...
 
Commits (4)
......@@ -3,8 +3,8 @@ Tags: comment,trackback,referrer,spam,robot,antispam
Contributors: error
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
Requires at least: 3.5
Tested up to: 4.9.7
Stable tag: 2.2.22
Tested up to: 5.3.0
Stable tag: 2.2.24
Bad Behavior prevents spammers from ever delivering their junk, and in many
cases, from ever reading your site in the first place.
......@@ -72,7 +72,7 @@ the following:
include( './extensions/Bad-Behavior/bad-behavior-mediawiki.php' );
For complete documentation and installation instructions, please visit
http://bad-behavior.ioerror.us/
https://bad-behavior.ioerror.us/
== Screenshots ==
......
......@@ -16,7 +16,7 @@ You should have received a copy of the GNU Lesser General Public License along
with this program. If not, see <http://www.gnu.org/licenses/>.
Please report any problems to bad . bots AT ioerror DOT us
http://bad-behavior.ioerror.us/
https://bad-behavior.ioerror.us/
*/
###############################################################################
......@@ -134,7 +134,7 @@ function bb2_insert_stats($force = false) {
if ($force || $settings['display_stats']) {
$blocked = bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
if ($blocked !== FALSE) {
echo sprintf('<p><a href="http://bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
echo sprintf('<p><a href="https://bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
}
}
}
......
......@@ -16,7 +16,7 @@ You should have received a copy of the GNU Lesser General Public License along
with this program. If not, see <http://www.gnu.org/licenses/>.
Please report any problems to bad . bots AT ioerror DOT us
http://www.bad-behavior.ioerror.us/
https://www.bad-behavior.ioerror.us/
*/
###############################################################################
......@@ -186,7 +186,7 @@ $wgExtensionCredits['other'][] = array(
'version' => BB2_VERSION,
'author' => 'Michael Hampton',
'description' => 'Detects and blocks unwanted Web accesses',
'url' => 'http://bad-behavior.ioerror.us/'
'url' => 'https://bad-behavior.ioerror.us/'
);
$wgHooks['BeforePageDisplay'][] = 'bb2_mediawiki_timer';
......
......@@ -125,12 +125,12 @@ function bb2_manage() {
// Get query variables desired by the user with input validation
$paged = 0 + $_GET['paged']; if (!$paged) $paged = 1;
if ($_GET['key']) $where .= "AND `key` = '" . $wpdb->escape($_GET['key']) . "' ";
if ($_GET['key']) $where .= "AND `key` = '" . esc_sql($_GET['key']) . "' ";
if ($_GET['blocked']) $where .= "AND `key` != '00000000' ";
else if ($_GET['permitted']) $where .= "AND `key` = '00000000' ";
if ($_GET['ip']) $where .= "AND `ip` = '" . $wpdb->escape($_GET['ip']) . "' ";
if ($_GET['user_agent']) $where .= "AND `user_agent` = '" . $wpdb->escape($_GET['user_agent']) . "' ";
if ($_GET['request_method']) $where .= "AND `request_method` = '" . $wpdb->escape($_GET['request_method']) . "' ";
if ($_GET['ip']) $where .= "AND `ip` = '" . esc_sql($_GET['ip']) . "' ";
if ($_GET['user_agent']) $where .= "AND `user_agent` = '" . esc_sql($_GET['user_agent']) . "' ";
if ($_GET['request_method']) $where .= "AND `request_method` = '" . esc_sql($_GET['request_method']) . "' ";
// Query the DB based on variables selected
$r = bb2_db_query("SELECT COUNT(id) FROM `" . $settings['log_table']);
......@@ -151,7 +151,7 @@ function bb2_manage() {
?>
<h2><?php _e("Bad Behavior Log"); ?></h2>
<form method="post" action="<?php echo admin_url("tools.php?page=bb2_manage") ?>">
<p>For more information please visit the <a href="http://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
<p>For more information please visit the <a href="https://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
<p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options") ?>">Settings</a> | <a href="<?php echo admin_url("options-general.php?page=bb2_whitelist") ?>">Whitelist</a></p>
<div class="tablenav">
<?php
......@@ -204,7 +204,7 @@ Displaying all <strong><?php echo $totalcount; ?></strong> records<br/>
$host .= "<br/>\n";
}
echo "<td><a href=\"" . esc_url( add_query_arg("ip", $result["ip"], remove_query_arg("paged", $request_uri)) ) . "\">" . $result["ip"] . "</a><br/>$host<br/>\n" . $result["date"] . "<br/><br/><a href=\"" . esc_url( add_query_arg("key", $result["key"], remove_query_arg(array("paged", "blocked", "permitted"), $request_uri)) ) . "\">" . $key["log"] . "</a>\n";
if ($httpbl) echo "<br/><br/><a href=\"http://www.projecthoneypot.org/ip_{$result['ip']}\">http:BL</a>:<br/>$httpbl\n";
if ($httpbl) echo "<br/><br/><a href=\"https://www.projecthoneypot.org/ip_{$result['ip']}\">http:BL</a>:<br/>$httpbl\n";
echo "</td>\n";
$headers = str_replace("\n", "<br/>\n", htmlspecialchars($result['http_headers']));
if (@strpos($headers, $result['user_agent']) !== FALSE) $headers = substr_replace($headers, "<a href=\"" . esc_url( add_query_arg("user_agent", rawurlencode($result["user_agent"]), remove_query_arg("paged", $request_uri)) ) . "\">" . $result['user_agent'] . "</a>", strpos($headers, $result['user_agent']), strlen($result['user_agent']));
......@@ -274,7 +274,7 @@ function bb2_whitelist()
<h2><?php _e("Bad Behavior Whitelist"); ?></h2>
<form method="post" action="<?php echo admin_url("options-general.php?page=bb2_whitelist"); ?>">
<p>Inappropriate whitelisting WILL expose you to spam, or cause Bad Behavior to stop functioning entirely! DO NOT WHITELIST unless you are 100% CERTAIN that you should.</p>
<p>For more information please visit the <a href="http://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
<p>For more information please visit the <a href="https://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
<p>See also: <a href="<?php echo admin_url("options-general.php?page=bb2_options") ?>">Settings</a> | <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">Log</a></p>
<h3><?php _e('IP Address'); ?></h3>
......@@ -393,7 +393,7 @@ function bb2_options()
?>
<h2><?php _e("Bad Behavior"); ?></h2>
<form method="post" action="<?php echo admin_url("options-general.php?page=bb2_options"); ?>">
<p>For more information please visit the <a href="http://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
<p>For more information please visit the <a href="https://bad-behavior.ioerror.us/">Bad Behavior</a> homepage.</p>
<p>See also: <a href="<?php echo admin_url("tools.php?page=bb2_manage"); ?>">Log</a> | <a href="<?php echo admin_url("options-general.php?page=bb2_whitelist") ?>">Whitelist</a></p>
<h3><?php _e('Statistics'); ?></h3>
......@@ -416,7 +416,7 @@ function bb2_options()
</table>
<h3><?php _e('http:BL'); ?></h3>
<p>To use Bad Behavior's http:BL features you must have an <a href="http://www.projecthoneypot.org/httpbl_configure.php?rf=24694">http:BL Access Key</a>.</p>
<p>To use Bad Behavior's http:BL features you must have an <a href="https://www.projecthoneypot.org/httpbl_configure.php?rf=24694">http:BL Access Key</a>.</p>
<table class="form-table">
<tr><td><label><input type="text" size="12" maxlength="12" name="httpbl_key" value="<?php echo sanitize_text_field($settings['httpbl_key']); ?>" /> http:BL Access Key</label></td></tr>
<tr><td><label><input type="text" size="3" maxlength="3" name="httpbl_threat" value="<?php echo intval($settings['httpbl_threat']); ?>" /> Minimum Threat Level (25 is recommended)</label></td></tr>
......@@ -426,7 +426,8 @@ function bb2_options()
<h3><?php _e('Reverse Proxy/Load Balancer'); ?></h3>
<p>If you are using Bad Behavior behind a reverse proxy, load balancer, HTTP accelerator, content cache or similar technology, enable the Reverse Proxy option.</p>
<p>If you have a chain of two or more reverse proxies between your server and the public Internet, you must specify <em>all</em> of the IP address ranges (in CIDR format) of all of your proxy servers, load balancers, etc. Otherwise, Bad Behavior may be unable to determine the client's true IP address.</p>
<p>In addition, your reverse proxy servers must set the IP address of the Internet client from which they received the request in an HTTP header. If you don't specify a header, <a href="http://en.wikipedia.org/wiki/X-Forwarded-For">X-Forwarded-For</a> will be used. Most proxy servers already support X-Forwarded-For and you would then only need to ensure that it is enabled on your proxy servers. Some other header names in common use include <u>X-Real-Ip</u> (nginx) and <u>Cf-Connecting-Ip</u> (CloudFlare).</p>
<p>In addition, your reverse proxy servers must set the IP address of the Internet client from which they received the request in an HTTP header. If you don't specify a header, <a href="https://en.wikipedia.org/wiki/X-Forwarded-For">X-Forwarded-For</a> will be used. Most proxy servers already support X-Forwarded-For and you would then only need to ensure that it is enabled on your proxy servers. Some other header names in common use include <u>X-Real-Ip</u> (nginx) and <u>Cf-Connecting-Ip</u> (CloudFlare).</p>
<p>Note: This option is not required if reverse proxy IP address handing is configured in your web server, e.g. with Apache mod_remoteip or Nginx realip, but it is safe to enable it anyway if you are not sure about the web server configuration.</p>
<table class="form-table">
<tr><td><label><input type="checkbox" name="reverse_proxy" value="true" <?php if ($settings['reverse_proxy']) { ?>checked="checked" <?php } ?>/> <?php _e('Enable Reverse Proxy'); ?></label></td></tr>
<tr><td><label><input type="text" size="32" name="reverse_proxy_header" value="<?php echo sanitize_text_field($settings['reverse_proxy_header']); ?>" /> Header containing Internet clients' IP address</label></td></tr>
......
<?php
/*
Plugin Name: Bad Behavior
Version: 2.2.22
Version: 2.2.24
Description: Deny automated spambots access to your PHP-based Web site.
Plugin URI: http://bad-behavior.ioerror.us/
Plugin URI: https://bad-behavior.ioerror.us/
Author: Michael Hampton
Author URI: http://bad-behavior.ioerror.us/
Author URI: https://bad-behavior.ioerror.us/
License: LGPLv3
Bad Behavior - detects and blocks unwanted Web accesses
......@@ -24,7 +24,7 @@ You should have received a copy of the GNU Lesser General Public License along
with this program. If not, see <http://www.gnu.org/licenses/>.
Please report any problems to bad . bots AT ioerror DOT us
http://bad-behavior.ioerror.us/
https://bad-behavior.ioerror.us/
*/
###############################################################################
......@@ -161,7 +161,7 @@ function bb2_insert_stats($force = false) {
if ($force || $settings['display_stats']) {
$blocked = bb2_db_query("SELECT COUNT(*) FROM " . $settings['log_table'] . " WHERE `key` NOT LIKE '00000000'");
if ($blocked !== FALSE) {
echo sprintf('<p><a href="http://bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
echo sprintf('<p><a href="https://bad-behavior.ioerror.us/">%1$s</a> %2$s <strong>%3$s</strong> %4$s</p>', __('Bad Behavior'), __('has blocked'), $blocked[0]["COUNT(*)"], __('access attempts in the last 7 days.'));
}
}
if (@!empty($bb2_result)) {
......
......@@ -53,7 +53,7 @@ function bb2_display_denial($settings, $package, $key, $previous_key = false)
<?php echo htmlspecialchars($request_uri) ?> on this server.</p>
<p><?php echo $response['explanation']; ?></p>
<p>Your technical support key is: <strong><?php echo $support_key; ?></strong></p>
<p>You can use this key to <a href="http://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
<p>You can use this key to <a href="https://www.ioerror.us/bb2-support-key?key=<?php echo $support_key; ?>">fix this problem yourself</a>.</p>
<p>If you are unable to fix the problem yourself, please contact <a href="mailto:<?php echo htmlspecialchars(str_replace("@", "[email protected]", bb2_email())); ?>"><?php echo htmlspecialchars(str_replace("@", " at ", bb2_email())); ?></a> and be sure to provide the technical support key shown above.</p>
<?php
}
......
......@@ -6,7 +6,7 @@ require_once(BB2_CORE . "/roundtripdns.inc.php");
function bb2_cloudflare($package)
{
# Disabled due to http://bugs.php.net/bug.php?id=53092
# Disabled due to https://bugs.php.net/bug.php?id=53092
# if (!bb2_roundtripdns($package['cloudflare'], "cloudflare.com")) {
# return '70e45496';
# }
......
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
define('BB2_VERSION', "2.2.22");
define('BB2_VERSION', "2.2.24");
// Bad Behavior entry point is bb2_start()
// If you're reading this, you are probably lost.
......
......@@ -11,7 +11,7 @@ function bb2_google($package)
return false; # Soft fail, must pass other screening
#return "f1182195"; # Hard fail
}
# Disabled due to http://bugs.php.net/bug.php?id=53092
# Disabled due to https://bugs.php.net/bug.php?id=53092
# if (!bb2_roundtripdns($package['ip'], "googlebot.com")) {
# return "f1182195";
# }
......@@ -27,7 +27,7 @@ function bb2_msnbot($package)
return false; # Soft fail, must pass other screening
#return "e4de0453"; # Hard fail
}
# Disabled due to http://bugs.php.net/bug.php?id=53092
# Disabled due to https://bugs.php.net/bug.php?id=53092
# if (!bb2_roundtripdns($package['ip'], "msn.com")) {
# return "e4de0453";
# }
......@@ -43,7 +43,7 @@ function bb2_yahoo($package)
return false; # Soft fail, must pass other screening
#return '71436a15'; # Hard fail
}
# Disabled due to http://bugs.php.net/bug.php?id=53092
# Disabled due to https://bugs.php.net/bug.php?id=53092
# if (!bb2_roundtripdns($package['ip'], "crawl.yahoo.net")) {
# return "71436a15";
# }
......