Bad Behavior 1.2.2 has been released to address an issue which a few people have brought to my attention. Bad Behavior is the Web’s premier link spam killer, targeting automated spambots which post comment, trackback and referrer spam, as well as email harvesters.
In Bad Behavior 1.2.1, a new feature was implemented which blocked the IP address of a spammer for 48 hours. As it turns out, this is too long for some, too short for others. The new version takes a more balanced approach.
Now, if a spammer is blocked, its IP address is blocked for 10 minutes. If another attempt is received, the block is doubled to 20 minutes. And so on, without limit.
All attempts which are currently in the bad_behavior_log count toward this blocking, so changing the logging duration from the default of 7 days will have an effect on how effectively this new blocking works.
If you find yourself blocked by this version of Bad Behavior, do not try to reload the page for at least 10 minutes, in any browser. And, if you have such problems, don’t bother posting a comment; contact me directly instead. I read email much more frequently than the comments.
In addition, this version provides callback functions which you can implement (for instance, in another plugin) which are called upon each request which is either allowed through or blocked. You must return from the callback function, and you should not output anything. The functions are:
wp_bb_denied_callback($wp_bb_http_headers_mixed, $http_response, $denied_reason);
$wp_bb_http_headers_mixed is an associative array containing all of the HTTP headers for the request. $http_response contains the error code (403 or 412) logged to the database. And $denied_reason contains the text string logged to the database as to why the request was denied.
Please note that the callback functions currently work only on the MediaWiki port (and the Geeklog port, when Dirk gets around to it). They will work on WordPress and other platforms in a future release.
In addition, this version will block access attempts where there is no User-Agent field set, due to an increase in the amount of spam matching this profile. A very few legitimate bots fail to set the User-Agent; if you happen to use one, contact its author to have them fix it, and also place it on the whitelist.