function bb2_yahoo($package)
{
if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
return "71436a15";
}
return false;
}
function bb2_msnbot($package)
{
if (match_cidr($package['ip'], array("207.46.0.0/16", "65.52.0.0/14", "207.68.128.0/18", "207.68.192.0/20", "64.4.0.0/18", "157.54.0.0/15", "157.60.0.0/16", "157.56.0.0/14", "199.30.16.0/20", "131.253.24.0/21", "131.253.21.0/24", "131.253.22.0/23", "131.253.32.0/20")) === FALSE) {
return "e4de0453";
}
return false;
}
function bb2_msnbot($package)
{
if (match_cidr($package['ip'], "207.46.0.0/16") === FALSE && match_cidr($package['ip'], "65.52.0.0/14") === FALSE && match_cidr($package['ip'], "207.68.128.0/18") === FALSE && match_cidr($package['ip'], "207.68.192.0/20") === FALSE && match_cidr($package['ip'], "64.4.0.0/18") === FALSE) {
return "e4de0453";
}
return false;
}
function bb2_google($package)
{
if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE) {
return "f1182195";
}
return false;
}
function bb2_whitelist($package)
{
$whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
if (@(!empty($whitelists['ip']))) {
foreach ($whitelists['ip'] as $range) {
if (match_cidr($package['ip'], $range)) {
return true;
}
}
}
if (@(!empty($whitelists['useragent']))) {
foreach ($whitelists['useragent'] as $user_agent) {
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) {
return true;
}
}
}
if (@(!empty($whitelists['url']))) {
if (strpos($package['request_uri'], "?") === FALSE) {
$request_uri = $package['request_uri'];
} else {
$request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
}
foreach ($whitelists['url'] as $url) {
if (!strcmp($request_uri, $url)) {
return true;
}
}
}
return false;
}
function bb2_reverse_proxy($settings, $headers_mixed)
{
# Detect if option is on when it should be off
$header = uc_all($settings['reverse_proxy_header']);
if (!array_key_exists($header, $headers_mixed)) {
return false;
}
$addrs = @array_reverse(preg_split("/[\\s,]+/", $headers_mixed[$header]));
# Skip our known reverse proxies and private addresses
if (!empty($settings['reverse_proxy_addresses'])) {
foreach ($addrs as $addr) {
if (!match_cidr($addr, $settings['reverse_proxy_addresses']) && !is_rfc1918($addr)) {
return $addr;
}
}
} else {
foreach ($addrs as $addr) {
if (!is_rfc1918($addr)) {
return $addr;
}
}
}
# If we got here, someone is playing a trick on us.
return false;
}
function bb2_google($package)
{
if (match_cidr($package['ip'], "66.249.64.0/19") === FALSE && match_cidr($package['ip'], "64.233.160.0/19") === FALSE && match_cidr($package['ip'], "72.14.192.0/18") === FALSE && match_cidr($package['ip'], "203.208.32.0/19") === FALSE && match_cidr($package['ip'], "74.125.0.0/16") === FALSE && match_cidr($package['ip'], "216.239.32.0/19") === FALSE && match_cidr($package['ip'], "209.85.128.0/17") === FALSE) {
return "f1182195";
}
return false;
}
function bb2_whitelist($package)
{
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
// are 100% CERTAIN that you should.
// IP address ranges use the CIDR format.
// Includes four examples of whitelisting by IP address and netblock.
$bb2_whitelist_ip_ranges = array("64.191.203.34", "208.67.217.130", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16");
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
// are 100% CERTAIN that you should.
// You should not whitelist search engines by user agent. Use the IP
// netblock for the search engine instead. See http://whois.arin.net/
// to locate the netblocks for an IP.
// User agents are matched by exact match only.
// Includes one example of whitelisting by user agent.
// All are commented out.
$bb2_whitelist_user_agents = array();
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
// are 100% CERTAIN that you should.
// URLs are matched from the first / after the server name up to,
// but not including, the ? (if any).
// Includes two examples of whitelisting by URL.
$bb2_whitelist_urls = array();
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
// Do not edit below this line
if (!empty($bb2_whitelist_ip_ranges)) {
foreach ($bb2_whitelist_ip_ranges as $range) {
if (match_cidr($package['ip'], $range)) {
return true;
}
}
}
if (!empty($bb2_whitelist_user_agents)) {
foreach ($bb2_whitelist_user_agents as $user_agent) {
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) {
return true;
}
}
}
if (!empty($bb2_whitelist_urls)) {
if (strpos($package['request_uri'], "?") === FALSE) {
$request_uri = $package['request_uri'];
} else {
$request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
}
foreach ($bb2_whitelist_urls as $url) {
if (!strcmp($request_uri, $url)) {
return true;
}
}
}
return false;
}
function bb2_konqueror($package)
{
// CafeKelsa is a dev project at Yahoo which indexes job listings for
// Yahoo! HotJobs. It identifies as Konqueror so we skip these checks.
if (stripos($package['headers_mixed']['User-Agent'], "YahooSeeker/CafeKelsa") === FALSE || match_cidr($package['ip'], "209.73.160.0/19") === FALSE) {
if (!array_key_exists('Accept', $package['headers_mixed'])) {
return "17566707";
}
}
return false;
}
function bb2_yahoo($package)
{
if (match_cidr($package['ip'], array("202.160.176.0/20", "67.195.0.0/16", "203.209.252.0/24", "72.30.0.0/16", "98.136.0.0/14", "74.6.0.0/16")) === FALSE) {
return '71436a15';
}
# Disabled due to http://bugs.php.net/bug.php?id=53092
# if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
# return "71436a15";
# }
return false;
}
function bb2_baidu($package)
{
if (@is_ipv6($package['ip'])) {
return false;
}
# TODO
if (match_cidr($package['ip'], array("119.63.192.0/21", "123.125.71.0/24", "180.76.0.0/16", "220.181.0.0/16")) === FALSE) {
return false;
# Soft fail, must pass other screening
}
return 1;
# Real Baidu bot; bypass all other checks
}
function match_cidr($addr, $cidr)
{
$output = false;
if (is_array($cidr)) {
foreach ($cidr as $cidrlet) {
if (match_cidr($addr, $cidrlet)) {
$output = true;
}
}
} else {
list($ip, $mask) = explode('/', $cidr);
$mask = 4294967295.0 << 32 - $mask;
$output = (ip2long($addr) & $mask) == (ip2long($ip) & $mask);
}
return $output;
}
function match_cidr($addr, $cidr)
{
$output = false;
if (is_array($cidr)) {
foreach ($cidr as $cidrlet) {
if (match_cidr($addr, $cidrlet)) {
$output = true;
}
}
} else {
@(list($ip, $mask) = explode('/', $cidr));
if (!$mask) {
$mask = 32;
}
$mask = pow(2, 32) - pow(2, 32 - $mask);
$output = (ip2long($addr) & $mask) == (ip2long($ip) & $mask);
}
return $output;
}
function bb2_whitelist($package)
{
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
// are 100% CERTAIN that you should.
// IP address ranges use the CIDR format.
// check for override file and use that to allow for customization for local setup
if (file_exists(BADBEHAVIOR_PKG_PATH . 'whitelist_config_inc.php')) {
include_once BADBEHAVIOR_PKG_PATH . 'whitelist_config_inc.php';
} else {
// Includes four examples of whitelisting by IP address and netblock.
$bb2_whitelist_ip_ranges = array("64.191.203.34", "208.67.217.130", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16");
}
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
// are 100% CERTAIN that you should.
// You should not whitelist search engines by user agent. Use the IP
// netblock for the search engine instead. See http://whois.arin.net/
// to locate the netblocks for an IP.
// User agents are matched by exact match only.
// Includes one example of whitelisting by user agent.
// All are commented out.
$bb2_whitelist_user_agents = array();
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
// Do not edit below this line
if (!empty($bb2_whitelist_ip_ranges)) {
foreach ($bb2_whitelist_ip_ranges as $range) {
if (match_cidr($package['ip'], $range)) {
return true;
}
}
}
if (!empty($bb2_whitelist_user_agents)) {
foreach ($bb2_whitelist_user_agents as $user_agent) {
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) {
return true;
}
}
}
return false;
}
function match_cidr($addr, $cidr)
{
$output = false;
if (is_array($cidr)) {
foreach ($cidr as $cidrlet) {
if (match_cidr($addr, $cidrlet)) {
$output = true;
}
}
} else {
$_parts = explode('/', $cidr);
$ip = $_parts[0];
if (isset($_parts[1])) {
$mask = $_parts[1];
} else {
$mask = 32;
}
$mask = pow(2, 32) - pow(2, 32 - $mask);
$output = (ip2long($addr) & $mask) == (ip2long($ip) & $mask);
}
return $output;
}
function bb2_whitelist($package)
{
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
// are 100% CERTAIN that you should.
// IP address ranges use the CIDR format.
// Includes four examples of whitelisting by IP address and netblock.
$bb2_whitelist_ip_ranges = array();
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
// Inappropriate whitelisting WILL expose you to spam, or cause Bad
// Behavior to stop functioning entirely! DO NOT WHITELIST unless you
// are 100% CERTAIN that you should.
// You should not whitelist search engines by user agent. Use the IP
// netblock for the search engine instead. See http://whois.arin.net/
// to locate the netblocks for an IP.
// User agents are matched by exact match only.
// Includes one example of whitelisting by user agent.
// All are commented out.
$bb2_whitelist_user_agents = array();
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
// Do not edit below this line
if (!empty($bb2_whitelist_ip_ranges)) {
foreach ($bb2_whitelist_ip_ranges as $range) {
if (match_cidr($package['ip'], $range)) {
return true;
}
}
}
if (!empty($bb2_whitelist_user_agents)) {
foreach ($bb2_whitelist_user_agents as $user_agent) {
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) {
return true;
}
}
}
return false;
}
function bb2_run_whitelist($package)
{
# FIXME: Transitional, until port maintainters implement bb2_read_whitelist
if (function_exists('bb2_read_whitelist')) {
$whitelists = bb2_read_whitelist();
} else {
$whitelists = @parse_ini_file(dirname(BB2_CORE) . "/whitelist.ini");
}
if (@(!empty($whitelists['ip']))) {
foreach ($whitelists['ip'] as $range) {
if (match_cidr($package['ip'], $range)) {
return true;
}
}
}
if (@(!empty($whitelists['useragent']))) {
foreach ($whitelists['useragent'] as $user_agent) {
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) {
return true;
}
}
}
if (@(!empty($whitelists['url']))) {
if (strpos($package['request_uri'], "?") === FALSE) {
$request_uri = $package['request_uri'];
} else {
$request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], "?"));
}
foreach ($whitelists['url'] as $url) {
$pos = strpos($request_uri, $url);
if ($pos !== false && $pos == 0) {
return true;
}
}
}
return false;
}
function is_rfc1918($addr)
{
return match_cidr($addr, array("10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"));
}
