function bb2_display_denial($settings, $key, $previous_key = false)
{
if (!$previous_key) {
$previous_key = $key;
}
if ($key == "e87553e1") {
// FIXME: lookup the real key
}
// Create support key
$ip = explode(".", $_SERVER['REMOTE_ADDR']);
$ip_hex = "";
foreach ($ip as $octet) {
$ip_hex .= str_pad(dechex($octet), 2, 0, STR_PAD_LEFT);
}
$support_key = implode("-", str_split("{$ip_hex}{$key}", 4));
// Get response data
$response = bb2_get_response($previous_key);
header("HTTP/1.1 " . $response['response'] . " Bad Behavior");
header("Status: " . $response['response'] . " Bad Behavior");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>HTTP Error <?php
echo $response['response'];
?>
</title>
</head>
<body>
<h1>Error <?php
echo $response['response'];
?>
</h1>
<p>We're sorry, but we could not fulfill your request for
<?php
echo htmlspecialchars($_SERVER['REQUEST_URI']);
?>
on this server.</p>
<p><?php
echo $response['explanation'];
?>
</p>
<p>Your technical support key is: <strong><?php
echo $support_key;
?>
</strong></p>
<p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php
echo $support_key;
?>
">fix this problem yourself</a>.</p>
<p>If you are unable to fix the problem yourself, please contact <a href="mailto:<?php
echo htmlspecialchars(str_replace("@", "+nospam@nospam.", bb2_email()));
?>
"><?php
echo htmlspecialchars(str_replace("@", " at ", bb2_email()));
?>
</a> and be sure to provide the technical support key shown above.</p>
<?php
}
<?php
$title = "Service Abusers";
require 'bad-behavior/responses.inc.php';
if ($loguser['powerlevel'] < 3) {
Kill('No.');
}
echo "\n\t<table class=\"outline margin width100\">\n\t\t<tr class=\"header0\">\n\t\t\t<th>\n\t\t\t\tDate\n\t\t\t</th>\n\t\t\t<th>\n\t\t\t\tIP\n\t\t\t</th>\n\t\t\t<th>\n\t\t\t\tRequest\n\t\t\t</th>\n\t\t\t<th>\n\t\t\t\tKey\n\t\t\t</th>\n\t\t</tr>\n";
$abusers = query('SELECT * FROM {bad_behavior} ORDER BY `date` DESC');
while ($abuser = fetch($abusers)) {
$date = formatdate(strtotime($abuser['date']));
$response = bb2_get_response($abuser['key']);
echo "\n\t\t<tr class=\"cell0\">\n\t\t\t<td>\n\t\t\t\t{$date}\n\t\t\t</td>\n\t\t\t<td>\n\t\t\t\t" . formatIP($abuser['ip']) . "\n\t\t\t</td>\n\t\t\t<td>\n\t\t\t\t<pre style='white-space:pre-wrap'>" . htmlspecialchars(preg_replace('/logsession=\\w+/', 'logsession=?????', $abuser['http_headers'])) . "</pre>\n\t\t\t</td>\n\t\t\t<td>\n\t\t\t\t<abbr title=\"" . htmlspecialchars($response['log']) . "\">{$abuser['key']}</abbr>\n\t\t\t</td>\n\t\t</tr>\n";
}
echo "\n\t</table>\n";
/**
* Gets the badbehavior log entries that match the specified parameters.
*
* @package BadBehavior
* @param int $start
* @param int $items_per_page
* @param string $sort
* @param string|mixed[]|null $filter
*/
function getBadBehaviorLogEntries($start, $items_per_page, $sort, $filter = '')
{
global $scripturl;
$db = database();
require_once EXTDIR . '/bad-behavior/bad-behavior/responses.inc.php';
$bb_entries = array();
$request = $db->query('', '
SELECT id, ip, date, request_method, request_uri, server_protocol, http_headers, user_agent, request_entity, valid, id_member, session
FROM {db_prefix}log_badbehavior' . (!empty($filter) ? '
WHERE ' . $filter['variable'] . ' LIKE {string:filter}' : '') . '
ORDER BY id ' . ($sort === 'down' ? 'DESC' : '') . '
LIMIT ' . $start . ', ' . $items_per_page, array('filter' => !empty($filter) ? $filter['value']['sql'] : ''));
for ($i = 0; $row = $db->fetch_assoc($request); $i++) {
// Turn the key in to something nice to show
$key_response = bb2_get_response($row['valid']);
// Prevent undefined errors and log ..
if (isset($key_response[0]) && $key_response[0] == '00000000') {
$key_response['response'] = '';
$key_response['explanation'] = '';
$key_response['log'] = '';
}
$bb_entries[$row['id']] = array('alternate' => $i % 2 == 0, 'ip' => $row['ip'], 'request_method' => $row['request_method'], 'server_protocol' => $row['server_protocol'], 'user_agent' => array('html' => $row['user_agent'], 'href' => base64_encode($db->escape_wildcard_string($row['user_agent']))), 'request_entity' => $row['request_entity'], 'valid' => array('code' => $row['valid'], 'response' => $key_response['response'], 'explanation' => $key_response['explanation'], 'log' => $key_response['log']), 'member' => array('id' => $row['id_member'], 'ip' => $row['ip'], 'session' => $row['session']), 'time' => standardTime($row['date']), 'html_time' => htmlTime($row['date']), 'timestamp' => forum_time(true, $row['date']), 'request_uri' => array('html' => htmlspecialchars((substr($row['request_uri'], 0, 1) === '?' ? $scripturl : '') . $row['request_uri'], ENT_COMPAT, 'UTF-8'), 'href' => base64_encode($db->escape_wildcard_string($row['request_uri']))), 'http_headers' => array('html' => str_replace("\n", '<br />', $row['http_headers']), 'href' => '#'), 'id' => $row['id']);
}
$db->free_result($request);
return $bb_entries;
}
function bb2_insert_stats($force = false)
{
$settings = bb2_read_settings();
global $CONF;
if ($force || $settings['display_stats']) {
//$blocked = bb2_db_query("SELECT COUNT(*) as blocks FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
$blocked = sql_num_rows(sql_query("SELECT id FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'"));
if ($blocked !== FALSE) {
require_once BB2_CORE . "/responses.inc.php";
echo sprintf('<p><a href="http://www.bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', 'Bad Behavior', 'has blocked', $blocked, 'access attempts in the last 7 days.');
$res = sql_query("SELECT `key`, COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000' GROUP BY `key`");
echo "<table>\n";
echo "<tr><th>Count</th><th>Key</th><th>Response</th><th>Explanation</th><th>Log</th><th>Details</th></tr>\n";
while ($row = sql_fetch_assoc($res)) {
$response = bb2_get_response($row['key']);
echo "<tr>\n";
echo "<td>" . $row['COUNT(*)'] . "</td>\n";
echo "<td>" . $row['key'] . "</td>\n";
echo "<td>" . $response['response'] . "</td>\n";
echo "<td>" . $response['explanation'] . "</td>\n";
echo "<td>" . $response['log'] . "</td>\n";
echo "<td>\n";
echo '<form method="post" action="' . $CONF['PluginURL'] . 'badbehavior/index.php">' . "\n";
echo '<input type="hidden" name="tname" value="' . sql_table('bad_behavior') . '" />' . "\n";
echo '<input type="hidden" name="showlist" value="logs" />' . "\n";
echo '<input type="hidden" name="fname" value="key" />' . "\n";
echo '<input type="hidden" name="oname" value="like" />' . "\n";
echo '<input type="hidden" name="iname" value="' . $row['key'] . '" />' . "\n";
echo '<input type="submit" value="View" class="formbutton" /></form>' . "\n";
echo "</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
}
}
}
function _lookup($key)
{
global $ID;
global $conf;
global $lang;
print $this->locale_xhtml('lookup');
$code = str_replace('-', '', $key);
$ip = hexdec(substr($code, 0, 2)) . '.' . hexdec(substr($code, 2, 2)) . '.' . hexdec(substr($code, 4, 2)) . '.' . hexdec(substr($code, 6, 2));
$code = substr($code, 8);
$resp = bb2_get_response($code);
printf('<p>' . $this->getLang('lkpresult') . '</p>', $ip, $resp['log'], $resp['explanation'], hsc($key));
printf('<p>' . $this->getLang('lkplist') . '</p>', 7);
$lines = preg_grep('/' . preg_quote($ip) . '/', $this->_readlines());
if (count($lines)) {
echo '<table class="inline">';
foreach ($lines as $line) {
$fields = explode("\t", $line);
$resp = bb2_get_response($fields[6]);
echo '<tr>';
echo '<td>' . strftime($conf['dformat'], $fields[0]) . '</td>';
echo '<td>' . hsc($fields[1]) . '</td>';
echo '<td>' . hsc($fields[2]) . '</td>';
echo '<td>' . hsc($fields[3]) . '</td>';
echo '<td>' . hsc($fields[4]) . '</td>';
echo '<td>' . hsc($fields[5]) . '</td>';
echo '<td>' . $resp['log'] . '</td>';
echo '</tr>';
}
echo '</table>';
} else {
echo '<p><i>' . $lang['nothingfound'] . '</i></p>';
}
}
function bb2_manage()
{
global $wpdb;
$request_uri = $_SERVER["REQUEST_URI"];
if (!$request_uri) {
$request_uri = $_SERVER['SCRIPT_NAME'];
}
# IIS
$settings = bb2_read_settings();
$rows_per_page = 100;
$where = "";
// Get query variables desired by the user with input validation
$paged = 0 + $_GET['paged'];
if (!$paged) {
$paged = 1;
}
if ($_GET['key']) {
$where .= "AND `key` = '" . $wpdb->escape($_GET['key']) . "' ";
}
if ($_GET['blocked']) {
$where .= "AND `key` != '00000000' ";
} else {
if ($_GET['permitted']) {
$where .= "AND `key` = '00000000' ";
}
}
if ($_GET['ip']) {
$where .= "AND `ip` = '" . $wpdb->escape($_GET['ip']) . "' ";
}
if ($_GET['user_agent']) {
$where .= "AND `user_agent` = '" . $wpdb->escape($_GET['user_agent']) . "' ";
}
if ($_GET['request_method']) {
$where .= "AND `request_method` = '" . $wpdb->escape($_GET['request_method']) . "' ";
}
// Query the DB based on variables selected
$r = bb2_db_query("SELECT COUNT(id) FROM `" . $settings['log_table']);
$results = bb2_db_rows($r);
$totalcount = $results[0]["COUNT(id)"];
$r = bb2_db_query("SELECT COUNT(id) FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where);
$results = bb2_db_rows($r);
$count = $results[0]["COUNT(id)"];
$pages = ceil($count / 100);
$r = bb2_db_query("SELECT * FROM `" . $settings['log_table'] . "` WHERE 1=1 " . $where . "ORDER BY `date` DESC LIMIT " . ($paged - 1) * $rows_per_page . "," . $rows_per_page);
$results = bb2_db_rows($r);
// Display rows to the user
?>
<div class="wrap">
<?php
echo bb2_donate_button(admin_url("tools.php?page=bb2_manage"));
?>
<h2><?php
_e("Bad Behavior Log");
?>
</h2>
<form method="post" action="<?php
echo admin_url("tools.php?page=bb2_manage");
?>
">
<p>For more information please visit the <a href="http://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
<p>See also: <a href="<?php
echo admin_url("options-general.php?page=bb2_options");
?>
">Settings</a> | <a href="<?php
echo admin_url("options-general.php?page=bb2_whitelist");
?>
">Whitelist</a></p>
<div class="tablenav">
<?php
$page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
if ($page_links) {
echo "<div class=\"tablenav-pages\">{$page_links}</div>\n";
}
?>
<div class="alignleft">
<?php
if ($count < $totalcount) {
?>
Displaying <strong><?php
echo $count;
?>
</strong> of <strong><?php
echo $totalcount;
?>
</strong> records filtered by:<br/>
<?php
if ($_GET['key']) {
echo "Status [<a href=\"" . esc_url(remove_query_arg(array("paged", "key"), $request_uri)) . "\">X</a>] ";
}
if ($_GET['blocked']) {
echo "Blocked [<a href=\"" . esc_url(remove_query_arg(array("paged", "blocked", "permitted"), $request_uri)) . "\">X</a>] ";
}
if ($_GET['permitted']) {
echo "Permitted [<a href=\"" . esc_url(remove_query_arg(array("paged", "blocked", "permitted"), $request_uri)) . "\">X</a>] ";
}
if ($_GET['ip']) {
echo "IP [<a href=\"" . esc_url(remove_query_arg(array("paged", "ip"), $request_uri)) . "\">X</a>] ";
}
if ($_GET['user_agent']) {
echo "User Agent [<a href=\"" . esc_url(remove_query_arg(array("paged", "user_agent"), $request_uri)) . "\">X</a>] ";
}
if ($_GET['request_method']) {
echo "GET/POST [<a href=\"" . esc_url(remove_query_arg(array("paged", "request_method"), $request_uri)) . "\">X</a>] ";
}
} else {
?>
Displaying all <strong><?php
echo $totalcount;
?>
</strong> records<br/>
<?php
}
if (!$_GET['key'] && !$_GET['blocked']) {
?>
<a href="<?php
echo esc_url(add_query_arg(array("blocked" => "1", "permitted" => "0", "paged" => false), $request_uri));
?>
">Show Blocked</a> <?php
}
if (!$_GET['key'] && !$_GET['permitted']) {
?>
<a href="<?php
echo esc_url(add_query_arg(array("permitted" => "1", "blocked" => "0", "paged" => false), $request_uri));
?>
">Show Permitted</a> <?php
}
?>
</div>
</div>
<table class="widefat">
<thead>
<tr>
<th scope="col" class="check-column"><input type="checkbox" onclick="checkAll(document.getElementById('request-filter'));" /></th>
<th scope="col"><?php
_e("IP/Date/Status");
?>
</th>
<th scope="col"><?php
_e("Headers");
?>
</th>
<th scope="col"><?php
_e("Entity");
?>
</th>
</tr>
</thead>
<tbody>
<?php
$alternate = 0;
if ($results) {
foreach ($results as $result) {
$key = bb2_get_response($result["key"]);
$alternate++;
if ($alternate % 2) {
echo "<tr id=\"request-" . $result["id"] . "\" valign=\"top\">\n";
} else {
echo "<tr id=\"request-" . $result["id"] . "\" class=\"alternate\" valign=\"top\">\n";
}
echo "<th scope=\"row\" class=\"check-column\"><input type=\"checkbox\" name=\"submit[]\" value=\"" . $result["id"] . "\" /></th>\n";
$httpbl = bb2_httpbl_lookup($result["ip"]);
$host = @gethostbyaddr($result["ip"]);
if (!strcmp($host, $result["ip"])) {
$host = "";
} else {
$host .= "<br/>\n";
}
echo "<td><a href=\"" . esc_url(add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri))) . "\">" . $result["ip"] . "</a><br/>{$host}<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . esc_url(add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked", "permitted"), $request_uri))) . "\">" . $key["log"] . "</a>\n";
if ($httpbl) {
echo "<br/><br/><a href=\"http://www.projecthoneypot.org/ip_{$result['ip']}\">http:BL</a>:<br/>{$httpbl}\n";
}
echo "</td>\n";
$headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
if (@strpos($headers, $result['user_agent']) !== FALSE) {
$headers = substr_replace($headers, "<a href=\"" . esc_url(add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri))) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
}
if (@strpos($headers, $result['request_method']) !== FALSE) {
$headers = substr_replace($headers, "<a href=\"" . esc_url(add_query_arg("request_method", rawurlencode($result["request_method"]), remove_query_arg("paged", $request_uri))) . "\">" . $result['request_method'] . "</a>", strpos($headers, $result['request_method']), strlen($result['request_method']));
}
echo "<td>{$headers}</td>\n";
echo "<td>" . str_replace("\n", "<br/>\n", htmlspecialchars($result["request_entity"])) . "</td>\n";
echo "</tr>\n";
}
}
?>
</tbody>
</table>
<div class="tablenav">
<?php
$page_links = paginate_links(array('base' => add_query_arg("paged", "%#%"), 'format' => '', 'total' => $pages, 'current' => $paged));
if ($page_links) {
echo "<div class=\"tablenav-pages\">{$page_links}</div>\n";
}
?>
<div class="alignleft">
</div>
</div>
</form>
</div>
<?php
}
