Lunacy Unleashed

Notes from the field in the War on Spam

Bad Behavior 2 Alpha 3/Alpha 4

Make a Donation.

Update: I’ve pushed a couple of fixes for the problems people had in this release as 2.0 Alpha 4. This fixes the issues with being unable to post on your own administrative screens on both platforms, and database insertion errors on MediaWiki. Download it below.

I’m getting ever closer to the final release of Bad Behavior 2.0, so close in fact that I’m not sure why I didn’t just call this series beta. The previous pre-releases have proved to be stable, solid and effective. With this release, I further close the gap and make the system even more effective.

For those of you who have been waiting ever so patiently for the MediaWiki port, it’s finally here. At the moment, much of it is a stub (you can help by expanding it), but it does block automated edits, which is what it’s supposed to do. The special page isn’t implemented yet; that will be coming soon. But it looks like it works on version 1.4 or later.

I’ve completed the technical support pages which are displayed to any rare unfortunate person who might be blocked by Bad Behavior. They all contain unique keys which, at the time of the final release, you’ll be able to plug into a form in the administrative screen, look up what went wrong, and get it fixed. They also contain a link the user can click to get detailed instructions on how to fix the problem from their end (e.g. you have viruses/malware; your old version of Opera has a bug; change this setting in Norton Internet Security; etc). For now, if you do get any false positive reports, mail me with the technical support key. So far in testing, there have been no false positive reports, that is a human being blocked inappropriately, and I’ve been watching the blocked accesses in realtime to see if I can see any, but I haven’t spotted one here yet.

What I have seen since 2.0 Alpha 2 is nearly all spam blocked. And I’ve taken the very little spam which escaped, all of it manually posted, and found a way to block it, too. Since implementation of that fix, Bad Behavior is showing 100% effective at blocking spam with no false positives. And while that may change in the future, it looks like for now I’m way ahead of the spammers again. I do, of course, need more extensive testing on MediaWiki, and reports of any spam that Bad Behavior doesn’t block. But if you’ve been waiting, now is the time to install it on MediaWiki; it’s stable enough for everyday use, (“Alpha” is a misnomer, I guess) and I use it in production on both WordPress and MediaWiki.

How to Install

If you upgrade from version 1, you can and should leave version 1 in place. This version installs to a different directory. For WordPress, remove any previous 2.x version first, unzip the file and upload the bb2 directory and its contents to your wp-content/plugins directory. For MediaWiki, unzip the file and upload the bb2 folder and its contents to your extensions directory. Keep the directory structure intact.

On WordPress, deactivate version 1 (if present) and activate version 2. On MediaWiki, edit LocalSettings.php, comment out the old extension (if present) and add in the new extension, for example:
include( 'extensions/bb2/bad-behavior-mediawiki.php' );

On MediaWiki, if you then receive an error saying you need to reconfigure the load balancer, (you don’t) you need to add the following line to LocalSettings.php, before the include line shown previously:
define('BB2_NO_CREATE', true);
Then you need to manually create Bad Behavior 2’s new table structure. The table name is mw1_bad_behavior, replacing mw1_ with your table prefix, of course, and you can find the table structure to create in bb2/bad-behavior/

To Do

The to-do list is pretty short, though it’s possible I’ve forgotten something. If I did, please leave a comment below.

WordPress: Implement the database search facility on the Options > Bad Behavior admin screen.

MediaWiki: Implement the special page. Implement the ability to save options.

ExpressionEngine: Targeted for next alpha/beta release.

Generic/Third Party Ports: Should be possible now, but I don’t have a generic template ready yet; e-mail me if you have questions.

And as always, if you find Bad Behavior valuable, please consider making a financial contribution. I develop Bad Behavior in my spare time, and every little bit counts.

Download Bad Behavior Now!

And don’t forget to subscribe to the RSS feed or the mailing list. (They’re the same content.)

April 29, 2006 Posted by | Akismet, Bad Behavior, Blog Spam, MediaWiki, Spam, WordPress | 94 Comments

Bad Behavior 2 Alpha 2

Make a Donation.

Bad Behavior 2 Alpha 2 is now available for wide testing. If you’ve used Bad Behavior in the past, or if you currently use Akismet or Spam Karma 2 and those spam numbers just keep going up, it’s time to learn what Bad Behavior 2 can do for you.

Bad Behavior 2 is a ground-up rewrite of Bad Behavior, the only Web spam killer which stops spammers before they even have a chance to get started. It does this by focusing not on the content of the messages, but on the delivery method. As such, for maximum effect, you should use it in conjunction with another content-based plugin, such as Spam Karma 2 or Akismet. But even on its own, Bad Behavior is once again shockingly effective at stopping spam.

When Bad Behavior was first introduced a year ago, (holy crap it HAS been that long!) it was the first tool of its kind targeting malicious activity on a wide variety of Web sites and platforms. While a few other similar solutions exist, such as mod_security for Apache, they can’t be installed by the user, and they don’t specifically target blog and forum spam, wiki vandalism and the like.

By contrast, Bad Behavior is a set of PHP scripts which pre-screens every request to your PHP-based Web site. The first major version of Bad Behavior was ported to nearly a dozen different blogs, wikis, forums and guestbooks, and many more generic ports were reported that their authors kept privately and never released. Bad Behavior 2 intends to keep the tradition of being portable to any PHP-based platform and expand on it by providing a more comprehensive and structured general API which can be wrapped into virtually anything.

Unfortunately, this wasn’t possible with the previous major version of Bad Behavior, owing to its design, thus the ground-up rewrite. Much to my surprise, Bad Behavior 2 is actually smaller than its predecessor, and catches virtually all spam with virtually no false positives. As of the time of this writing, it allowed only one spam to escape, and on investigation I found that spam had been manually posted by a very bored spammer. (In the final release, he too will be blocked.)

Now, down to business. As I said in the previous post, I haven’t completed the MediaWiki and ExpressionEngine ports yet, primarily due to time constraints, and the constraints of having thousands of people being hit by millions of spams and crying out for a solution now. So for now, this test release only runs on WordPress. It requires WP 1.5 or any later version.

Because this is a test release, there are some special installation instructions. First, if you installed 2.0 Alpha 1, delete it first before uploading this version.

This version can be installed alongside Bad Behavior 1, and in fact I recommend it. Upload the files in the usual way for any plugin. Then go to Manage Plugins. You’ll see both versions listed. Deactivate Bad Behavior 1, then activate Bad Behavior 2. To switch back, deactivate Bad Behavior 2, then activate Bad Behavior 1. Do not allow both version 1 and 2 to be active at the same time.

There are no show-stopping bugs that I’m aware of in this release; it’s stable enough for everyday use. However, it is not feature-complete; several items on the roadmap remain unfinished. For instance, a screener for requests which are suspicious but not certainly spam is only partially implemented. (Which is how that manual spammer got through.) The administrative screen located under Options > Bad Behavior is also not yet implemented.

Even so, I believe that this release will cut your spam flow on your WordPress blog to virtually nothing, without any false positives. However, in the extremely rare event that there is a false positive, the user will receive a technical support key and a brief explanation of what he can do to fix the problem (e.g. scan for spyware). Collect this key from the user and then mail it to me and I’ll get back to you with further information. The error page also provides a link the user can click for extended information; this part is also partially implemented and will be what I work on next.

And as always, if you find Bad Behavior valuable, please consider making a financial contribution. I develop Bad Behavior in my spare time, and every little bit counts.

Download Bad Behavior Now!

And don’t forget to subscribe to the RSS feed or the mailing list. (They’re the same content.)

April 27, 2006 Posted by | Bad Behavior, Blog Spam, Blogging, Spam, WordPress, WordPress 2.0 | 9 Comments

Bad Behavior 2 Roadmap Update

Return to Bad Behavior

Make a Donation.

I’m preparing the second alpha test release of Bad Behavior now, and it should be out within the next day or so. It’s currently running live on my other blog, Homeland Stupidity, and so far, absolutely no spam has escaped it, and no false positives whatsoever. I’m happy with the way it’s come out, and once again, Bad Behavior will be well ahead of the spammers — and the other available anti-spam tools.

First, the bad news. I haven’t had time to prepare the MediaWiki port or the ExpressionEngine port. I hope to have them ready after some feedback comes in on this test release. It also might necessitate changes in the core, and since I’m preparing ports for three different platforms all by myself, it’s rather time consuming. As you’ll recall, I have to give priority to things that bring me income, and Bad Behavior isn’t normally one of those things.

Now the good news. Bad Behavior 2 is still fairly simple and quite fast, as it’s actually smaller than the previous version while containing more functionality. Don’t ask me how I did that; it’s a trade secret. 🙂

Stay tuned; the test release is imminent.

April 26, 2006 Posted by | Akismet, Bad Behavior, Blog Spam, Spam, WordPress | 6 Comments

Bad Behavior Forward Observation

I’ve said before that the time would probably come when I would ask for brave volunteers to help run test code in order to help me build the next generation of Bad Behavior. One of those times has just arrived.

In developing Bad Behavior, I need access to a much larger body (corpus) of spam than I currently have, and I need your help to collect it. So this test code will automatically send a copy of any spam you receive to me.

There are some qualifications for this test, however, and you will want to pay close attention.

First, the plugin compatibility requirements. You must already be running both Bad Behavior and Akismet, and NOT be running Spam Karma. (The test code just won’t work with Spam Karma, and it currently requires Akismet for screening missed comments.) You must have at least WordPress 1.5 or higher to play.

Second, the data privacy issue. In some countries you may need to disclose this to your readers, so I’m disclosing it to you. This bit of code leverages Akismet to determine what bits of spam Bad Behavior is missing, and when Akismet determines that a comment is spam, it sends me a copy of the spammy request. The problem is that like everything else, Akismet is not 100% perfect, and it is possible that I’ll receive a legitimate comment. When this happens, I will delete the copy I received.

Finally, the installation. This is just a repackaged copy of Bad Behavior 1.2.4 with the code in question enabled. Replace your existing copy of Bad Behavior with this copy, reactivate the plugin if necessary, and you’re done.

In all other respects it operates exactly as Bad Behavior 1.2.4, the current version, except that it sends me a copy of any comment/ping submitted that Akismet (and possibly other plugins, but not Spam Karma) marks as spam. With this body of information I will be better able to develop more advanced techniques to combat comment spam, reduce the need for other plugins, and possibly even eliminate the very few false positives. I’ve got a few other ideas in mind, but I don’t want to share them too early and allow the spammers any advantages.

Sorry, MediaWiki users; I don’t have something ready for you just yet. But stay tuned. I run MediaWiki also, and I’m very interested in helping you eliminate wikispam as well.

April 2, 2006 Posted by | Bad Behavior, Blog Spam, Spam, WordPress | 10 Comments