[Summary view] [Print] [Text view]

   1  <?php if (!defined('BB2_CORE')) die('I said no cheating!');
   2  
   3  // Enforce adherence to protocol version claimed by user-agent.
   4  
   5  function bb2_protocol($settings, $package)
   6  {
   7      // Always run this test; we should never see Expect:
   8      if (array_key_exists('Expect', $package['headers_mixed']) && stripos($package['headers_mixed']['Expect'], "100-continue") !== FALSE) {
   9          return "a0105122";
  10      }
  11  
  12      // Is it claiming to be HTTP/1.1?  Then it shouldn't do HTTP/1.0 things
  13      // Blocks some common corporate proxy servers in strict mode
  14      if ($settings['strict'] && !strcmp($package['server_protocol'], "HTTP/1.1")) {
  15          if (array_key_exists('Pragma', $package['headers_mixed']) && strpos($package['headers_mixed']['Pragma'], "no-cache") !== FALSE && !array_key_exists('Cache-Control', $package['headers_mixed'])) {
  16              return "41feed15";
  17          }
  18      }
  19      return false;
  20  }
  21  
  22  function bb2_cookies($settings, $package)
  23  {
  24      // Enforce RFC 2965 sec 3.3.5 and 9.1
  25      // Bots wanting new-style cookies should send Cookie2
  26      // FIXME: Amazon Kindle is broken; Amazon has been notified 9/24/08
  27      if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) {
  28          return '6c502ff1';
  29      }
  30      return false;
  31  }
  32  
  33  function bb2_misc_headers($settings, $package)
  34  {
  35      @$ua = $package['headers_mixed']['User-Agent'];
  36  
  37      if (!strcmp($package['request_method'], "POST") && empty($ua)) {
  38          return "f9f2b8b9";
  39      }
  40  
  41      // Broken spambots send URLs with various invalid characters
  42      // Some broken browsers send the #vector in the referer field :(
  43      // if (strpos($package['request_uri'], "#") !== FALSE || strpos($package['headers_mixed']['Referer'], "#") !== FALSE) {
  44      if (strpos($package['request_uri'], "#") !== FALSE) {
  45          return "dfd9b1ad";
  46      }
  47      // A pretty nasty SQL injection attack on IIS servers
  48      if (strpos($package['request_uri'], ";DECLARE%20@") !== FALSE) {
  49          return "dfd9b1ad";
  50      }
  51  
  52      // Range: field exists and begins with 0
  53      // Real user-agents do not start ranges at 0
  54      // NOTE: this blocks the whois.sc bot. No big loss.
  55      // Exceptions: MT (not fixable); LJ (refuses to fix; may be
  56      // blocked again in the future); Facebook
  57      if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
  58          if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11) && strncmp($ua, "facebookexternalhit", 19)) {
  59              return "7ad04a8a";
  60          }
  61      }
  62  
  63      // Content-Range is a response header, not a request header
  64      if (array_key_exists('Content-Range', $package['headers_mixed'])) {
  65          return '7d12528e';
  66      }
  67  
  68      // Lowercase via is used by open proxies/referrer spammers
  69      // Exceptions: Clearswift uses lowercase via (refuses to fix;
  70      // may be blocked again in the future)
  71      if (array_key_exists('via', $package['headers']) &&
  72          strpos($package['headers']['via'],'Clearswift') === FALSE &&
  73          strpos($ua,'CoralWebPrx') === FALSE) {
  74          return "9c9e4979";
  75      }
  76  
  77      // pinappleproxy is used by referrer spammers
  78      if (array_key_exists('Via', $package['headers_mixed'])) {
  79          if (stripos($package['headers_mixed']['Via'], "pinappleproxy") !== FALSE || stripos($package['headers_mixed']['Via'], "PCNETSERVER") !== FALSE || stripos($package['headers_mixed']['Via'], "Invisiware") !== FALSE) {
  80              return "939a6fbb";
  81          }
  82      }
  83  
  84      // TE: if present must have Connection: TE
  85      // RFC 2616 14.39
  86      // Blocks Microsoft ISA Server 2004 in strict mode. Contact Microsoft
  87      // to obtain a hotfix.
  88      if ($settings['strict'] && array_key_exists('Te', $package['headers_mixed'])) {
  89          if (!preg_match('/\bTE\b/', $package['headers_mixed']['Connection'])) {
  90              return "582ec5e4";
  91          }
  92      }
  93  
  94      if (array_key_exists('Connection', $package['headers_mixed'])) {
  95          // Connection: keep-alive and close are mutually exclusive
  96          if (preg_match('/\bKeep-Alive\b/i', $package['headers_mixed']['Connection']) && preg_match('/\bClose\b/i', $package['headers_mixed']['Connection'])) {
  97              return "a52f0448";
  98          }
  99          // Close shouldn't appear twice
 100          if (preg_match('/\bclose,\s?close\b/i', $package['headers_mixed']['Connection'])) {
 101              return "a52f0448";
 102          }
 103          // Keey-Alive shouldn't appear twice either
 104          if (preg_match('/\bkeep-alive,\s?keep-alive\b/i', $package['headers_mixed']['Connection'])) {
 105              return "a52f0448";
 106          }
 107          // Keep-Alive format in RFC 2068; some bots mangle these headers
 108          if (stripos($package['headers_mixed']['Connection'], "Keep-Alive: ") !== FALSE) {
 109              return "b0924802";
 110          }
 111          // Close should not be oddly capitalized
 112          
 113      }
 114      
 115  
 116      // Headers which are not seen from normal user agents; only malicious bots
 117      if (array_key_exists('X-Aaaaaaaaaaaa', $package['headers_mixed']) || array_key_exists('X-Aaaaaaaaaa', $package['headers_mixed'])) {
 118          return "b9cc1d86";
 119      }
 120      // Proxy-Connection does not exist and should never be seen in the wild
 121      if ($settings['strict'] && array_key_exists('Proxy-Connection', $package['headers_mixed'])) {
 122          return "b7830251";
 123      }
 124  
 125      if (array_key_exists('Referer', $package['headers_mixed'])) {
 126          // Referer, if it exists, must not be blank
 127          if (empty($package['headers_mixed']['Referer'])) {
 128              return "69920ee5";
 129          }
 130  
 131          // Referer, if it exists, must contain a :
 132          // While a relative URL is technically valid in Referer, all known
 133          // legit user-agents send an absolute URL
 134          if (strpos($package['headers_mixed']['Referer'], ":") === FALSE) {
 135              return "45b35e30";
 136          }
 137      }
 138      
 139      // "uk" is not a language (ISO 639) nor a country (ISO 3166)
 140      // oops, yes it is :( Please shoot any Ukrainian spammers you see.
 141  #    if (preg_match('/\buk\b/', $package['headers_mixed']['Accept-Language'])) {
 142  #        return "35ea7ffa";
 143  #    }
 144  
 145      return false;
 146  }
 147  
 148  ?>