Lunacy Unleashed

Notes from the field in the War on Spam

Bad Behavior 2 Alpha 3/Alpha 4

Make a Donation.

Update: I’ve pushed a couple of fixes for the problems people had in this release as 2.0 Alpha 4. This fixes the issues with being unable to post on your own administrative screens on both platforms, and database insertion errors on MediaWiki. Download it below.

I’m getting ever closer to the final release of Bad Behavior 2.0, so close in fact that I’m not sure why I didn’t just call this series beta. The previous pre-releases have proved to be stable, solid and effective. With this release, I further close the gap and make the system even more effective.

For those of you who have been waiting ever so patiently for the MediaWiki port, it’s finally here. At the moment, much of it is a stub (you can help by expanding it), but it does block automated edits, which is what it’s supposed to do. The special page isn’t implemented yet; that will be coming soon. But it looks like it works on version 1.4 or later.

I’ve completed the technical support pages which are displayed to any rare unfortunate person who might be blocked by Bad Behavior. They all contain unique keys which, at the time of the final release, you’ll be able to plug into a form in the administrative screen, look up what went wrong, and get it fixed. They also contain a link the user can click to get detailed instructions on how to fix the problem from their end (e.g. you have viruses/malware; your old version of Opera has a bug; change this setting in Norton Internet Security; etc). For now, if you do get any false positive reports, mail me with the technical support key. So far in testing, there have been no false positive reports, that is a human being blocked inappropriately, and I’ve been watching the blocked accesses in realtime to see if I can see any, but I haven’t spotted one here yet.

What I have seen since 2.0 Alpha 2 is nearly all spam blocked. And I’ve taken the very little spam which escaped, all of it manually posted, and found a way to block it, too. Since implementation of that fix, Bad Behavior is showing 100% effective at blocking spam with no false positives. And while that may change in the future, it looks like for now I’m way ahead of the spammers again. I do, of course, need more extensive testing on MediaWiki, and reports of any spam that Bad Behavior doesn’t block. But if you’ve been waiting, now is the time to install it on MediaWiki; it’s stable enough for everyday use, (“Alpha” is a misnomer, I guess) and I use it in production on both WordPress and MediaWiki.

How to Install

If you upgrade from version 1, you can and should leave version 1 in place. This version installs to a different directory. For WordPress, remove any previous 2.x version first, unzip the file and upload the bb2 directory and its contents to your wp-content/plugins directory. For MediaWiki, unzip the file and upload the bb2 folder and its contents to your extensions directory. Keep the directory structure intact.

On WordPress, deactivate version 1 (if present) and activate version 2. On MediaWiki, edit LocalSettings.php, comment out the old extension (if present) and add in the new extension, for example:
include( 'extensions/bb2/bad-behavior-mediawiki.php' );

On MediaWiki, if you then receive an error saying you need to reconfigure the load balancer, (you don’t) you need to add the following line to LocalSettings.php, before the include line shown previously:
define('BB2_NO_CREATE', true);
Then you need to manually create Bad Behavior 2′s new table structure. The table name is mw1_bad_behavior, replacing mw1_ with your table prefix, of course, and you can find the table structure to create in bb2/bad-behavior/core.inc.php.

To Do

The to-do list is pretty short, though it’s possible I’ve forgotten something. If I did, please leave a comment below.

WordPress: Implement the database search facility on the Options > Bad Behavior admin screen.

MediaWiki: Implement the special page. Implement the ability to save options.

ExpressionEngine: Targeted for next alpha/beta release.

Generic/Third Party Ports: Should be possible now, but I don’t have a generic template ready yet; e-mail me if you have questions.

And as always, if you find Bad Behavior valuable, please consider making a financial contribution. I develop Bad Behavior in my spare time, and every little bit counts.

Download Bad Behavior Now!

And don’t forget to subscribe to the RSS feed or the mailing list. (They’re the same content.)

About these ads

April 29, 2006 - Posted by | Akismet, Bad Behavior, Blog Spam, MediaWiki, Spam, WordPress

94 Comments

  1. After installing the latest alpha-3 of BB some main functions of wordpress (2.02) caused a 403 (e.g. save posts, publish posts).This is reproducible. Others works well without causing the 403.

    Error 403

    We’re sorry, but we could not fulfill your request for /blog/wp-admin/post.php on this server.

    You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.

    Your technical support key is: d9be-b916-408d-7e72

    No viruses or spyware, and not a too fast submitted form ;-)

    Do you need any more information on this? Please contact per mail.

    Switched back to BB1.

    Comment by Alexander | April 29, 2006

  2. You submitted the form too fast.

    Comment by Michael Hampton | April 29, 2006

  3. After two minutes or something like that. Wrote a text before… Where can I change the threshold?

    Comment by Alexander | April 29, 2006

  4. Me too. Switching back to BB1 also.

    Error 403

    We’re sorry, but we could not fulfill your request for /wp-login.php on this server.

    You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.

    Your technical support key is: 438e-8231-408d-7e72

    Comment by GadeTerbob | April 29, 2006

  5. WordPress, same error:
    Error 403

    We’re sorry, but we could not fulfill your request for /wp-admin/post.php on this server.

    You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.

    Your technical support key is: 4051-e3ce-408d-7e72

    You can use this key to fix this problem yourself.

    If you are unable to fix the problem yourself, please contact webmaster at ipstenu.org and be sure to provide the technical support key shown above.

    Comment by Ipstenu | April 29, 2006

  6. Two more things:

    1) How do I turn off verbose logging on MediaWiki?
    2) Fails on post for MediaWiki too, see below:

    A database error has occurred
    Query: INSERT INTO `bad_behavior`
    (`ip`, `date`, `request_method`, `request_uri`, `server_protocol`, `http_headers`, `request_entity`, `key`) VALUES
    (’64.81.227.206′, ’2006-04-29 18:30:00′, ‘POST’, ‘/index.php?title=User:ME&action=submit’, ‘HTTP/1.1′, ‘POST /index.php?title=User:ME&action=submit HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    Accept-Language: en
    Connection: keep-alive
    Content-Length: 1184
    Content-Type: multipart/form-data; boundary=———-0xKhTmLbOuNdArY
    Cookie: jorjafox_wikiUserID=2; jorjafox_wikiUserName=ME; jorjafox_wikiToken=a163e38e8dcfa08e3833f8a120b7c5d6; jorjafox_wiki_session=a2cb909745672fce24a1a064d2101ca0; __utmz=39731749.1136747738.35.9.utmccn=(referral)|utmcsr=forums.jorjafox.net|utmcct=/index.php|utmcmd=referral; __utmz=34167738.1144727056.115.25.utmccn=(referral)|utmcsr=en.wikipedia.org|utmcct=/wiki/Jorja_Fox|utmcmd=referral; __utma=34167738.16807.1132100171.1146271314.1146273291.127; __utma=39731749.1719533808.1132854095.1136955540.1137197570.39
    Host: wiki.jorjafox.net
    Referer: http://wiki.jorjafox.net/index.php?title=User:ME&action=edit
    User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418 (KHTML, like Gecko) Safari/417.9.2
    ‘, ‘wpSection:
    wpStarttime: 20060429182806
    wpEdittime: 20060406184836
    wpScrolltop: 0
    wpTextbox1:

    wpSummary:
    wpMinoredit: 1
    wpPreview: Show preview
    wpEditToken: ba578d3b823a67dcfa6c8d35a1ca23e8
    wpAutoSummary: d41d8cd98f00b204e9800998ecf8427e
    ‘, ’00000000′)
    Function:
    Error: 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ‘s all you need to know.

    Backtrace:

    GlobalFunctions.php line 602 calls wfbacktrace()
    Database.php line 473 calls wfdebugdiebacktrace()
    Database.php line 419 calls databasemysql::reportqueryerror()
    DatabaseFunctions.php line 25 calls databasemysql::query()
    bad-behavior-mediawiki.php line 55 calls wfquery()
    core.inc.php line 72 calls bb2_db_query()
    core.inc.php line 194 calls bb2_approved()
    bad-behavior-mediawiki.php line 115 calls bb2_start()
    - line – calls bb2_mediawiki_entry()
    Setup.php line 327 calls call_user_func()
    index.php line 80 calls require_once()

    Comment by Ipstenu | April 29, 2006

  7. You people type too fast. :) I’m going to rework that particular check for you people with your saved passwords and you people who can’t wait 20 seconds to hit the button.

    Ipstenu, that’s an open issue on the MW port right now. Nobody seems to know, and I can’t figure out, how MW escapes strings before they’re inserted into the DB. I need to know this before I can fix that.

    As for “verbose” logging, you don’t turn it off. This is no longer under user control since BB2 will require this information. On the other side, the table is better optimized and will be smaller in the final release (it won’t log everything).

    Comment by Michael Hampton | April 29, 2006

  8. maybe its possible to do the “fast-typing aka stored-password aka copy-past-hit-return-test” ;) only for comment-forms and not for the wp-admin tree?

    Comment by Alexander | April 29, 2006

  9. Same problem. Make a change to my post. Click “save and continue editing” for a preview. BAM! Blocked from my own site admin.

    Key 42a7-e7b0-408d-7e72.

    Comment by Kelson | April 29, 2006

  10. [...] Bad Behavior 2.0 alpha 3 I have installed Bad Behavior 2.0 Alpha 3 on my site. Akismet has been very effective (maybe 1 or 2 spam are missed per 300-400 comment spam with no false positives), but I had to go through the 400+ comment spam it catches every 2-3 days and I would love if the obvious stuff is just blocked before it reaches Akismet. The less work I have to do with comment spam, the better. So Bad Behavior will be combined with Akismet to effectively shut any chance of a comment spammer getting a comment posted on this site. If Bad Behavior misses it, Akismet should catch it. Already this morning, 47 spam attempts were blocked by Bad Behavior. Fantastic! [...]

    Pingback by ChrisGonyea.com » Blog Archive » Bad Behavior 2.0 alpha 3 | April 29, 2006

  11. Wow. A real huge amount of data will be stored in the database. Any chance to reduce this significantly?

    Comment by Alexander | April 29, 2006

  12. Huh. I KNOW I was waiting more than 20 seconds between typing and post. I got up, went to get more coffee, came back, hit submit. Something’s weird with that check there.

    Still, I think admins should be exempt from the BB check for time etc (like they are in most forums that limit how many posts one can do). Sometimes there’s an admin need for many fast posts and changes.

    Comment by Ipstenu | April 29, 2006

  13. Alexander, where are you running this, that you’ll have a huge amount of data? Wikipedia?! :)

    On the other side, the table is better optimized and will be smaller in the final release (it won’t log everything).

    Ipstenu, I think there’s a bug in that particular check. I’ve rewritten it, and I’ll have that out shortly, but in the meantime you can change it (in post.inc.php) to, say, 5 seconds:

        if ($screener[0] + 5 > time())
            return "408d7e72";

    Comment by Michael Hampton | April 29, 2006

  14. 5 hours testing => 500 kb in database ;)
    Any issues if I comment out “bb2_approved” in core.inc.php?

    Comment by Alexander | April 29, 2006

  15. Hm, a database table running 10 or 15 MB could be a problem.

    You can comment it out if you like, but if you do, you won’t be able to send me any spam reports. Pick your poison, I guess. :)

    Comment by Michael Hampton | April 29, 2006

  16. Ok, thanks. I will comment it out … Seems to work fine so far ;)

    Comment by Alexander | April 29, 2006

  17. I’ve put out a 2.0 Alpha 4 to address the issues brought up prior to this time. See if it works any better for you.

    Comment by Michael Hampton | April 29, 2006

  18. There’s no bad-behavior-mediawiki.php file in a4. Should I take that as a hint not to use it just yet? :)

    wordpress working jolly now.

    Comment by Ipstenu | April 29, 2006

  19. I sitll think Alpha 2 is the best.

    I just installed Alpha 4 and I still get locked out of my own Admin even with the new smaller delay. Here’s an example why it’s maddening: I go into Options and UNcheck the BB footer and then click UPDATE and I’m locked out of my site. If you have a fast and optimized server and you get 0.19 page loads you can see why having to wait even 5 seconds between doing things is a long delay in site administration.

    Comment by David W. Boles | April 29, 2006

  20. I still get locked out too even with Alpha 4.

    Comment by Edrei | April 30, 2006

  21. Also, the version in alpha 4 reads alpha 3.

    Comment by Edrei | April 30, 2006

  22. I’ve repacked Alpha 4 with the version string fixed and the bad-behavior-mediawiki.php file included. Oops!

    David, you were only locked out for five seconds. Click Back and try again. :) And please come up with a better idea; you’re going to get a lot of spam without that particular delay.

    Edrei, go check your system for viruses and spyware. You probably picked some up from your silly friend. You know who I’m talking about. :)

    Comment by Michael Hampton | April 30, 2006

  23. The best better idea I’ve come up with so far is to skip certain checks when someone with a level of administrative access is logged in. But that brings up two questions: How much access? and How to code it?

    Comment by Michael Hampton | April 30, 2006

  24. How about look for the URLs of the admin page and remember the IP for a little while. In other words, once you’ve logged into wp-admin, bb will know that you must be ok because you could not have gotten to this IP without knowing the admin pw.

    Hmm, my knowledge might be based on wp1.5 user levels though, I have not messed with the new role system at all b/c I run a single user blog.

    Comment by halr9000 | April 30, 2006

  25. s/gotten to this IP/gotten to this URL/

    Comment by halr9000 | April 30, 2006

  26. The idea of skipping checks for logged-in users also breaks down a bit when applied to MediaWiki; much of the wikispam I’ve seen on MediaWiki comes from user accounts the spammers create specifically for the purpose of spamming the wiki.

    So this proposal opens a bit of a security problem.

    MediaWiki users, how would you like to see this handled?

    Comment by Michael Hampton | April 30, 2006

  27. Hi Michael –

    Well the way Alpha 4 works now it is actually faster to just go into Akismet and delete the Spam than it is to wait for Alpha 4 to time out before I can interact with the next page.

    It would be great if there is some way for logged in Admins to have a briefer delay between waiting to complete tasks.

    Alpha 2 rocks, though. I’ve never had more than two Spam messages get through after that first overnight when I had 19. Huge decrease in Spam and I thank you.

    Comment by David W. Boles | April 30, 2006

  28. Well, that’s 19 spams too many, in my opinion. But even I can wait five seconds. And like I said above,

    The best better idea I’ve come up with so far is to skip certain checks when someone with a level of administrative access is logged in. But that brings up two questions: How much access? and How to code it?

    I have my own ideas on how to solve this, but I need to hear more from WP users who have multiple authors, as well as MediaWiki users.

    Comment by Michael Hampton | April 30, 2006

  29. Hey Michael –

    I have a lot of authors who are in and out of my blog all day long and the current Alpha 4 timeout delay would cause a lot of screaming because I beg them to frequently save their work.

    I get yelled at about the 15 second “Slow Down Pardner” or whatever WordPress gives you when you post comments too quickly. Having a hot blog means you want to have a code structure that can support the fast and the furious while keeping out the riff-raff and I know that’s the conundrum you are addressing with BB2.

    I vote anyone logged into the Admin panel with “Contributor” level or above doesn’t get hacked by BB2 on a timeout violation.

    I believe WP 2.0 defaults new registrations to “Subscriber” level unless you change it so that default level would help keep any Spammers who register on a blog in timeout check.

    I don’t think anyone who you give access to your blog as a “Contributor” or above would want to Spam you but I suppose more curious things have happened.

    As for coding clues — I have none. :mrgreen:

    Comment by David W. Boles | April 30, 2006

  30. Heh, don’t worry too much about HOW to code it; right now I mainly need to know WHAT to code. And your answer helps a LOT for WordPress.

    Now where are my MediaWiki users? You all yelled and screamed for this for months, and now I need your feedback.

    Comment by Michael Hampton | April 30, 2006

  31. [...] Y hablando de filtrar, el sistema Bad Behavior (que bloquea a los robots que postean spam en las páginas), está en una activa batalla con estos nuevos robots capaces de inundar nuestros blogs, wikis y páginas en general de basura. El sistema es altamente recomendable y puede instalarse en cualquier página que use PHP, ya existen versiones preparadas para varios sistemas(Geeklog, MediaWiki, WordPress, etc). [...]

    Pingback by Radio Levhita » Archivo » Maldito Spam! | April 30, 2006

  32. 21 blocked in 1 hour is a good score.
    excellent job Michael

    Comment by researcher | April 30, 2006

  33. footer problem is solved
    one div too much :)

    Comment by researcher | April 30, 2006

  34. I was at work! Sorry. Ahem. Mediawiki stuff.

    How much access should get skipped for checks? Sysop and Bureaucrat should always get skipped. If you’re a tool who adds in an unknown as those, well. You’re an idiot.

    I’m not sure what else you’re asking for.

    Comment by Ipstenu | April 30, 2006

  35. [...] Bad Behavior 2 Alpha 3/Alpha 4 is out. It contains a couple of bug fixes. [...]

    Pingback by Caught in the World "Wild" Web » Blog Archive » Bad Behavior 2 Alpha 3/Alpha 4 | May 1, 2006

  36. Can I work on BBStats for this version, or do I have to wait?

    Comment by Ajay | May 1, 2006

  37. This version has its own stats display. It turned out to be easier to rewrite it than to wait for you. Sorry!

    Comment by Michael Hampton | May 1, 2006

  38. No probs, just checked that out and found it.

    One thing I found missing is the option of Log all attempts and log only blocked attempts.

    I don’t want to log every access, just those blocked.

    As for the stats… I expected you to do it sooner or later :D

    Though how much functionality are you planning on giving the stats configuration? I think with that admin screen you can give a lot more.

    Accordingly I can keep / remove / update my plugin.

    Comment by Ajay | May 1, 2006

  39. select count(*) from wp_bad_behavior;

    47600

    That’s what it looks like here. Which really isn’t all that much, since the table is much better designed. It really could only be a problem if your web host is stupid and doesn’t give you very much space for a database.

    The database table is also going to change prior to final release, so that there will be a verbose/non-verbose mode. Either way, it will still log all accesses, but will log less information in the non-verbose mode. (BB2 needs to log some information about every access, blocked or not, in order to catch certain delivery methods of spam.)

    Those who turn off verbose mode will not be able to submit reports of missed spam, as the spam itself won’t be logged.

    Comment by Michael Hampton | May 1, 2006

  40. DB Space shouldn’t really be a problem. Atleast not for me ;)

    If that is a requirement, then it shouldn’t really be a big issue.

    You didn’t answer about the level of customization you are planning to provide for the stats, because I do have a few things planned, which I may or maynot give depending on how much stats configurability you are planning to give.

    Also was thinking about making a WordPress widget…

    Comment by Ajay | May 1, 2006

  41. I look at it this way: if I give a user admin access to my blog, then it’s my fault if I gave access to someone who was dumb enough to get a trojan on their PC. Or hell, only have it ignore admin users who can manage plugins (they gotta be trusted).

    Point is, I know better than BB2 when it comes to wether I am a spam bot or have an infected PC, so it shouldn’t be checking/blocking me.

    Comment by Viper007Bond | May 1, 2006

  42. Oh, as for large tables, don’t worry about it guys. It’s only INSERTing into the database and unless you have the stat line on, it’s not affecting performance.

    As as for the actual space, it’s only a few MB and most hosts don’t count DB size as a part of your account. ;)

    Comment by Viper007Bond | May 1, 2006

  43. As for the large tables, maybe you should give the users an option to cleanup the BB table every ohter week or something like this.

    Comment by Alexander | May 1, 2006

  44. As said above, verbose logging is on in the alpha versions. You’ll be able to turn it off or on in the final version, just like in BB1. ;)

    Comment by Viper007Bond | May 1, 2006

  45. Alexander, Bad Behavior cleans its own tables, and keeps records no longer than a week.

    Comment by Michael Hampton | May 1, 2006

  46. Ignore comment #44. I read wrong.

    As for “verbose” logging, you don’t turn it off. This is no longer under user control since BB2 will require this information. On the other side, the table is better optimized and will be smaller in the final release (it won’t log everything).

    Comment by Viper007Bond | May 1, 2006

  47. At the moment, much of it is a stub (you can help by expanding it)

    Dork :P.

    Comment by VxJasonxV | May 2, 2006

  48. Anybody else seeing problems with BB2 and WordPress 1.5.2 or WP 1.52 based code?

    When using Chronolith 0.9.09 (from SVN) activating BB2 works but the Admin Interface for BB2 doesn’t. I worked around it by decoupling the BB2 admin interface from BB2 itself as a separate plugin. First I activate BB2 minus the admin interface, then I activate the Admin Interface. So far so good.

    I also added a class called ‘badbehavior’ to paragraph containing the output in the footer for the BB2 stats and added CSS to wp_head()

    Comment by Samir M. Nassar | May 2, 2006

  49. You wanted to know of spam it wasn’t stopping. I do not know about this release but I know the other versions were not stopping spam on the jalenack shoutbox for wordpress. I hope this one does. My shoutbox is getting spammed, bad. It has helped my blog just not one inline component plugin of it. All in all I give the bad behavior plugin high marks. It is good. I just wish it would help with the shoutbox too.

    Comment by Static Brain | May 4, 2006

  50. [...] The second is an alpha (but supposedly stable) version of Bad Behavior 2.0. Bad Behavior 1.x has been instrumental in stopping 95% of the comment spam on this site. Lately more has been leaking through, so I’m hopeful that this solves the problem altogether–at least for the time being. [...]

    Pingback by Flametoad » Blog Housekeeping | May 5, 2006

  51. hello there,

    as far as I remember the author of: jalenack shoutbox for wordpress. reccomends bad behaviour for combatting spam in his shoutbox but the newer version do not stop spam there…

    could you please have a look at this issue?

    thx for the great plugin
    ovidiu

    Comment by ovidiu | May 8, 2006

  52. So the BB2 admin page not showing up on Chronolith 1.0 isn’t confined to Chronolith. I just tested BB2 alpha 4 on a stock WordPress 1.5.2 installation and the admin page failed to show up there as well. It appears that all WordPress 1.5 based code won’t show the admin interface from BB2.

    Comment by Samir M. Nassar | May 8, 2006

  53. The options page shows up fine here in WP2.

    Comment by Viper007Bond | May 9, 2006

  54. Hi,

    A friend of mine got this error when commenting:

    We’re sorry, but we could not fulfill your request for /wp-comments-post.php on this server. An invalid request was received. This may be caused by a malfunctioning proxy server. Bypass the proxy server and connect directly, or contact your proxy server administrator. Your technical support key is: 869f-8d02-41fe-ed15

    Is this because of Bad Behavior. I tried to search the mysql db for the support key, however couldn’t find it.

    Comment by Ajay | May 10, 2006

  55. Ajay, your friend needs to follow the directions given.

    Comment by Michael Hampton | May 10, 2006

  56. I am using the current released version with my WordPress blog and eagerly looking forward to the new version.

    Is there a localization mechanism for BB? I’d like to have the directions and messages in Chinese. Thanks.

    Comment by Stephen Chu | May 10, 2006

  57. any news about support for: jalenack shoutbox for wordpress ?

    the author of that plugin stated inside his documentation, that bb plugin was well suited for protecting his shoutbox too, but it seems the new version is no longer able to do so?

    thx
    ovidiu

    Comment by ovidiu | May 11, 2006

  58. Sorry, you’ll have to talk to jalenack about that. I know nothing about the shoutbox.

    Comment by Michael Hampton | May 11, 2006

  59. [...] Install Bad Behavior 2 Alpha 4. [...]

    Pingback by Lunacy Unleashed » Blog Archive » Bad Behavior 2 for MediaWiki Update | May 18, 2006

  60. Hey,
    Using WP1.5.3b1 and the administration panel for BB2 doesn’t show up. Any news regarding this issue? (yes, the plugin is activated)

    Comment by eduardo | May 21, 2006

  61. Yes, I know about that problem and it will be fixed in the next release.

    Comment by Michael Hampton | May 21, 2006

  62. [...] So this counts as the second re-birth of the site, I imagine.  It’s actually been up and languishing for a few weeks while I spent time on other projects, and waited on someone with better design skills to come up with a logo.  Well, that’s done, and I finally got off my duff and wrote the url rewriting pieces to make it a seamless move.  The old site’s still there, you just can’t get to it anymore and all the search engines should be updating to the new urls shortly.  How fun. I’m looking forward to see how comment spam fares on this new blog with all of its advanced detection techniques compared to my old hack.  I had killed all automated spam, we’ll see if this fares as well. [...]

    Pingback by wantingseed.com » Blog Archive » Welcome! | May 21, 2006

  63. Thank you Micheal, we apreciate that!

    Comment by eduardo | May 22, 2006

  64. Question: Last night, I installed BB 2.0a4 on a wordpress 2.0 blog. Overnight, I see there over 3,000 blocked attempts and nothing has got through to the blog (after a particularly bad week for spam. Very awesome.) However, Akismet is also running and there are 32 comments or trackbacks that were snagged there.

    That doesn’t bother me so much, but when you say “100% effective,” do you mean that even the spam filter should be empty? If so, what do you suggest to eliminate that last little bit? Should I be running an earlier version of BB alongside it? (This is install was the first time I’ve used it.)

    Also, do you want to know anything about what got through? Thanks a bunch.

    Comment by Dashiell | May 22, 2006

  65. Well, obviously, it’s 99% effective now. :) Still, 32 spams compared to 3,000 is much easier to deal with. I’m still working on getting the last few…

    Comment by Michael Hampton | May 22, 2006

  66. FYI, it’s working wonderfully for MediaWiki 1.6 now. No complaints after a busy weekend.

    Comment by Ipstenu | May 22, 2006

  67. Ha! You’re right, it’s still been a huge help.

    I’ve actually noticed that almost all of the guys that snuck by are from one of two IP addresses. I can send you more info, if you like.

    Comment by Dashiell | May 22, 2006

  68. Maybe I’m missing something or I’m just a little too dense..

    After uploading the ‘bb2′ directory to my server, when I deactivate BB 1.2.4 I get the following error message:

    “Fatal error: Cannot redeclare uc_all() (previously declared in /homepages/23/d89610928/htdocs/wp-content/plugins/bad-behavior/bad-behavior-functions.php:4) in /homepages/23/d89610928/htdocs/wp-content/plugins/bb2/bad-behavior/functions.inc.php on line 28″

    I must then delete the bb2 directory in order to access my blog.

    Thanks in advance for your help.

    John

    Comment by John | May 22, 2006

  69. John, you must deactivate Bad Behavior 1 first, before activating Bad Behavior 2. You activated Bad Behavior 2 first, before deactivating Bad Behavior 1, thus causing the problem you see there. To recover it, remove the Bad Behavior 2 files, deactivate Bad Behavior 1, then reinstall Bad Behavior 2.

    Dashiell, unless there’s something highly unusual about the spam you received, I probably know about it already. I’m preparing a new release which will be out shortly, and either will address the issue, or won’t. If it doesn’t, then I’ll need reports. Thanks!

    Comment by Michael Hampton | May 22, 2006

  70. Splendid! Thank you, Michael.

    Comment by John | May 22, 2006

  71. [...] I’ve installed the latest version of Bad Behavior. Spam Karma has been doing an excellent job but since I like to go through the logs to see if there have been any false positives I’d like for the log to be smaller. I had tried a previous version of Bad Behavior and eventually disabled it because it was keeping some legitimate people away from the site (namely me). Hopefully the new version will be better. [...]

    Pingback by Striving For Average » Bad Behavior | May 23, 2006

  72. [...] So i take some time to research on bad behavior , wonder any latest release update or not, but in stead of update version, what i saw is bad behavior beta 2 , since i quite confident for my php debug skill, i install this plugin immdiately [...]

    Pingback by Ah Knight’s Blog » Fight Spam? Use Bad Behaviour | May 23, 2006

  73. I haven’t had any issues with the A4 MediaWiki plugin, so, keep on rockin’.

    Comment by DjLizard | May 25, 2006

  74. cpanel does charge you for your database space. Am running several copies of BB and ts using 5meg of drive space for the log. Gona disable it until you can swrink down the log sizes.
    I also request the option for all copies running on the same database to use 1 log file so they can share spammer data.

    Comment by tm | May 27, 2006

  75. You have a pretty terrible host if they charge you for 5MB of database usage. Go shop for a new host.

    Comment by Michael Hampton | May 27, 2006

  76. whats the point of This pre-release version of Bad Behavior will disable itself on July 31, 2006.
    Please upgrade to a more recent release on or before that date?? and whats more stable 1.xx or alpha 4? thx

    Comment by angriff | May 27, 2006

  77. Heh, can’t wait for the new version. I got 236 spams within the past 48 hours (may not seem like a lot to some, but it is to me). :(

    Comment by Viper007Bond | May 29, 2006

  78. Also, waiting for the 1.5 admin panel fix. ;)

    Thanks!

    Comment by war59312 | May 29, 2006

  79. Gah, 1007 spams since my last comment. :/

    Comment by Viper007Bond | May 30, 2006

  80. Hi Micheal,
    I just got blocked to my own admin area – i believe because i went too fast. No problem with that.
    But seeing the support screens raised a concern: they are in english, and many WP sites are in other languages (including mine, with 97% visitors speaking portuguese). Do you plan any i18n support?
    thanks

    Comment by eduardo | May 31, 2006

  81. Yes, i18n is planned, but probably won’t make it into the 2.0 release. I’ve done some preliminary work toward it, but the main problem is every host platform handles it differently, so it’s going to greatly complicate things.

    In the meantime, since I speak English, this is something I’ll almost certainly need help with! :)

    Comment by Michael Hampton | May 31, 2006

  82. hey, I have installed bb2 alpha 4 for wordpress. But is not effectively blocking spam. The comment spams gets across bb and then its stoped by akismet.

    I have around 85 blocked attempts listed… but around 400+ comments(spam) have got across bb2.

    Let me know how I can further help.

    Comment by Arjun Prabhu | May 31, 2006

  83. Just wait. Bad Behavior needs to gather some data before it can block some types of spam, especially if you are under attack at the time you install it.

    Comment by Michael Hampton | June 1, 2006

  84. Time won’t fix it. I’ve had BB alpha 4 installed since it was released and I’m currently getting like 1000 spams a day leaking though BB. The bots are getting smarter. :(

    Comment by Viper007Bond | June 1, 2006

  85. @Michael : does it learn as time goes? is it bayesian based ?

    I have just had it on for a two days now (Earlier I used to use BB 1.x, but I had problems with false positives with 1.x)

    Comment by Arjun Prabhu | June 1, 2006

  86. Hey Micheal,
    Nice, count me in for pt_BR ! I am already serving the WP localization in portuguese, it will be rewarding to help. Please write to my email when time comes.

    Comment by eduardo | June 1, 2006

  87. I had to deactivate BB2 alpha 4 because its 47 MB log table was not sustainable for my site.

    Looking forward to the final release.

    Comment by blau | June 1, 2006

  88. typo, 17 MB log table.

    Comment by blau | June 1, 2006

  89. That really needs some clarification. What are you running your site on? Why is a 17 MB table a problem? That’s quite small, as these things go.

    Comment by Michael Hampton | June 1, 2006

  90. I tried to upgrade from v1 (1.2.4) to v2 [1.8.4 (2.0 Alpha 4)], but ran into an immediate problem. I’m using WordPress v1.5.2 and Firefox v1.5.0.4.

    First, after deactivating v1 and activating v2, I could not find a Bad Behavior admin screen under options. So I could not implement the database search facility. I tried to log out of WP and then log back in to see if the BB admin screen might show up, but after logging out I was not able to log in again. I got the screen that people with a virus might get.

    I had to use IE instead of Firefox and then I was able to log in. But I never use IE for blogging or much of anything else.

    Comment by Darnell | June 2, 2006

  91. Hi Michael, the site has 200 MB space on a linux server, DB is 40 MB (w/out plugins), files and all is 120 MB. Runs WP202.
    Yesterday I got a disk quota alert from the server, and the bb2 log table (17 MB) was unexpected. Small as it may be, it added to other large files that my users merrily uploaded.
    I disabled bb2, emptied the log table, cleaned up some large images, re-enabled bb2. Let’s see how big the log table becomes before making a final decision.

    The bottom line, Michael, is that that hosting plan sucks, but I have reasons to wait before switching to a new provider.

    Comment by blau | June 2, 2006

  92. I tried installing on WP 1.5 and received this error:

    Fatal error: Call to undefined function: is_admin() in /home/MYSITE/public_html/blog/wp-content/plugins/bb2/bad-behavior-wordpress.php on line 168

    Is the update not compatible with WP 1.5?

    Comment by gluefreak | June 3, 2006

  93. This current version of BB2 seems to have a conflict with Postie Plugin v0.9.9.3.2 for WP. When Postie checks for and new emails to be added as a new post I see the following error:

    #!/usr/bin/php -q
    Warning: Cannot modify header information – headers already sent by (output started at /home/darkram4/public_html/WordPress/wp-content/plugins/postie/get_mail.php:2) in /home/darkram4/public_html/WordPress/wp-content/plugins/bb2/bad-behavior/screener.inc.php on line 8

    Comment by Walt | June 6, 2006

  94. [...] Based on your feedback, and on my own experience getting slashdotted last week, I’ve changed the pre-release quite a bit from previous pre-releases and it’s now ready for a wider audience. Here’s a quick rundown of the changes: [...]

    Pingback by Lunacy Unleashed » Blog Archive » Bad Behavior 2 Beta 1 | June 7, 2006


Sorry, the comment form is closed at this time.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: