This is an automated email from the git hooks/post-receive script.
s���k���u���n���n���y���k��� ���p���u���s���h���e���d��� ���a���
���c���o���m���m���i���t��� ���t���o��� ���b���r���a���n���c���h���
���o���l���d���f���o���r���u���m���
���in repository www/forum.xfce.org.
commit 7b516abdbe10cfe29fdd63113b9c686dfed31700
Author: Nick Schermer <n...@xfce.org>
Date: Sun Sep 16 20:31:11 2012 +0200
Update bad behaviour to 2.2.10.
---
include/bad-behavior/banned.inc.php | 2 ++
include/bad-behavior/blacklist.inc.php | 58 +++++++++++++++++++++++++++++--
include/bad-behavior/core.inc.php | 2 +-
include/bad-behavior/responses.inc.php | 1 +
include/bad-behavior/searchengine.inc.php | 2 +-
5 files changed, 61 insertions(+), 4 deletions(-)
diff --git a/include/bad-behavior/banned.inc.php
b/include/bad-behavior/banned.inc.php
index 476a366..29ce774 100644
--- a/include/bad-behavior/banned.inc.php
+++ b/include/bad-behavior/banned.inc.php
@@ -7,6 +7,8 @@ require_once(BB2_CORE . "/responses.inc.php");
function bb2_housekeeping($settings, $package)
{
+ if (!$settings['logging']) return;
+
// FIXME Yes, the interval's hard coded (again) for now.
$query = "DELETE FROM `" . $settings['log_table'] . "` WHERE `date` <
DATE_SUB('" . bb2_db_date() . "', INTERVAL 7 DAY)";
bb2_db_query($query);
diff --git a/include/bad-behavior/blacklist.inc.php
b/include/bad-behavior/blacklist.inc.php
index 36bc4c5..ba4554e 100644
--- a/include/bad-behavior/blacklist.inc.php
+++ b/include/bad-behavior/blacklist.inc.php
@@ -5,11 +5,11 @@ function bb2_blacklist($package) {
// Blacklisted user agents
// These user agent strings occur at the beginning of the line.
$bb2_spambots_0 = array(
- "<sc", // XSS exploit attempts
"8484 Boston Project", // video poker/porn spam
"adwords", // referrer spam
"autoemailspider", // spam harvester
"blogsearchbot-martin", // from honeypot
+ "BrowserEmulator/", // open proxy software
"CherryPicker", // spam harvester
"core-project/", // FrontPage extension exploits
"Diamond", // delivers spyware/adware
@@ -28,15 +28,21 @@ function bb2_blacklist($package) {
"Java/1.", // unidentified robots
"libwww-perl", // unidentified robots
"LWP", // unidentified robots
+ "lwp", // unidentified robots
+ "Microsoft Internet Explorer/", // too old; assumed robot
"Microsoft URL", // unidentified robots
"Missigua", // spam harvester
"MJ12bot/v1.0.8", // malicious botnet
"Movable Type", // customised spambots
"Mozilla ", // malicious software
+ "Mozilla/0", // malicious software
+ "Mozilla/1", // malicious software
"Mozilla/2", // malicious software
+ "Mozilla/3", // malicious software
"Mozilla/4.0(", // from honeypot
"Mozilla/4.0+(compatible;+", // suspicious harvester
"MSIE", // malicious software
+ "MVAClient", // automated hacking attempts
"NutchCVS", // unidentified robots
"Nutscrape/", // misc comment spam
"OmniExplorer", // spam harvester
@@ -61,6 +67,7 @@ function bb2_blacklist($package) {
// These user agent strings occur anywhere within the line.
$bb2_spambots = array(
"\r", // A really dumb bot
+ "<sc", // XSS exploit attempts
"; Widows ", // misc comment/email spam
"a href=", // referrer spam
"Bad Behavior Test", // Add this to your user-agent to test
BB
@@ -68,13 +75,17 @@ function bb2_blacklist($package) {
"compatible-", // misc comment/email spam
"DTS Agent", // misc comment/email spam
"Email Extractor", // spam harvester
+ "Firebird/", // too old; assumed robot
"Gecko/25", // revisit this in 500 years
"grub-client", // search engine ignores robots.txt
"hanzoweb", // very badly behaved crawler
+ "Havij", // SQL injection tool
"Indy Library", // misc comment/email spam
"MSIE 7.0; Windows NT 5.2", // Cyveillance
"Murzillo compatible", // comment spam bot
".NET CLR 1)", // free poker, etc.
+ ".NET CLR1", // spam harvester
+ "Perman Surfer", // old and very broken harvester
"POE-Component-Client", // free poker, etc.
"Turing Machine", // www.anonymizer.com abuse
"Ubuntu/9.25", // comment spam bot
@@ -83,12 +94,22 @@ function bb2_blacklist($package) {
"WebaltBot", // spam harvester
"WISEbot", // spam harvester
"WISEnutbot", // spam harvester
- "Windows NT 4.0;)", // wikispam bot
+ "Win95", // too old; assumed robot
+ "Win98", // too old; assumed robot
+ "WinME", // too old; assumed robot
+ "Win 9x 4.90", // too old; assumed robot
+ "Windows 3", // too old; assumed robot
+ "Windows 95", // too old; assumed robot
+ "Windows 98", // too old; assumed robot
+ "Windows NT 4", // too old; assumed robot
+ "Windows NT;", // too old; assumed robot
+ #"Windows NT 4.0;)", // wikispam bot
"Windows NT 5.0;)", // wikispam bot
"Windows NT 5.1;)", // wikispam bot
"Windows XP 5", // spam harvester
"WordPress/4.01", // pingback spam
"Xedant Human Emulator",// spammer script engine
+ "ZmEu", // exploit scanner
"\\\\)", // spam harvester
);
@@ -100,11 +121,38 @@ function bb2_blacklist($package) {
"/[bcdfghjklmnpqrstvwxz ]{8,}/",
// "/(;\){1,2}$/", // misc spammers/harvesters
// "/MSIE.*Windows XP/", // misc comment spam
+ "/MSIE [2345]/", // too old; assumed robot
+ );
+
+ // Blacklisted URL strings
+ // These strings are considered case-insensitive.
+ $bb2_spambots_url = array(
+ "0x31303235343830303536", // Havij
+ "../", // path traversal
+ "..\\", // path traversal
+ "%60information_schema%60", // SQL injection probe
+ "+%2F*%21", // SQL injection probe
+ "+and+%", // SQL injection probe
+ "+and+1%", // SQL injection probe
+ "+and+if", // SQL injection probe
+ "%27--", // SQL injection
+ "%27 --", // SQL injection
+ "%27%23", // SQL injection
+ "%27 %23", // SQL injection
+ "benchmark%28", // SQL injection probe
+ "insert+into+", // SQL injection
+ "r3dm0v3", // SQL injection probe
+ "select+1+from", // SQL injection probe
+ "union+all+select", // SQL injection probe
+ "union+select", // SQL injection probe
+ "waitfor+delay+", // SQL injection probe
+ "w00tw00t", // vulnerability scanner
);
// Do not edit below this line.
@$ua = $package['headers_mixed']['User-Agent'];
+ @$uri = $package['request_uri'];
foreach ($bb2_spambots_0 as $spambot) {
$pos = strpos($ua, $spambot);
@@ -125,5 +173,11 @@ function bb2_blacklist($package) {
}
}
+ foreach ($bb2_spambots_url as $spambot) {
+ if (stripos($uri, $spambot) !== FALSE) {
+ return "96c0bd29";
+ }
+ }
+
return FALSE;
}
diff --git a/include/bad-behavior/core.inc.php
b/include/bad-behavior/core.inc.php
index f9f1de1..7210d3a 100644
--- a/include/bad-behavior/core.inc.php
+++ b/include/bad-behavior/core.inc.php
@@ -1,5 +1,5 @@
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.2.7");
+define('BB2_VERSION', "2.2.10");
// Bad Behavior entry point is bb2_start()
// If you're reading this, you are probably lost.
diff --git a/include/bad-behavior/responses.inc.php
b/include/bad-behavior/responses.inc.php
index e1f094a..29ed90d 100644
--- a/include/bad-behavior/responses.inc.php
+++ b/include/bad-behavior/responses.inc.php
@@ -26,6 +26,7 @@ function bb2_get_response($key) {
'7ad04a8a' => array('response' => 400, 'explanation' => 'The
automated program you are using is not permitted to access this server. Please
use a different program or a standard Web browser.', 'log' => 'Prohibited
header \'Range\' present'),
'7d12528e' => array('response' => 403, 'explanation' => 'You do
not have permission to access this server.', 'log' => 'Prohibited header
\'Range\' or \'Content-Range\' in POST request'),
'939a6fbb' => array('response' => 403, 'explanation' => 'The
proxy server you are using is not permitted to access this server. Please
bypass the proxy server, or contact your proxy server administrator.', 'log' =>
'Banned proxy server in use'),
+ '96c0bd29' => array('response' => 403, 'explanation' => 'You do
not have permission to access this server.', 'log' => 'URL pattern found on
blacklist'),
'9c9e4979' => array('response' => 403, 'explanation' => 'The
proxy server you are using is not permitted to access this server. Please
bypass the proxy server, or contact your proxy server administrator.', 'log' =>
'Prohibited header \'via\' present'),
'a0105122' => array('response' => 417, 'explanation' =>
'Expectation failed. Please retry your request.', 'log' => 'Header \'Expect\'
prohibited; resend without Expect'),
'a1084bad' => array('response' => 403, 'explanation' => 'You do
not have permission to access this server.', 'log' => 'User-Agent claimed to be
MSIE, with invalid Windows version'),
diff --git a/include/bad-behavior/searchengine.inc.php
b/include/bad-behavior/searchengine.inc.php
index cf8a5e8..27858b7 100644
--- a/include/bad-behavior/searchengine.inc.php
+++ b/include/bad-behavior/searchengine.inc.php
@@ -20,7 +20,7 @@ function bb2_google($package)
function bb2_msnbot($package)
{
- if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14",
"207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15",
"157.60.0.0/16", "157.56.0.0/14")) === FALSE) {
+ if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14",
"207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15",
"157.60.0.0/16", "157.56.0.0/14", "131.253.21.0/24", "131.253.22.0/23",
"131.253.24.0/21", "131.253.32.0/20")) === FALSE) {
return "e4de0453";
}
# Disabled due to http://bugs.php.net/bug.php?id=53092
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
Xfce4-commits mailing list
Xfce4-commits@xfce.org
https://mail.xfce.org/mailman/listinfo/xfce4-commits
