TightURL

TightURL Git Source Tree

Root/bad-behavior/bad-behavior/common_tests.inc.php

1<?php if (!defined('BB2_CORE')) die('I said no cheating!');
2
3// Enforce adherence to protocol version claimed by user-agent.
4
5function bb2_protocol($settings, $package)
6{
7    // Is it claiming to be HTTP/1.0? Then it shouldn't do HTTP/1.1 things
8    // Always run this test; we should never see Expect:
9    if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
10        return "a0105122";
11    }
12
13    // Is it claiming to be HTTP/1.1? Then it shouldn't do HTTP/1.0 things
14    // Blocks some common corporate proxy servers in strict mode
15    if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) {
16        if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) {
17            return "41feed15";
18        }
19    }
20    return false;
21}
22
23function bb2_cookies($settings, $package)
24{
25    // Enforce RFC 2965 sec 3.3.5 and 9.1
26    // Bots wanting new-style cookies should send Cookie2
27    if (strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed'])) {
28        return '6c502ff1';
29    }
30    return false;
31}
32
33function bb2_misc_headers($settings, $package)
34{
35    @$ua = $package['headers_mixed']['User-Agent'];
36
37    if (!strcmp($package['request_method'], "POST") && empty($ua)) {
38        return "f9f2b8b9";
39    }
40
41    // Broken spambots send URLs with various invalid characters
42    // Some broken browsers send the #vector in the referer field :(
43    // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
44    if (strpos($package['request_uri'], "#") !== FALSE) {
45        return "dfd9b1ad";
46    }
47
48    // Range: field exists and begins with 0
49    // Real user-agents do not start ranges at 0
50    // NOTE: this blocks the whois.sc bot. No big loss.
51    // Exceptions: MT (not fixable); LJ (refuses to fix; may be
52    // blocked again in the future)
53    if (array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
54        if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11)) {
55            return "7ad04a8a";
56        }
57    }
58
59    // Content-Range is a response header, not a request header
60    if (array_key_exists('Content-Range', $package['headers_mixed'])) {
61        return '7d12528e';
62    }
63
64    // Lowercase via is used by open proxies/referrer spammers
65    // Exceptions: Clearswift uses lowercase via (refuses to fix;
66    // may be blocked again in the future)
67    if (array_key_exists('via', $package['headers']) &&
68        strpos($package['headers']['via'],'Clearswift') === FALSE) {
69        return "9c9e4979";
70    }
71
72    // pinappleproxy is used by referrer spammers
73    if (array_key_exists('Via', $package['headers_mixed'])) {
74        if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) {
75            return "939a6fbb";
76        }
77    }
78
79    // TE: if present must have Connection: TE
80    // RFC 2616 14.39
81    // Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft
82    // to obtain a hotfix.
83    if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed'])) {
84        if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection'])) {
85            return "582ec5e4";
86        }
87    }
88
89    if (array_key_exists('Connection', $package['headers_mixed'])) {
90        // Connection: keep-alive and close are mutually exclusive
91        if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection'])) {
92            return "a52f0448";
93        }
94        // Close shouldn't appear twice
95        if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection'])) {
96            return "a52f0448";
97        }
98        // Keey-Alive shouldn't appear twice either
99        if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
100            return "a52f0448";
101        }
102    }
103    
104
105    // Headers which are not seen from normal user agents; only malicious bots
106    if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed'])) {
107        return "b9cc1d86";
108    }
109    // Proxy-Connection does not exist and should never be seen in the wild
110    if (array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
111        return "b7830251";
112    }
113
114    if (array_key_exists('Referer', $package['headers_mixed'])) {
115        // Referer, if it exists, must not be blank
116        if (empty($package['headers_mixed'])) {
117            return "69920ee5";
118        }
119
120        // Referer, if it exists, must contain a :
121        // While a relative URL is technically valid in Referer, all known
122        // legit user-agents send an absolute URL
123        if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
124            return "45b35e30";
125        }
126    }
127    
128    // "uk" is not a language (ISO 639) nor a country (ISO 3166)
129    // oops, yes it is :( Please shoot any Ukrainian spammers you see.
130# if (preg_match('/\buk\b/', $package['headers_mixed']['Accept-Language'])) {
131# return "35ea7ffa";
132# }
133
134    return false;
135}
136
137?>
138

Archive Download this file

Branches