Lunacy Unleashed

Notes from the field in the War on Spam

What to do when Bad Behavior blocks you (or your friends)

One of the two topics I get most frequently is the assertion that Bad Behavior has blocked a legitimate request from an actual user, sometimes even the owner of the blog! Since this seems to come up every so often, I’m going to see if I can help out, and maybe eliminate the need for some of these folks to contact me.

(But before we get started, if you are an AOL user, do not use the built-in AOL browser. Use Firefox or something else. And get a real ISP as soon as possible.)

Before doing anything, though, ensure that you have the latest version of Bad Behavior.

The first thing to do is to determine why Bad Behavior blocked you. Get your IP address, and then log in to your phpMyAdmin, and Search the bad_behavior_log table for your IP address. In the returned fields, the denied_reason field will have a short explanation.

If the denied_reason says, “I know you and I don’t like you, dirty spammer,” keep looking for other entries. This reason means the IP address was previously identified and is being temporarily blocked, and another entry will have the real reason for the block.

If the denied_reason says, “Required header ‘Accept’ missing,” check to ensure that you are not using a proxy server, personal firewall, or any other software that may be interfering with your Web browsing. This type of software, if not configured properly, will cause this problem. Bypass the proxy (when possible) and try again. If you see this message, and you are using GoDaddy shared hosting, be aware that this is caused by GoDaddy and there is nothing I can do about it. Switch web hosts.

If the denied_reason contains a long string of “Aaaaaaaaaaaaa,” says “User-Agent … prohibited,” or contains “Banned proxy server” and you aren’t using a proxy server, this means your computer has most likely been infected with a virus or Trojan horse which is sending comment and referrer spam. Have your computer cleaned before trying again.

If the denied_reason contains anything else, you may find that the reason for the block is made obvious by the reason given. For instance, if you have used a fake User-Agent string, Bad Behavior may detect this and block you. In this case you would correct the User-Agent string and try again.

If you still can’t figure out why you were blocked, Export the records from phpMyAdmin in either SQL format and send them to me. You do not need to zip them. If you send me an Excel format file, I will curse your name until the end of days, and probably not respond.

September 30, 2005 Posted by | Bad Behavior, Blog Spam, WordPress | 7 Comments

Bad Behavior Images

The 88×31 buttons for Bad Behavior and Bad Behaviour are hotlink protected. Please copy them to your site, instead of linking directly to them. Otherwise, people will see something you probably don’t want them to see. Thank you.

September 28, 2005 Posted by | Bad Behavior | Comments Off on Bad Behavior Images

Bad Behavior 1.2.2

Make a Donation.

Bad Behavior 1.2.2 has been released to address an issue which a few people have brought to my attention. Bad Behavior is the Web’s premier link spam killer, targeting automated spambots which post comment, trackback and referrer spam, as well as email harvesters.

In Bad Behavior 1.2.1, a new feature was implemented which blocked the IP address of a spammer for 48 hours. As it turns out, this is too long for some, too short for others. The new version takes a more balanced approach.

Now, if a spammer is blocked, its IP address is blocked for 10 minutes. If another attempt is received, the block is doubled to 20 minutes. And so on, without limit.

All attempts which are currently in the bad_behavior_log count toward this blocking, so changing the logging duration from the default of 7 days will have an effect on how effectively this new blocking works.

If you find yourself blocked by this version of Bad Behavior, do not try to reload the page for at least 10 minutes, in any browser. And, if you have such problems, don’t bother posting a comment; contact me directly instead. I read email much more frequently than the comments. 🙂

In addition, this version provides callback functions which you can implement (for instance, in another plugin) which are called upon each request which is either allowed through or blocked. You must return from the callback function, and you should not output anything. The functions are:

wp_bb_denied_callback($wp_bb_http_headers_mixed, $http_response, $denied_reason);

$wp_bb_http_headers_mixed is an associative array containing all of the HTTP headers for the request. $http_response contains the error code (403 or 412) logged to the database. And $denied_reason contains the text string logged to the database as to why the request was denied.

Please note that the callback functions currently work only on the MediaWiki port (and the Geeklog port, when Dirk gets around to it). They will work on WordPress and other platforms in a future release.

In addition, this version will block access attempts where there is no User-Agent field set, due to an increase in the amount of spam matching this profile. A very few legitimate bots fail to set the User-Agent; if you happen to use one, contact its author to have them fix it, and also place it on the whitelist.

Download Bad Behavior now!

September 23, 2005 Posted by | Bad Behavior, Blog Spam, WordPress | 13 Comments

WordPress feed redirected

Since about 40 of you failed to heed my warnings and change your WordPress feeds over from to this site, you’ve been forcibly redirected. That’s why you have a bunch of strange posts now. has been redirected to

Please update your RSS readers to taste, as I have more than one category here as well. 🙂

September 20, 2005 Posted by | WordPress | Comments Off on WordPress feed redirected

Something got unleashed…but it wasn’t lunacy, not exactly

I had a great day out today. (Yeah, I know the blog says Monday, but it is still Sunday in this universe.) Becca and I went out for breakfast to a little restaurant in a small town about 15 miles west of Madison, and not only was it a whole lot of good food, it was cheap. The only down side is my phone has no signal at all there. I hate Sprint PCS.

Anyway, after that we went back to her place, and I embarked on what should have been a simple task: download an Ethernet driver for Windows Me, install it, and get the computer working with the SBC Yahoo! DSL connection. Only problem was, the DSL connection had never been set up before! So I spent about half an hour on the phone with tech support trying to get things like the VPI and VCI out of them to manually set up the 2wire router, which I finally got set up, but then I had to register, and SBC’s registration site apparently only works with Internet Explorer. Which, uh, doesn’t run on my Linux box.

So after struggling with this for a while, I finally just hacked the page source, every other page, and finally got the account registered and the modem configured. An hour and a half gone. So SBC’s tech support is useless (what do you expect, they’re in the Philippines) AND their registration only works on IE. Whose stupid idea was that? How am I supposed to recommend this product given this piss-poor first impression?

Anyway, so I finally got it working, found the driver, burned it to CD, installed it on the target computer, and got it online. Then the next four hours was spent on: updating the anti-virus software, installing anti-spyware software, running Windows Update about five times, installing Firefox and Thunderbird, and removing all the Internet Exploder and Outbreak Express icons. Installing Acrobat Reader. Et cetera.

By this time it’s about 5 pm, and I’ve done about all I can do except for maybe defragment the disk, and it’s running about as well as it will given that it’s Windows fucking Me.

We briefly discussed the idea of eating, but that quickly fell by the wayside, and we wound up doing something else entirely. Next thing I know, it’s a bit after 7 pm, and she has to go work on a paper. So she takes me home, and off she goes.

I think I mentioned the other day that I’ve known her for 10 years or more. In all that time I never quite realized just how much we have in common. Our political views, for instance, are almost completely identical, and if you’ve read my political views, you’ll realize that virtually nobody agrees with me on everything. Or even close. And even little idiosyncratic things, like wearing a particular coat almost every day of the year, regardless of weather. She has a trenchcoat, I have a jacket. Same difference.

Where was I? Oh yes. So she and I are going to try to get together again this week, time permitting. I certainly hope I can spend a lot more time with her. We have about 10 years of catching up to do. And I realize I missed her.

Something’s definitely been unleashed tonight. Maybe it was lunacy. We’re both insane, after all. 🙂

September 19, 2005 Posted by | Personal | 1 Comment

I have a personal life!

Who would have thought, eh?

So I spent the evening out with a very old friend who I have known since about 1995 or so. She’s living up here in where I happen to be at the moment. And I’m so glad I did.

I won’t go into too many details on a public site, but I will say that we should have done this a long time ago, and I sorely regret losing track of her over the years. Maybe now we’ll have a chance to catch up…if I can convince her to stop working so much!

Anyway, for many of my loyal readers and friends, this probably constitutes Big News, so here it is.

September 15, 2005 Posted by | Personal | Comments Off on I have a personal life!

What to do with a invitation?

I think I like But there’s one thing that is really starting to bother me.

I have an invitation to give out to some lucky soul.

Ever since opening this blog I have been inundated with requests for an invitation. And I haven’t decided yet what to do with it.

No one yet has convinced me to part with the lone invitation. I’m loath to give it to someone who already has a Web site, for such a person could install WordPress themselves in about five minutes. And thus far everyone I’ve seen seems to have their own site already.

One person put up his invitation on eBay where it fetched about $46. Maybe I should let these people vote with their dollars as to how badly they want the invitation.

So, before I go puttting it on eBay like this other guy did, give me some ideas. How far will you go to get a invitation? What’s the craziest thing you’re willing to do? Get creative.

September 1, 2005 Posted by | WordPress, | 8 Comments