function bb2_yahoo($package) { if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) { return "71436a15"; } return false; }
function bb2_msnbot($package) { if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14", "199.30.16.0/20", "131.253.24.0/21", "131.253.21.0/24", "131.253.22.0/23", "131.253.32.0/20")) === FALSE) { return "e4de0453"; } return false; }
function bb2_msnbot($package) { if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) { return "e4de0453"; } return false; }
function bb2_google($package) { if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE) { return "f1182195"; } return false; }
function bb2_whitelist($package) { $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini"); if (@(!empty($whitelists['ip']))) { foreach ($whitelists['ip'] as $range) { if (match_cidr($package['ip'], $range)) { return true; } } } if (@(!empty($whitelists['useragent']))) { foreach ($whitelists['useragent'] as $user_agent) { if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) { return true; } } } if (@(!empty($whitelists['url']))) { if (strpos($package['request_uri'], "?") === FALSE) { $request_uri = $package['request_uri']; } else { $request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?")); } foreach ($whitelists['url'] as $url) { if (!strcmp($request_uri, $url)) { return true; } } } return false; }
function bb2_reverse_proxy($settings, $headers_mixed) { # Detect if option is on when it should be off $header = uc_all($settings['reverse_proxy_header']); if (!array_key_exists($header, $headers_mixed)) { return false; } $addrs = @array_reverse(preg_split("/[\\s,]+/", $headers_mixed[$header])); # Skip our known reverse proxies and private addresses if (!empty($settings['reverse_proxy_addresses'])) { foreach ($addrs as $addr) { if (!match_cidr($addr, $settings['reverse_proxy_addresses']) && !is_rfc1918($addr)) { return $addr; } } } else { foreach ($addrs as $addr) { if (!is_rfc1918($addr)) { return $addr; } } } # If we got here, someone is playing a trick on us. return false; }
function bb2_google($package) { if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE && match_cidr($package['ip'], "203.208.32.0/19") === FALSE && match_cidr($package['ip'], "74.125.0.0/16") === FALSE && match_cidr($package['ip'], "216.239.32.0/19") === FALSE && match_cidr($package['ip'], "209.85.128.0/17") === FALSE) { return "f1182195"; } return false; }
function bb2_whitelist($package) { // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! // Inappropriate whitelisting WILL expose you to spam, or cause Bad // Behavior to stop functioning entirely! DO NOT WHITELIST unless you // are 100% CERTAIN that you should. // IP address ranges use the CIDR format. // Includes four examples of whitelisting by IP address and netblock. $bb2_whitelist_ip_ranges = array("64.191.203.34", "208.67.217.130", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"); // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! // Inappropriate whitelisting WILL expose you to spam, or cause Bad // Behavior to stop functioning entirely! DO NOT WHITELIST unless you // are 100% CERTAIN that you should. // You should not whitelist search engines by user agent. Use the IP // netblock for the search engine instead. See http://whois.arin.net/ // to locate the netblocks for an IP. // User agents are matched by exact match only. // Includes one example of whitelisting by user agent. // All are commented out. $bb2_whitelist_user_agents = array(); // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! // Inappropriate whitelisting WILL expose you to spam, or cause Bad // Behavior to stop functioning entirely! DO NOT WHITELIST unless you // are 100% CERTAIN that you should. // URLs are matched from the first / after the server name up to, // but not including, the ? (if any). // Includes two examples of whitelisting by URL. $bb2_whitelist_urls = array(); // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! // Do not edit below this line if (!empty($bb2_whitelist_ip_ranges)) { foreach ($bb2_whitelist_ip_ranges as $range) { if (match_cidr($package['ip'], $range)) { return true; } } } if (!empty($bb2_whitelist_user_agents)) { foreach ($bb2_whitelist_user_agents as $user_agent) { if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) { return true; } } } if (!empty($bb2_whitelist_urls)) { if (strpos($package['request_uri'], "?") === FALSE) { $request_uri = $package['request_uri']; } else { $request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?")); } foreach ($bb2_whitelist_urls as $url) { if (!strcmp($request_uri, $url)) { return true; } } } return false; }
function bb2_konqueror($package) { // CafeKelsa is a dev project at Yahoo which indexes job listings for // Yahoo! HotJobs. It identifies as Konqueror so we skip these checks. if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) { if (!array_key_exists('Accept', $package['headers_mixed'])) { return "17566707"; } } return false; }
function bb2_yahoo($package) { if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) { return '71436a15'; } # Disabled due to http://bugs.php.net/bug.php?id=53092 # if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) { # return "71436a15"; # } return false; }
function bb2_baidu($package) { if (@is_ipv6($package['ip'])) { return false; } # TODO if (match_cidr($package['ip'], array("119.63.192.0/21", "123.125.71.0/24", "180.76.0.0/16", "220.181.0.0/16")) === FALSE) { return false; # Soft fail, must pass other screening } return 1; # Real Baidu bot; bypass all other checks }
function match_cidr($addr, $cidr) { $output = false; if (is_array($cidr)) { foreach ($cidr as $cidrlet) { if (match_cidr($addr, $cidrlet)) { $output = true; } } } else { list($ip, $mask) = explode('/', $cidr); $mask = 4294967295.0 << 32 - $mask; $output = (ip2long($addr) & $mask) == (ip2long($ip) & $mask); } return $output; }
function match_cidr($addr, $cidr) { $output = false; if (is_array($cidr)) { foreach ($cidr as $cidrlet) { if (match_cidr($addr, $cidrlet)) { $output = true; } } } else { @(list($ip, $mask) = explode('/', $cidr)); if (!$mask) { $mask = 32; } $mask = pow(2, 32) - pow(2, 32 - $mask); $output = (ip2long($addr) & $mask) == (ip2long($ip) & $mask); } return $output; }
function bb2_whitelist($package) { // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! // Inappropriate whitelisting WILL expose you to spam, or cause Bad // Behavior to stop functioning entirely! DO NOT WHITELIST unless you // are 100% CERTAIN that you should. // IP address ranges use the CIDR format. // check for override file and use that to allow for customization for local setup if (file_exists(BADBEHAVIOR_PKG_PATH . 'whitelist_config_inc.php')) { include_once BADBEHAVIOR_PKG_PATH . 'whitelist_config_inc.php'; } else { // Includes four examples of whitelisting by IP address and netblock. $bb2_whitelist_ip_ranges = array("64.191.203.34", "208.67.217.130", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"); } // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! // Inappropriate whitelisting WILL expose you to spam, or cause Bad // Behavior to stop functioning entirely! DO NOT WHITELIST unless you // are 100% CERTAIN that you should. // You should not whitelist search engines by user agent. Use the IP // netblock for the search engine instead. See http://whois.arin.net/ // to locate the netblocks for an IP. // User agents are matched by exact match only. // Includes one example of whitelisting by user agent. // All are commented out. $bb2_whitelist_user_agents = array(); // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! // Do not edit below this line if (!empty($bb2_whitelist_ip_ranges)) { foreach ($bb2_whitelist_ip_ranges as $range) { if (match_cidr($package['ip'], $range)) { return true; } } } if (!empty($bb2_whitelist_user_agents)) { foreach ($bb2_whitelist_user_agents as $user_agent) { if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) { return true; } } } return false; }
function match_cidr($addr, $cidr) { $output = false; if (is_array($cidr)) { foreach ($cidr as $cidrlet) { if (match_cidr($addr, $cidrlet)) { $output = true; } } } else { $_parts = explode('/', $cidr); $ip = $_parts[0]; if (isset($_parts[1])) { $mask = $_parts[1]; } else { $mask = 32; } $mask = pow(2, 32) - pow(2, 32 - $mask); $output = (ip2long($addr) & $mask) == (ip2long($ip) & $mask); } return $output; }
function bb2_whitelist($package) { // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! // Inappropriate whitelisting WILL expose you to spam, or cause Bad // Behavior to stop functioning entirely! DO NOT WHITELIST unless you // are 100% CERTAIN that you should. // IP address ranges use the CIDR format. // Includes four examples of whitelisting by IP address and netblock. $bb2_whitelist_ip_ranges = array(); // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! // Inappropriate whitelisting WILL expose you to spam, or cause Bad // Behavior to stop functioning entirely! DO NOT WHITELIST unless you // are 100% CERTAIN that you should. // You should not whitelist search engines by user agent. Use the IP // netblock for the search engine instead. See http://whois.arin.net/ // to locate the netblocks for an IP. // User agents are matched by exact match only. // Includes one example of whitelisting by user agent. // All are commented out. $bb2_whitelist_user_agents = array(); // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! // Do not edit below this line if (!empty($bb2_whitelist_ip_ranges)) { foreach ($bb2_whitelist_ip_ranges as $range) { if (match_cidr($package['ip'], $range)) { return true; } } } if (!empty($bb2_whitelist_user_agents)) { foreach ($bb2_whitelist_user_agents as $user_agent) { if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) { return true; } } } return false; }
function bb2_run_whitelist($package) { # FIXME: Transitional, until port maintainters implement bb2_read_whitelist if (function_exists('bb2_read_whitelist')) { $whitelists = bb2_read_whitelist(); } else { $whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini"); } if (@(!empty($whitelists['ip']))) { foreach ($whitelists['ip'] as $range) { if (match_cidr($package['ip'], $range)) { return true; } } } if (@(!empty($whitelists['useragent']))) { foreach ($whitelists['useragent'] as $user_agent) { if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) { return true; } } } if (@(!empty($whitelists['url']))) { if (strpos($package['request_uri'], "?") === FALSE) { $request_uri = $package['request_uri']; } else { $request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?")); } foreach ($whitelists['url'] as $url) { $pos = strpos($request_uri, $url); if ($pos !== false && $pos == 0) { return true; } } } return false; }
function is_rfc1918($addr) { return match_cidr($addr, array("10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16")); }