 +++++++++----
include/bad-behavior/core.inc.php | 19 +++++++++++++++++--
include/bad-behavior/functions.inc.php | 5 +++++
include/bad-behavior/google.inc.php | 7 ++++++-
include/bad-behavior/msnbot.inc.php | 7 ++++++-
include/bad-behavior/responses.inc.php | 2 ++
include/bad-behavior/roundtripdns.inc.php | 20 ++++++++++++++++++++
include/bad-behavior/version.inc.php | 2 +-
include/whitelist.ini | 26 ++++++++++++++++++++++++++
plugins/AP_Bad_Behavior.php | 1 +
13 files changed, 113 insertions(+), 17 deletions(-)
diff --git a/include/bad-behavior/banned.inc.php
b/include/bad-behavior/banned.inc.php
index 85a58f2..2b26cb1 100644
--- a/include/bad-behavior/banned.inc.php
+++ b/include/bad-behavior/banned.inc.php
@@ -5,7 +5,7 @@
require_once(BB2_CORE . "/responses.inc.php");
-function bb2_display_denial($settings, $key, $previous_key = false)
+function bb2_display_denial($settings, $package, $key, $previous_key = false)
{
define('DONOTCACHEPAGE', true); // WP Super Cache
if (!$previous_key) $previous_key = $key;
@@ -13,7 +13,7 @@ function bb2_display_denial($settings, $key, $previous_key =
false)
// FIXME: lookup the real key
}
// Create support key
- $ip = explode(".", $_SERVER['REMOTE_ADDR']);
+ $ip = explode(".", $package['ip']);
$ip_hex = "";
foreach ($ip as $octet) {
$ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
@@ -24,6 +24,8 @@ function bb2_display_denial($settings, $key, $previous_key =
false)
$response = bb2_get_response($previous_key);
header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
header("Status: " . $response['response'] . " Bad Behavior");
+ $request_uri = $_SERVER["REQUEST_URI"];
+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<!--< html xmlns="http://www.w3.org/1999/xhtml";>-->
@@ -33,7 +35,7 @@ function bb2_display_denial($settings, $key, $previous_key =
false)
<body>
<h1>Error <?php echo $response['response']; ?></h1>
<p>We're sorry, but we could not fulfill your request for
-<?php echo htmlspecialchars($_SERVER['REQUEST_URI']) ?> on this server.</p>
+<?php echo htmlspecialchars($request_uri) ?> on this server.</p>
<p><?php echo $response['explanation']; ?></p>
<p>Your technical support key is: <strong><?php echo $support_key;
?></strong></p>
<p>You can use this key to <a
href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key;
?>">fix this problem yourself</a>.</p>
diff --git a/include/bad-behavior/blackhole.inc.php
b/include/bad-behavior/blackhole.inc.php
index 63829a6..f3bdff9 100644
--- a/include/bad-behavior/blackhole.inc.php
+++ b/include/bad-behavior/blackhole.inc.php
@@ -1,10 +1,5 @@
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
-// Quick and dirty check for an IPv6 address
-function is_ipv6($address) {
- return (strpos($address, ":")) ? TRUE : FALSE;
-}
-
// Look up address on various blackhole lists.
// These should not be used for GET requests under any circumstances!
// FIXME: Note that this code is no longer in use
diff --git a/include/bad-behavior/cloudflare.inc.php
b/include/bad-behavior/cloudflare.inc.php
new file mode 100644
index 0000000..4f77f48
--- /dev/null
+++ b/include/bad-behavior/cloudflare.inc.php
@@ -0,0 +1,15 @@
+<?php if (!defined('BB2_CORE')) die('I said no cheating!');
+
+// Analyze requests claiming to be from CloudFlare
+
+require_once(BB2_CORE . "/roundtripdns.inc.php");
+
+function bb2_cloudflare($package)
+{
+ if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
+ return '70e45496';
+ }
+ return false;
+}
+
+?>
diff --git a/include/bad-behavior/common_tests.inc.php
b/include/bad-behavior/common_tests.inc.php
index e4d88f0..fea693f 100644
--- a/include/bad-behavior/common_tests.inc.php
+++ b/include/bad-behavior/common_tests.inc.php
@@ -4,7 +4,6 @@
function bb2_protocol($settings, $package)
{
- // Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
// Always run this test; we should never see Expect:
if (array_key_exists('Expect', $package['headers_mixed']) &&
stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
return "a0105122";
@@ -54,9 +53,9 @@ function bb2_misc_headers($settings, $package)
// Real user-agents do not start ranges at 0
// NOTE: this blocks the whois.sc bot. No big loss.
// Exceptions: MT (not fixable); LJ (refuses to fix; may be
- // blocked again in the future)
+ // blocked again in the future); Facebook
if ($settings['strict'] && array_key_exists('Range',
$package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-")
!== FALSE) {
- if (strncmp($ua, "MovableType", 11) && strncmp($ua,
"URI::Fetch", 10) && strncmp($ua, "php-openid/", 11)) {
+ if (strncmp($ua, "MovableType", 11) && strncmp($ua,
"URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua,
"facebookexternalhit", 19)) {
return "7ad04a8a";
}
}
@@ -105,6 +104,12 @@ function bb2_misc_headers($settings, $package)
if (preg_match('/\bkeep-alive,\s?keep-alive\b/i',
$package['headers_mixed']['Connection'])) {
return "a52f0448";
}
+ // Keep-Alive format in RFC 2068; some bots mangle these headers
+ if (stripos($package['headers_mixed']['Connection'],
"Keep-Alive: ") !== FALSE) {
+ return "b0924802";
+ }
+ // Close should not be oddly capitalized
+
}
@@ -113,7 +118,7 @@ function bb2_misc_headers($settings, $package)
return "b9cc1d86";
}
// Proxy-Connection does not exist and should never be seen in the wild
- if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
+ if ($settings['strict'] && array_key_exists('Proxy-Connection',
$package['headers_mixed'])) {
return "b7830251";
}
diff --git a/include/bad-behavior/core.inc.php
b/include/bad-behavior/core.inc.php
index 0b09fb5..a9d2bbf 100644
--- a/include/bad-behavior/core.inc.php
+++ b/include/bad-behavior/core.inc.php
@@ -16,7 +16,7 @@ function bb2_banned($settings, $package, $key,
$previous_key=false)
sleep(2);
require_once(BB2_CORE . "/banned.inc.php");
- bb2_display_denial($settings, $key, $previous_key);
+ bb2_display_denial($settings, $package, $key, $previous_key);
bb2_log_denial($settings, $package, $key, $previous_key);
if (is_callable('bb2_banned_callback')) {
bb2_banned_callback($settings, $package, $key);
@@ -64,7 +64,14 @@ function bb2_start($settings)
}
}
- @$package = array('ip' => $_SERVER['REMOTE_ADDR'], 'headers' =>
$headers, 'headers_mixed' => $headers_mixed, 'request_method' =>
$_SERVER['REQUEST_METHOD'], 'request_uri' => $_SERVER['REQUEST_URI'],
'server_protocol' => $_SERVER['SERVER_PROTOCOL'], 'request_entity' =>
$request_entity, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'is_browser' =>
false);
+ $request_uri = $_SERVER["REQUEST_URI"];
+ if (!$request_uri) $request_uri = $_SERVER['SCRIPT_NAME']; # IIS
+
+ # Nasty CloudFlare hack provided by butchs at simplemachines
+ $ip_temp = preg_replace("/^::ffff:/", "",
(array_key_exists('Cf-Connecting-Ip', $headers_mixed)) ?
$_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR']);
+ $cloudflare_ip = preg_replace("/^::ffff:/", "",
$_SERVER['REMOTE_ADDR']);
+
+ @$package = array('ip' => $ip_temp, 'headers' => $headers,
'headers_mixed' => $headers_mixed, 'request_method' =>
$_SERVER['REQUEST_METHOD'], 'request_uri' => $request_uri, 'server_protocol' =>
$_SERVER['SERVER_PROTOCOL'], 'request_entity' => $request_entity, 'user_agent'
=> $_SERVER['HTTP_USER_AGENT'], 'is_browser' => false, 'cloudflare' =>
$cloudflare_ip);
$result = bb2_screen($settings, $package);
if ($result && !defined('BB2_TEST')) bb2_banned($settings, $package,
$result);
@@ -76,6 +83,14 @@ function bb2_screen($settings, $package)
// Please proceed to the security checkpoint and have your
// identification and boarding pass ready.
+ // Check for CloudFlare CDN since IP to be screened may be different
+ // Thanks to butchs at Simple Machines
+ if (array_key_exists('Cf-Connecting-Ip', $package['headers_mixed'])) {
+ require_once(BB2_CORE . "/cloudflare.inc.php");
+ $r = bb2_cloudflare($package);
+ if ($r !== false && $r != $package['ip']) return $r;
+ }
+
// First check the whitelist
require_once(BB2_CORE . "/whitelist.inc.php");
if (!bb2_whitelist($package)) {
diff --git a/include/bad-behavior/functions.inc.php
b/include/bad-behavior/functions.inc.php
index 22e8882..1c27cb1 100644
--- a/include/bad-behavior/functions.inc.php
+++ b/include/bad-behavior/functions.inc.php
@@ -2,6 +2,11 @@
// Miscellaneous helper functions.
+// Quick and dirty check for an IPv6 address
+function is_ipv6($address) {
+ return (strpos($address, ":")) ? TRUE : FALSE;
+}
+
// stripos() needed because stripos is only present on PHP 5
if (!function_exists('stripos')) {
function stripos($haystack,$needle,$offset = 0) {
diff --git a/include/bad-behavior/google.inc.php
b/include/bad-behavior/google.inc.php
index 956bdb4..61d424d 100644
--- a/include/bad-behavior/google.inc.php
+++ b/include/bad-behavior/google.inc.php
@@ -2,9 +2,14 @@
// Analyze user agents claiming to be Googlebot
+require_once(BB2_CORE . "/roundtripdns.inc.php");
+
function bb2_google($package)
{
- if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE &&
match_cidr($package['ip'], "64.233.160.0/19") === FALSE &&
match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
+# if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE &&
match_cidr($package['ip'], "64.233.160.0/19") === FALSE &&
match_cidr($package['ip'], "72.14.192.0/18") === FALSE) {
+# return "f1182195";
+# }
+ if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
return "f1182195";
}
return false;
diff --git a/include/bad-behavior/msnbot.inc.php
b/include/bad-behavior/msnbot.inc.php
index 0341da1..f647082 100644
--- a/include/bad-behavior/msnbot.inc.php
+++ b/include/bad-behavior/msnbot.inc.php
@@ -2,9 +2,14 @@
// Analyze user agents claiming to be msnbot
+require_once(BB2_CORE . "/roundtripdns.inc.php");
+
function bb2_msnbot($package)
{
- if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE &&
match_cidr($package['ip'], "65.52.0.0/14") === FALSE &&
match_cidr($package['ip'], "207.68.128.0/18") === FALSE &&
match_cidr($package['ip'], "207.68.192.0/20") === FALSE &&
match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
+# if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE &&
match_cidr($package['ip'], "65.52.0.0/14") === FALSE &&
match_cidr($package['ip'], "207.68.128.0/18") === FALSE &&
match_cidr($package['ip'], "207.68.192.0/20") === FALSE &&
match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
+# return "e4de0453";
+# }
+ if (!bb2_roundtripdns($package['ip'], "msn.com")) {
return "e4de0453";
}
return false;
diff --git a/include/bad-behavior/responses.inc.php
b/include/bad-behavior/responses.inc.php
index 89c995c..bc1ff9c 100644
--- a/include/bad-behavior/responses.inc.php
+++ b/include/bad-behavior/responses.inc.php
@@ -19,6 +19,7 @@ function bb2_get_response($key) {
'582ec5e4' => array('response' => 400, 'explanation' => 'An
invalid request was received. If you are using a proxy server, bypass the proxy
server or contact your proxy server administrator. This may also be caused by a
bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not
specified in \'Connection\' header'),
'69920ee5' => array('response' => 400, 'explanation' => 'An
invalid request was received from your browser. This may be caused by a
malfunctioning proxy server or browser privacy software.', 'log' => 'Header
\'Referer\' present but blank'),
'6c502ff1' => array('response' => 403, 'explanation' => 'You do
not have permission to access this server.', 'log' => 'Bot not fully compliant
with RFC 2965'),
+ '70e45496' => array('response' => 403, 'explanation' => 'You do
not have permission to access this server.', 'log' => 'User agent claimed to be
CloudFlare, claim appears false'),
'799165c2' => array('response' => 403, 'explanation' => 'You do
not have permission to access this server.', 'log' => 'Rotating user-agents
detected'),
'7a06532b' => array('response' => 400, 'explanation' => 'An
invalid request was received from your browser. This may be caused by a
malfunctioning proxy server or browser privacy software.', 'log' => 'Required
header \'Accept-Encoding\' missing'),
'7ad04a8a' => array('response' => 400, 'explanation' => 'The
automated program you are using is not permitted to access this server. Please
use a different program or a standard Web browser.', 'log' => 'Prohibited
header \'Range\' present'),
@@ -28,6 +29,7 @@ function bb2_get_response($key) {
'a0105122' => array('response' => 417, 'explanation' =>
'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\'
prohibited; resend without Expect'),
'a1084bad' => array('response' => 403, 'explanation' => 'You do
not have permission to access this server.', 'log' => 'User-Agent claimed to be
MSIE, with invalid Windows version'),
'a52f0448' => array('response' => 400, 'explanation' => 'An
invalid request was received. This may be caused by a malfunctioning proxy
server or browser privacy software. If you are using a proxy server, bypass the
proxy server or contact your proxy server administrator.', 'log' => 'Header
\'Connection\' contains invalid values'),
+ 'b0924802' => array('response' => 400, 'explanation' => 'An
invalid request was received. This may be caused by malicious software on your
computer.', 'log' => 'Incorrect form of HTTP/1.0 Keep-Alive'),
'b40c8ddc' => array('response' => 403, 'explanation' => 'You do
not have permission to access this server. Before trying again, close your
browser, run anti-virus and anti-spyware software and remove any viruses and
spyware from your computer.', 'log' => 'POST more than two days after GET'),
'b7830251' => array('response' => 400, 'explanation' => 'Your
proxy server sent an invalid request. Please contact the proxy server
administrator to have this problem fixed.', 'log' => 'Prohibited header
\'Proxy-Connection\' present'),
'b9cc1d86' => array('response' => 403, 'explanation' => 'The
proxy server you are using is not permitted to access this server. Please
bypass the proxy server, or contact your proxy server administrator.', 'log' =>
'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
diff --git a/include/bad-behavior/roundtripdns.inc.php
b/include/bad-behavior/roundtripdns.inc.php
new file mode 100644
index 0000000..0c993ec
--- /dev/null
+++ b/include/bad-behavior/roundtripdns.inc.php
@@ -0,0 +1,20 @@
+<?php if (!defined('BB2_CORE')) die("I said no cheating!");
+
+# Round trip DNS verification
+
+# Returns TRUE if DNS matches; FALSE on mismatch
+# Returns $ip if an error occurs
+# TODO: Not IPv6 safe
+# FIXME: Returns false on DNS server failure; PHP provides no distinction
+# between no records and error condition
+function bb2_roundtripdns($ip,$domain)
+{
+ if (@is_ipv6($ip)) return $ip;
+
+ $host = gethostbyaddr($ip);
+ $host_result = strpos(strrev($host), strrev($domain));
+ if ($host_result === false || $host_result > 0) return false;
+ $addrs = gethostbynamel($host);
+ if (in_array($ip, $addrs)) return true;
+ return false;
+}
diff --git a/include/bad-behavior/version.inc.php
b/include/bad-behavior/version.inc.php
index f615eae..9b7cde8 100644
--- a/include/bad-behavior/version.inc.php
+++ b/include/bad-behavior/version.inc.php
@@ -1,3 +1,3 @@
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.1.2");
+define('BB2_VERSION', "2.1.7");
?>
diff --git a/include/whitelist.ini b/include/whitelist.ini
new file mode 100644
index 0000000..83d248c
--- /dev/null
+++ b/include/whitelist.ini
@@ -0,0 +1,26 @@
+; Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior
+; to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN
+; that you should.
+
+; IP address ranges use the CIDR format.
+
+[ip]
+; Digg whitelisted as of 2.0.12
+ip[] = "64.191.203.34"
+ip[] = "208.67.217.130"
+; RFC 1918 addresses
+ip[] = "10.0.0.0/8"
+ip[] = "172.16.0.0/12"
+ip[] = "192.168.0.0/16"
+
+; User agents are matched by exact match only.
+
+[useragent]
+useragent[] = "Mozilla/4.0 (It's me, let me in)"
+
+; URLs are matched from the first / after the server name up to, but not
+; including, the ? (if any). The URL to be whitelisted is a URL on YOUR site.
+
+[url]
+url[] = "/example.php"
+url[] = "/openid/server"
diff --git a/plugins/AP_Bad_Behavior.php b/plugins/AP_Bad_Behavior.php
index 188807c..3c0b41d 100644
--- a/plugins/AP_Bad_Behavior.php
+++ b/plugins/AP_Bad_Behavior.php
@@ -63,6 +63,7 @@ else
<div class="box">
<div class="inbox">
<p><?php echo bb2_insert_stats(true) ?></p>
+ <p>Powered by <a
href="http://www.bad-behavior.ioerror.us/";>Bad Behavior</a> version <?php echo
BB2_VERSION ?></p>
</div>
</div>
<h2 class="block2"><span>Settings</span></h2>
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
Xfce4-commits mailing list
Xfce4-commits@xfce.org
https://mail.xfce.org/mailman/listinfo/xfce4-commits
