function bb2_post($settings, $package) { // Check blackhole lists for known spam/malicious activity require_once BB2_CORE . "/blackhole.inc.php"; bb2_test($settings, $package, bb2_blackhole($package)); // MovableType needs specialized screening if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) { if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) { return "7d12528e"; } } // Trackbacks need special screening $request_entity = $package['request_entity']; if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) { require_once BB2_CORE . "/trackback.inc.php"; return bb2_trackback($package); } // Catch a few completely broken spambots foreach ($request_entity as $key => $value) { $pos = strpos($key, "\tdocument.write"); if ($pos !== FAlSE) { return "dfd9b1ad"; } } // Screen by cookie/JavaScript form add if (isset($_COOKIE[BB2_COOKIE])) { $screener1 = explode(" ", $_COOKIE[BB2_COOKIE]); } if (isset($_POST[BB2_COOKIE])) { $screener2 = explode(" ", $_POST[BB2_COOKIE]); } $screener = max($screener1[0], $screener2[0]); if ($screener > 0) { // Posting too fast? 5 sec // FIXME: even 5 sec is too intrusive // if ($screener + 5 > time()) // return "408d7e72"; // Posting too slow? 48 hr if ($screener + 172800 < time()) { return "b40c8ddc"; } // Screen by IP address $ip = ip2long($package['ip']); $ip_screener = ip2long($screener[1]); // FIXME: This is b0rked, but why? // if ($ip && $ip_screener && abs($ip_screener - $ip) > 256) // return "c1fa729b"; // Screen for user agent changes // User connected previously with blank user agent $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)"); // Damnit, too many ways for this to fail :( if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0) { return "799165c2"; } } return false; }
function bb2_post($package) { // MovableType needs specialized screening if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) { if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) { return "7d12528e"; } } // Trackbacks need special screening $request_entity = $package['request_entity']; if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) { require_once BB2_CORE . "/trackback.inc.php"; return bb2_trackback($package); } // Catch a few broken spambots if (isset($request_entity[' document.write(Math.round ('])) { return "dfd9b1ad"; } // Screen by cookie/JavaScript form add if (isset($_COOKIE[BB2_COOKIE])) { $screener1 = explode(" ", $_COOKIE[BB2_COOKIE]); } if (isset($_POST[BB2_COOKIE])) { $screener2 = explode(" ", $_POST[BB2_COOKIE]); } $screener = max($screener[0], $screener2[0]); if ($screener > 0) { // Posting too fast? 5 sec // FIXME: even 5 sec is too intrusive // if ($screener + 5 > time()) // return "408d7e72"; // Posting too slow? 48 hr if ($screener + 172800 < time()) { return "b40c8ddc"; } } // Screen by IP address $ip = ip2long($package['ip']); $ip_screener = ip2long($screener[1]); // FIXME: This is b0rked, but why? // if ($ip && $ip_screener && abs($ip_screener - $ip) > 256) // return "c1fa729b"; return false; // Screen for user agent changes $q = bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `http_headers` NOT LIKE '%User-Agent: %'"); if ($q !== FALSE) { return "799165c2"; } return false; }
function bb2_post($settings, $package) { // Check blackhole lists for known spam/malicious activity // require_once(BB2_CORE . "/blackhole.inc.php"); // if ($r = bb2_blackhole($package)) return $r; // MovableType needs specialized screening if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) { if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) { return "7d12528e"; } } // Trackbacks need special screening $request_entity = $package['request_entity']; if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) { return bb2_trackback($package); } // Catch a few completely broken spambots foreach ($request_entity as $key => $value) { $pos = strpos($key, "\tdocument.write"); if ($pos !== FALSE) { return "dfd9b1ad"; } } // If Referer exists, it should refer to a page on our site if (!$settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed'])) { $url = parse_url($package['headers_mixed']['Referer']); $url['host'] = preg_replace('|^www\\.|', '', $url['host']); $host = preg_replace('|^www\\.|', '', $package['headers_mixed']['Host']); # Strip port $host = preg_replace('|:\\d+$|', '', $host); if (strcasecmp($host, $url['host'])) { return "cd361abb"; } } // Screen by cookie/JavaScript form add if (isset($_COOKIE[BB2_COOKIE]) && !$settings['eu_cookie']) { $screener1 = explode(" ", $_COOKIE[BB2_COOKIE]); } else { $screener1 = array(0); } if (isset($_POST[BB2_COOKIE])) { $screener2 = explode(" ", $_POST[BB2_COOKIE]); } else { $screener2 = array(0); } $screener = max($screener1[0], $screener2[0]); if ($screener > 0) { // Posting too fast? 5 sec // FIXME: even 5 sec is too intrusive // if ($screener + 5 > time()) // return "408d7e72"; // Posting too slow? 48 hr if ($screener + 172800 < time()) { return "b40c8ddc"; } // Screen by IP address $ip = ip2long($package['ip']); $ip_screener = ip2long($screener[1]); // FIXME: This is b0rked, but why? // if ($ip && $ip_screener && abs($ip_screener - $ip) > 256) // return "c1fa729b"; if (!empty($package['headers_mixed']['X-Forwarded-For'])) { $ip = $package['headers_mixed']['X-Forwarded-For']; } // Screen for user agent changes // User connected previously with blank user agent // $q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)"); // Damnit, too many ways for this to fail :( // if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0) // return "799165c2"; } return false; }