function bb2_post($settings, $package)
{
// Check blackhole lists for known spam/malicious activity
require_once BB2_CORE . "/blackhole.inc.php";
bb2_test($settings, $package, bb2_blackhole($package));
// MovableType needs specialized screening
if (stripos($package['headers_mixed']['User-Agent'], "MovableType") !== FALSE) {
if (strcmp($package['headers_mixed']['Range'], "bytes=0-99999")) {
return "7d12528e";
}
}
// Trackbacks need special screening
$request_entity = $package['request_entity'];
if (isset($request_entity['title']) && isset($request_entity['url']) && isset($request_entity['blog_name'])) {
require_once BB2_CORE . "/trackback.inc.php";
return bb2_trackback($package);
}
// Catch a few completely broken spambots
foreach ($request_entity as $key => $value) {
$pos = strpos($key, "\tdocument.write");
if ($pos !== FAlSE) {
return "dfd9b1ad";
}
}
// Screen by cookie/JavaScript form add
if (isset($_COOKIE[BB2_COOKIE])) {
$screener1 = explode(" ", $_COOKIE[BB2_COOKIE]);
}
if (isset($_POST[BB2_COOKIE])) {
$screener2 = explode(" ", $_POST[BB2_COOKIE]);
}
$screener = max($screener1[0], $screener2[0]);
if ($screener > 0) {
// Posting too fast? 5 sec
// FIXME: even 5 sec is too intrusive
// if ($screener + 5 > time())
// return "408d7e72";
// Posting too slow? 48 hr
if ($screener + 172800 < time()) {
return "b40c8ddc";
}
// Screen by IP address
$ip = ip2long($package['ip']);
$ip_screener = ip2long($screener[1]);
// FIXME: This is b0rked, but why?
// if ($ip && $ip_screener && abs($ip_screener - $ip) > 256)
// return "c1fa729b";
// Screen for user agent changes
// User connected previously with blank user agent
$q = bb2_db_query("SELECT `ip` FROM " . $settings['log_table'] . " WHERE (`ip` = '" . $package['ip'] . "' OR `ip` = '" . $screener[1] . "') AND `user_agent` != '" . $package['user_agent'] . "' AND `date` > DATE_SUB('" . bb2_db_date() . "', INTERVAL 5 MINUTE)");
// Damnit, too many ways for this to fail :(
if ($q !== FALSE && $q != NULL && bb2_db_num_rows($q) > 0) {
return "799165c2";
}
}
return false;
}
function bb2_blacklist($settings, $package)
{
// Blacklisted user agents
// These user agent strings occur at the beginning of the line.
$bb2_spambots_0 = array("8484 Boston Project", "adwords", "autoemailspider", "blogsearchbot-martin", "BrowserEmulator/", "CherryPicker", "core-project/", "Diamond", "Digger", "ecollector", "EmailCollector", "Email Siphon", "EmailSiphon", "Forum Poster", "grub crawler", "HttpProxy", "Internet Explorer", "ISC Systems iRc", "Jakarta Commons", "Java 1.", "Java/1.", "libwww-perl", "LWP", "lwp", "Microsoft Internet Explorer/", "Microsoft URL", "Missigua", "MJ12bot/v1.0.8", "Morfeus", "Movable Type", "Mozilla/0", "Mozilla/1", "Mozilla/2", "Mozilla/3", "Mozilla/4.0(", "Mozilla/4.0+(compatible;+", "Mozilla/4.0 (Hydra)", "MSIE", "MVAClient", "Nessus", "NutchCVS", "Nutscrape/", "OmniExplorer", "Opera/9.64(", "PMAFind", "psycheclone", "PussyCat ", "PycURL", "Python-urllib", "revolt", "sqlmap/", "Super Happy Fun ", "TrackBack/", "user", "User Agent: ", "User-Agent: ", "w3af", "WebSite-X Suite", "Winnie Poh", "Wordpress", "\"");
// These user agent strings occur anywhere within the line.
$bb2_spambots = array("\r", "<sc", "; Widows ", "a href=", "Bad Behavior Test", "compatible ; MSIE", "compatible-", "DTS Agent", "Email Extractor", "Firebird/", "Gecko/2525", "grub-client", "hanzoweb", "Havij", "Indy Library", "Ming Mong", "MSIE 7.0; Windows NT 5.2", "Murzillo compatible", ".NET CLR 1)", ".NET CLR1", "Netsparker", "Nikto/", "Perman Surfer", "POE-Component-Client", "Teh Forest Lobster", "Turing Machine", "Ubuntu/9.25", "unspecified.mail", "User-agent: ", "WebaltBot", "WISEbot", "WISEnutbot", "Win95", "Win98", "WinME", "Win 9x 4.90", "Windows 3", "Windows 95", "Windows 98", "Windows NT 4", "Windows NT;", "Windows NT 5.0;)", "Windows NT 5.1;)", "Windows XP 5", "WordPress/4.01", "Xedant Human Emulator", "ZmEu", "\\\\)", "Bot Banned");
// These are regular expression matches.
$bb2_spambots_regex = array("/^[A-Z]{10}\$/", "/[bcdfghjklmnpqrstvwxz ]{8,}/", "/MSIE [2345]/");
// Blacklisted URL strings
// These strings are considered case-insensitive.
$bb2_spambots_url = array("0x31303235343830303536", "../", "..\\", "%60information_schema%60", "+%2F*%21", "+and+%", "+and+1%", "+and+if", "%27--", "%27--", "%27 --", "%27%23", "%27 %23", "benchmark%28", "insert+into+", "r3dm0v3", "select+1+from", "union+all+select", "union+select", "waitfor+delay+", "w00tw00t");
$bb2_spambot_refer = array("gamesthelife.tr.gg");
// Do not edit below this line.
@($ua = $package['headers_mixed']['User-Agent']);
@($uri = $package['request_uri']);
@($refer = $package['Referer']);
foreach ($bb2_spambots_0 as $spambot) {
$pos = strpos($ua, $spambot);
if ($pos !== FALSE && $pos == 0) {
return "17f4e8c8";
}
}
// custom check for known refers
foreach ($bb2_spambot_refer as $spambot) {
if (strpos($refer, $spambot) != FALSE) {
return "174e8c9";
}
}
foreach ($bb2_spambots as $spambot) {
if (strpos($ua, $spambot) !== FALSE) {
return "17f4e8c8";
}
}
foreach ($bb2_spambots_regex as $spambot) {
if (preg_match($spambot, $ua)) {
return "17f4e8c8";
}
}
foreach ($bb2_spambots_url as $spambot) {
if (stripos($uri, $spambot) !== FALSE) {
return "96c0bd29";
}
}
// do our DB check here
$ip = $package['ip'];
$sql = "SELECT * FROM " . $settings['ban_table'] . " WHERE ip = INET_ATON('" . bb2_db_escape($ip) . "')";
$result = bb2_db_query($sql);
if (bb2_db_num_rows($result) > 0) {
return "96c0bd30";
}
return FALSE;
}
/**
* Run a query and return the results, if any.
* Should return FALSE if an error occurred.
* Bad Behavior will use the return value here in other callbacks.
*
* @param string $query
* @return bool or int
*/
function bb2_db_query($query)
{
$db = database();
// First fix the horrors caused by bb's support of only mysql
// ok they are right its my horror :P
if (strpos($query, 'DATE_SUB') !== false) {
$query = 'DELETE FROM {db_prefix}log_badbehavior WHERE date < ' . (bb2_db_date() - 7 * 86400);
} elseif (strpos($query, 'OPTIMIZE TABLE') !== false) {
return true;
} elseif (strpos($query, '@@session.wait_timeout') !== false) {
return true;
}
// Run the query, return success, failure or the actual results
$result = $db->query('', $query, array());
if (!$result) {
return false;
} elseif ($result === true) {
return bb2_db_affected_rows() !== 0;
} elseif (bb2_db_num_rows($result) === 0) {
return false;
}
return bb2_db_rows($result);
}
