Lunacy Unleashed

Notes from the field in the War on Spam

Bad Behavior 1.2.2

Make a Donation.

Bad Behavior 1.2.2 has been released to address an issue which a few people have brought to my attention. Bad Behavior is the Web’s premier link spam killer, targeting automated spambots which post comment, trackback and referrer spam, as well as email harvesters.

In Bad Behavior 1.2.1, a new feature was implemented which blocked the IP address of a spammer for 48 hours. As it turns out, this is too long for some, too short for others. The new version takes a more balanced approach.

Now, if a spammer is blocked, its IP address is blocked for 10 minutes. If another attempt is received, the block is doubled to 20 minutes. And so on, without limit.

All attempts which are currently in the bad_behavior_log count toward this blocking, so changing the logging duration from the default of 7 days will have an effect on how effectively this new blocking works.

If you find yourself blocked by this version of Bad Behavior, do not try to reload the page for at least 10 minutes, in any browser. And, if you have such problems, don’t bother posting a comment; contact me directly instead. I read email much more frequently than the comments. :)

In addition, this version provides callback functions which you can implement (for instance, in another plugin) which are called upon each request which is either allowed through or blocked. You must return from the callback function, and you should not output anything. The functions are:

wp_bb_approved_callback($wp_bb_http_headers_mixed);
wp_bb_denied_callback($wp_bb_http_headers_mixed, $http_response, $denied_reason);

$wp_bb_http_headers_mixed is an associative array containing all of the HTTP headers for the request. $http_response contains the error code (403 or 412) logged to the database. And $denied_reason contains the text string logged to the database as to why the request was denied.

Please note that the callback functions currently work only on the MediaWiki port (and the Geeklog port, when Dirk gets around to it). They will work on WordPress and other platforms in a future release.

In addition, this version will block access attempts where there is no User-Agent field set, due to an increase in the amount of spam matching this profile. A very few legitimate bots fail to set the User-Agent; if you happen to use one, contact its author to have them fix it, and also place it on the whitelist.

Download Bad Behavior now!

About these ads

September 23, 2005 - Posted by | Bad Behavior, Blog Spam, WordPress

13 Comments

  1. The value for “How long to keep the logs around” now mentions “Lowering this may have profound negative effects!” The default is 7, but I prefer to set mine to 2. Would you please explain how this may have profound negative effects?

    Comment by MacManX | September 23, 2005

  2. MacManX, I already did explain it. If you lower the logging duration, you’re going to get more spam.

    Now, if a spammer is blocked, its IP address is blocked for 10 minutes. If another attempt is received, the block is doubled to 20 minutes. And so on, without limit.

    All attempts which are currently in the bad_behavior_log count toward this blocking, so changing the logging duration from the default of 7 days will have an effect on how effectively this new blocking works. — IO ERROR

    There’s little good reason to lower the logging duration anyway, unless you’re severely tight on disk space. If you are, hard drives are cheap. :) So are better web hosts.

    Comment by Michael Hampton | September 23, 2005

  3. I’m sorry, I must have glossed over that part. I was just trying to see if there was a more “profound negative effect” than “you’re going to get more spam”, because with my current 2 day log setup, I get no spam. It’s not a hosting issue, I’m only using 2% of my space, I just like to keep my logs small and my database backups smaller.

    Comment by MacManX | September 23, 2005

  4. Upgraded wordpress.com, thanks MIchael!

    Comment by Donncha | September 23, 2005

  5. [...] 20 minutes. And so on, without limit. Technorati Tags: Spam WordPress BadBehavior | Permalink | Trackback-URL  [...]

    Pingback by Basic Thinking Blog » Bad Behavior Update auf 1.2.2. | September 24, 2005

  6. [...] If you are a fan of the wonderful comment spam plugin Bad Behavior, the WordPress Plugin with “gives the finger to spammers and bots not on good behavior”, then get excited because ioerror has released a new version! [...]

    Pingback by Lorelle on WordPress » Bad Behavior - Updated New Release | September 24, 2005

  7. The Drupal Badbehaviour module has been tested against this new release, which also fixes a minor issue with compatability with the glossary module. Rcommended upgrade.

    Comment by David | September 25, 2005

  8. Hi,

    I’m having a terrible time with bad behavior. I believe that I’ve followed the installation instructions to the letter but the plugin is not showing up in my admin plugin area on wordpress. Do you have any help you could give me?

    thanks,

    nancy

    Comment by saint eyebeat | September 28, 2005

  9. There’s plenty of help I could give you. It sounds like you didn’t get the files uploaded to the right folder on your server. Transfer the entire bad-behavior folder from the zip file to your wp-content/plugins folder on your server, so that there is then a wp-content/plugins/bad-behavior folder containing all of the Bad Behavior files.

    Comment by Michael Hampton | September 28, 2005

  10. Michael: Thanks for the great plugin which I’ve been using for a few months now. I was using an earlier version of BB until tonight. I found earlier today that I am getting 412 errors in 2 separate situations:

    1. someone has tried to add the rss feed for one of my categories to his blog aggregator & is getting a “412 precondition failed” error.

    2. when I try to use Google Remove URL to remove an old, out of date post permalink that I used to use at my old Typepad blog, I get this error:

    “We can’t determine if that page is truly outdated because the server returned the following unusual status code: 412″

    Over at the wp forum, macmanx suggested that I upgrade to the latest BB version, which I just did. I activated the plugin & cleared out my browser cache. But Google Remove URL is giving me the same error.

    I don’t know if my problem is that something needs to refresh or whether I’ve missed something I need to do in configuring BB or whether the problem isn’t caused by BB.

    Any thoughts would be greatly appreciated.

    Comment by Richard Silverstein | October 17, 2005

  11. Richard, please read What to do when Bad Behavior blocks you (or your friends).

    Comment by Michael Hampton | October 17, 2005

  12. Michael: Thanks for that link. It helped.

    Macmanx suggested that I add my own IP to the BB IP whitelist file which I did. Then the 412 errors stopped & Google Remove URL worked for me. Do you think I can consider the problem solved or do you still think I should go back & review the error logs to see why I was denied? If there could be any further complications later then I’ll go back & review the logs. I just don’t want to do so unless there’s a good reason to (since I don’t generally use myphpadmin & find it a bit intimidating to figure out).

    Comment by Richard Silverstein | October 17, 2005

  13. cost of zoloft

    Bad Behavior 1.2.2

    Trackback by Asa Liedholm | April 8, 2006


Sorry, the comment form is closed at this time.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: