Lunacy Unleashed

Notes from the field in the War on Spam

Bad Behavior 2

Make a Donation.

It’s been a long time coming, and Bad Behavior 2, the next generation of the Web’s premier malicious traffic killer, is finally here!

Bad Behavior, conceived in 2005 as a fingerprinting method for HTTP requests, has proven, as one user called it, “shockingly effective” at identifying and blocking malicious activity, including blog/wiki spam, e-mail address harvesting, automated cracking attempts, and more. It does all of this looking only at the HTTP request headers; for POST data, the content of the spam is not analyzed at all.

Even so, Bad Behavior blocks the vast majority of web spam, and has gotten the spammers so worked up they’ve actually stopped spamming me with their latest tools, so as to try to prevent me from learning what they’re up to. (It didn’t work. “The king hath note of all that they intend, By interception which they dream not of.” — Shakespeare)

I’ve been developing Bad Behavior 2 in my limited spare time, off and on, for almost a year. And I want to thank all of you for your patience, especially while spammers were bombarding your blogs and wikis, and for your support. It’s been a crazy year, and I’ll be talking more on a personal note about it in the next few weeks.

And that is the reason I am releasing the software now, when not all of the planned features are present: In recent weeks spammers have greatly stepped up their activity, with some sites receiving ten times as much spam as before. I’ve been hard at work on Bad Behavior 2, making sure that it can block this spam without keeping away your regular readers.

New Features

Even without everything I’d planned, Bad Behavior 2 is chock full of new features. Some of them are quite visible, others are more in the backend.

  • Bad Behavior 2 is faster than Bad Behavior 1, whether you use database logging or not. It has been completely redesigned from the ground up to be as fast as possible and provide protection on very high traffic sites, such as when you find yourself on the front page of, or you’re the sysop of Wikipedia. For most requests, Bad Behavior 2 issues at most one fast database query, and in many cases, no database queries. Bad Behavior’s run time on fast servers is measured in single milliseconds.
  • Bad Behavior 2 has been enhanced with additional checks for spammers who have started or increased their activity in the last year. It also has better screening of trackback spam, killing virtually all of it. Bad Behavior 1 permitted a lot of trackback spam.
  • Bad Behavior 2’s options have been standardized across ports, so that the same options work the same way on each software package. (Not all of the options apply to each package, however.) This makes Bad Behavior easier to deploy across multiple sites and different software packages.
  • On some software packages, Bad Behavior’s options can be controlled from within the software package. Currently an administrative screen is available on WordPress, and a screen is planned for MediaWiki. (It hasn’t been implemented because developer documentation is sparse, incomplete and wrong, according to Brion. When the documentation improves, the MediaWiki port’s features will improve.)
  • For speed reasons, Bad Behavior 2 does not use PHP classes in its core. But Bad Behavior 2’s API has been rewritten to provide a better interface for certain types of software, such as ExpressionEngine, which expect their extensions to be encapsulated in classes. (The EE port isn’t complete, sorry!)
  • Some spam delivery methods are easily confused with legitimate users, especially those in large corporations or governments. This is mainly due to the proxies in use at those places. When a spammer uses such a proxy, Bad Behavior cannot easily tell whether the request is legitimate or not. In Bad Behavior 1, these requests were blocked, causing many legitimate users to be blocked. In Bad Behavior 2, you can choose whether to block these requests with the “strict” option.


To upgrade to Bad Behavior 2, you first need to remove all previous versions of Bad Behavior, including any 2.0 pre-release versions. Then you need to drop any database tables Bad Behavior may have created in your database. These may be named, e.g. mw1_bad_behavior or wp_bad_behavior. They may also be bad_behavior_log instead.

Then you are ready to install Bad Behavior 2!


The basic installation instructions haven’t changed much from Bad Behavior 1. Please see:


For all platforms except WordPress (for now) options are configured by editing them near the top of the bad-behavior-platform.php file. Currently this includes MediaWiki and the generic non-database port. MediaWiki options will be moved to a special page in a future version.

In WordPress, the available options appear in the Options » Bad Behavior administrative page.

The options available to all users are:

  • log_table: The name of the database table Bad Behavior should use. This is set by default for all platforms and should not be changed unless you are porting Bad Behavior to a new software package.
  • display_stats: When this option is set, Bad Behavior will display statistics in the footer of your web pages. (Currently works only on WordPress.)
  • strict: Enables strict mode blocking. When turned on, certain types of spam will be blocked, but legitimate corporate and government users may also be blocked. This is off by default.
  • verbose: Enables logging of all requests received. When turned on, the details of every HTTP request Bad Behavior processes will be logged to the database. When turned off, only blocked requests, and a few legitimate but suspicious requests, will be logged. This is off by default.

To-Do List

I’ve pushed this release out the door because it’s proven stable, fast, and effective, and because spammers have greatly stepped up their activity. So several features which were in the roadmap have been postponed. I will be drawing up a new post-2.0 roadmap for these features in the next few days.


As always, if you find Bad Behavior valuable, please consider making a financial contribution. I develop Bad Behavior in my spare time, and every little bit means I have more spare time to devote to its development.

Download Bad Behavior Now!

And don’t forget to subscribe to the RSS feed or the mailing list. (They’re the same content.)

July 4, 2006 - Posted by | Bad Behavior, Blog Spam, MediaWiki, Spam, WordPress


  1. Awesome! 😀

    Working great, as usual!

    Comment by war59312 | July 5, 2006

  2. […] 正式版本 Bad Behavior 2 終於推出了,這次有以下的改進。 […]

    Pingback by Bad Bahavior 2 Released @ 天佑的自由天地 | July 5, 2006

  3. […] Its been a long time coming but Bad Behavior 2, the WordPress plugin that is dynamite against comment spammers and blocking other malicious activity has finally arrived. Some of the features of the new version include: […]

    Pingback by Bloggers Buzz | July 5, 2006

  4. […] Bad Behavior, inzwischen ganz frisch erhältlich in Version 2. […]

    Pingback by dyingeyes weblog » Schlechtes Benehmen, Version 2 | July 5, 2006

  5. […] Finally it’s there: Bad Behavior 2 is available. IMHO it’s the most valuable “BSPS” (Blog Spam Preventing System) out there. Michael did a great job on this (as usual). I don’t know, how he did it, but it’s blocking Spam by only analyzing the header informations – not the content of the Spam. […]

    Pingback by Tomblogg » Blog Archive » Bad Behavior 2 | July 5, 2006

  6. […] das Antispam Plugin für WordPress ist nun in der Version 2 erschienen. Was ist neu? Keine Ahnung, habs gerade erst entdeckt, scheint aber endlich ein eigenes Adminmenue bekommen zu haben. Möglicherweise kann man jetzt besser steuern, wer und warum geblockt wird, also nicht immer wieder echte User. […]

    Pingback by Basic Thinking Blog » Bad Behavior 2 draussen | July 5, 2006

  7. reclametuigbestrijding…

    Michael Hampton is de dolende ridder die het spamtuig bestrijdt.
    Bad Behavior is aan zijn 3e update toe
    en is binnenkort beschikbaar.
    urgente update van dit bericht, zie beneden
    over dat reclametuig schrijft Michael:
    Hello, spammers. I know your secret…

    Trackback by | July 5, 2006

  8. […] Anders als bei den Vorversionen (1.2.x) wird in Bad Behavior 2 bei den blockierten Zugriffen nicht mehr offen in die Datentabelle geschrieben, warum der jeweilige Zugriff blockiert wurde. Und auch die HTTP-Antwortcodes (200, 400, 403, 412 etc.) sind nicht mehr sichtbar. […]

    Pingback by dyingeyes weblog » Bad Behavior: Keys und was dahintersteckt | July 5, 2006

  9. In your generic file for Bad Behavior you are still using $wgDBprefix, which is obviously not a variable set in other systems. I am working on getting a test Extension set up for ExpressionEngine now.

    Comment by Paul Burdick | July 5, 2006

  10. Oops! Well, it doesn’t matter too much what’s in there; I think it’s commented out anyway.

    Somewhere I’ve got a skeleton EE extension; just haven’t had time to look at it (and reinstall EE on a testbed). I’ll dig it out sometime in the next few days, though I suspect whatever you come up with is going to be a lot better than the complete garbage I write. 🙂

    Comment by Michael Hampton | July 6, 2006

  11. Hmm, I can’t get my stats to show up in my footer. Any ideas why?

    Comment by Viper007Bond | July 6, 2006

  12. Cool. Can’t wait to try this baby out.

    Comment by Gary | July 6, 2006

  13. Yay for strict mode! Got it installed on my MW, hopefully the new stuff you’ve got in here will keep out the latest nasties.

    Comment by Hal Rottenberg | July 6, 2006

  14. Hal, it should pretty neatly solve your particular spam problem. 🙂

    Comment by Michael Hampton | July 6, 2006

  15. […] In the two days or so since I released Bad Behavior 2, it’s been downloaded 267 times. That’s 267 (or more) people enjoying the peace of mind that comes from knowing that web spam doesn’t have to be a nightmare. If you’re reading this, you are probably one of them. Congratulations! […]

    Pingback by Lunacy Unleashed » Blog Archive » Bad Behavior: Your first line of defense | July 7, 2006

  16. Michael, guess what, more spam. I tried to email you, it failed again. I’ve uploaded the sql to

    Comment by Hal Rottenberg | July 7, 2006

  17. […] Bad Behaviour 2This is a highly effective set of scripts packaged in a WordPress plugin that can identify spam bots before they spam your blog. However, manual comment spam will still pass through. […]

    Pingback by blogHelper » Handling Spam on WordPress | July 7, 2006

  18. […] You need BOTH the bad_behavior extension from EE AND the standard Bad Behavior download. […]

    Pingback by Lunacy Unleashed » Blog Archive » Bad Behavior 2 for ExpressionEngine | July 8, 2006

  19. […] WP plugin: Bad Behavior 2 This inew version of Bad Behavior has a bunch of new features including faster code, variable strictness of traffic filtering, lesser usage of the database (which is really important for higher traffic sites) and a new wrapper API. Bad Behavior is now also available for ExpressionEngine, MediaWiki and generic non-database mode for any PHP script, forum, guestbook, Movable Type, etc. Thanks Michael va email.   Related Posts from the Past: […]

    Pingback by Weblog Tools Collection » WP plugin: Bad Behavior 2 | July 8, 2006

  20. I’m having a little problem with BB2 (infact, ever since the beta I’ve been having this problem). I use the Javascript tabber from [1] on my website [2]. When BB2 is enabled, the script doesn’t seem to be able to run (i.e., I only see the “fallback” HTML code, not the tabs). However, I see this problem only on Firefox, on Konqueror everything seems to be fine. Things work just fine on all browsers with BB1. Any ideas? (I’m going to leave BB2 on for a couple of hours in case you want to take a look — after that I’ll disable it, I want my tabs back on Firefox!). Thanks 🙂


    Comment by Diwaker | July 8, 2006

  21. The previous comment didn’t let the URLs pass through for some reason. Here’s another attempt:


    Comment by Diwaker | July 8, 2006

  22. […] Products Jul 8 at 12:02 pm by Aaron -The popular anti-spam solution for WordPress and other platforms has just been given a facelift. Bad Behavior 2 which claims to have at most only one database call per transaction, can be measured in single milliseconds and now has the option to turn off blocking of legitimate users behind corporate proxies is now in the wild. Author Michael Hampton has been putting a lot of time and effort into this complete rebuild. I know because I’ve talked to him about it. (Maybe we need an interview with him… Whaddya think?) […]

    Pingback by Bad Behavior 2 On the Loose at The Blog Herald | July 8, 2006

  23. I pulled up your web site, but I could not find any evidence of that other JavaScript code. What are you talking about?

    Comment by Michael Hampton | July 8, 2006

  24. Michael, there’s no mention of BB Blackhole here. Can you add a sentence or two on its status for those of us using it with BB 1.x?

    Comment by BillSaysThis | July 8, 2006

  25. Okay. Bad Behavior Blackhole is still running, though it’s hardly been looked at in a year or more. I plan to resurrect it in the near future, when I get some time. (And time is money, hint hint…)

    Comment by Michael Hampton | July 8, 2006

  26. Thank you so much for updating to version two!

    I installed this an hour after you posted the download. So far the plugin has blocked 103 attempts at the time of this writing. I checked the database table, and sure enough, there were practically waves upon waves of spam that akismet would of had to process, but never touched due to the fact that BB2 stopped it first. Now I know why my site has been running a bit slow last night…I got attacked with around 50 spam comments and all of them were caught by BB2.

    If I had some extra cash, I would be happy to donate, but all I can offer is maybe perhaps an artistic service, heh.

    Thank you so much for the time and effort you put into this.

    (BTW, I am running WordPress 2.0.3]

    Comment by Sara | July 8, 2006

  27. […] Highly recommend Bad Behavior 2 […]

    Pingback by » Added Bad Behavior 2 plugin | July 8, 2006

  28. I love it, it’s sooo easy to use! I use Spam Karma 2 already, and now this, I’m quite safe 😀


    Comment by TechZ | July 8, 2006

  29. Michael,
    Within 30 seconds of installing this latest version BB stopped a spammer from getting through. I can’t begin to tell you how much I appreciate all of the work that you have put into BB. I will certainly be making a donation and I sincerely encourage everyone who uses BB to send you a few dollars..Bad-Behaviour is a bargain at any price!

    Comment by Craig Hartel | July 8, 2006

  30. […] Also works with WP-cache and Expression Engine now. Find all the details here. Published by Franky 0 minutes ago in geek, wordpress, plug-ins, EE, quickies a la g33k. Tags: bad behavior, EE, expression engine, geek, plug ins, quickies a la g33k, spam, wordpress, wp, wp cache. […]

    Pingback by bad-behavior-2 : advanced spam fighting plug-in at Am I Famous Now? | July 8, 2006

  31. […] Spam karma v2 + Bad Behaviour […]

    Pingback by Fight Spam On Wordpress at Ah Knight’s Blog | July 9, 2006

  32. […] New in this release (since 2.0.0): […]

    Pingback by Lunacy Unleashed » Blog Archive » Bad Behavior 2.0.1 | July 9, 2006

  33. […] The latest incarnation of the great WordPress plugin, Bad Behavior, has been released. It’s greatly improved over the previous generation of the plugin and is a highly recommended upgrade. I’ve been using the alphas and betas for quite some time and it’s been working great. 🙂 […]

    Pingback by » Blog Archive » Bad Behavior 2 Released | July 9, 2006

  34. […] You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. Leave a Reply What’s a blog without spam: the bulky and considerableWordpress Spam-be-gone plugin! Please enable javascript and reload this page to add your comment. […]

    Pingback by Webindex - Blog de Tecnología, OpenSource, Herramientas, Linux, Podcast » WordPress libre de Spam | July 10, 2006

  35. […] I see Michael Hampton has released the latest version of his Bad Behaviour plug-in for WordPress. Bad Behaviour is a plugin for: blocking malicious activity, including blog/wiki spam, e-mail address harvesting, automated cracking attempts, and more. It does all of this looking only at the HTTP request headers; for POST data, the content of the spam is not analyzed at all […]

    Pingback by Tom Raftery is on Bad Behaviour! » at Tom Raftery’s I.T. views | July 10, 2006

  36. […] Check out all the details at […]

    Pingback by   WordPress Plugin: Bad Behavior 2 by Blogging Pro | July 10, 2006

  37. […] Bad Behavior: This one I just downloaded and installed today both here and on the Cruise Planners site.  It’s supposed to look at all the incoming traffic to a blog and stop things like scraping the blog for e-mail addresses and other “bad blog visiting behavior.”  You can check it out here. […]

    Pingback by Aimless Wandering » Blog Archive » Cool and Useful Wordpress Plug-Ins | July 10, 2006

  38. […] Bila dah pasang theme baru ni, memacam ler kene ubah, bilangan page dikurangkan (aku rasa banyak2 page ni cam nyemak ler plak), dan ader certain plugin diperlukan untuk menyerlahkan lagi penampilan theme ni. Dan tak lupa juga plugin version baru diinstall utk menggantikan plugin version lama, misalnya plugin Bad Behavior version 2.0 yang telah release baru2 ni, dan juga penggunaan “Recent Comments Plugin” daripada Brian utk menggantikan plugin recent comments lamer aku. Haiii banyak lagi nak kene buat ni, gravatar aku pon tak jalan…ntah aper sengal, dan shadow hack aku pon takleh implement, nanti gambo jadi “kecut” laks, nnt aku try tanyer ejon camner pasal dier pon pakai k2 gak, cedok shadow hack dari dier ler…itupon kalu dier pakai… […]

    Pingback by k2 now!!! at | July 11, 2006

  39. […] Lunacy Unleashed: Bad Behavior 2 […]

    Pingback by Beta Alfa 2.0 » Dåligt beteende 2.0 | July 11, 2006

  40. […] Lunacy Unleashed – Bad behavior 2 […]

    Pingback by Suburbia » Bad Behavior 2 (2.0.1) | July 11, 2006

  41. […] We have been getting a lot of comment spam here recently. So I have just installed spam-karma and bad behaviour. Spam karma should deal with the comment spammers and bad behaviour should stop “at identifying and blocking malicious activity, including blog/wiki spam, e-mail address harvesting, automated cracking attempts, and more” […]

    Pingback by Advanced Technology Products Interactive » Blog Archive » Installed some spam catchers | July 11, 2006

  42. […] Lunacy Unleashed » Blog Archive » Bad Behavior 2 (Tags: plugins wordpress) Social Bookmarking:These icons link to social bookmarking sites where readers can share and discover new web pages. […]

    Pingback by .. | July 11, 2006

  43. […] The second version of one of the more popular wordpress plugins, Bad Behaviour, has been recently released. […]

    Pingback by Kill Malicious Traffic With Bad Behaviour Plugin « | July 11, 2006

  44. Are you blocking the entire RIPE network?

    I can’t download the plug-in. (Error 400) RIPE is _all_ over Europe…. millions of legit users.

    Comment by Computer Guru | July 12, 2006

  45. Le podcast de WordPress

    Voila une news qui va faire plaisir a Matthieu. Je viens en effet d’apprendre de la part de Matt Mullenweg qu’un podcast en anglais enregistre par des utilisateurs etait disponible pour faire le point sur…

    Trackback by Oh My Pod! Le blog des actualites du podcast | July 12, 2006

  46. Computer Guru: What are you talking about? Try READING the page which came up when you were blocked. It’s clear you can speak English, so I hope that’s not going to be a problem for you.

    Comment by Michael Hampton | July 12, 2006

  47. Any word on if this will be coming to IPB forums soon? I’ve been seeing a lot of IPB forums getting hit with spam pretty bad.

    Comment by Tarun | July 12, 2006

  48. Sorry, I omitted one thing. I’ve worked with a webmaster to try and get Bad Behavior 2 working on his site and forums, the problem is that whenever someone uses the reply or add post/topic buttons, it sends them to the index. This happens when it’s set to use the generic BB2 from the functions.php file.

    Comment by Tarun | July 12, 2006

  49. […] Bad Behavior 2 released. […]

    Pingback by WordPress has a podcast -- Technology, Macs, the Internet and other matters. | July 14, 2006

  50. Sorry, but I don’t know where to ask and it seems that the “gods” are here! 😉

    Anyone knows what this one is?

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; SIMBAR Enabled; .NET CLR 1.1.4322)

    Seems to be a new one?! This one tried to paste Spam into one of our forums.

    Kind regards, Thomas

    Comment by Thomas | July 17, 2006

  51. The User-Agent is pretty much irrelevant. If you can send me a bad_behavior log entry, I can look into it further.

    Comment by Michael Hampton | July 17, 2006

  52. […] Da un paio di giorni su questo blog è attivo Bad behavior come soluzione al problema dello spam tramite trackback fasulli. […]

    Pingback by …time is what you make of it… » Archivio del blog » Wordpress plugin: Bad behavior | July 21, 2006

  53. […] Lunacy Unleashed » Blog Archive » Bad Behavior 2 Plugin para WordPress para banear y controlar usuarios malvados y trolles (tags: wordpress plugin plugins blog ban troll) […]

    Pingback by newdisco » links for 2006-07-22 | July 22, 2006

  54. The current version 2.0.3 is the BEST release ever! Thanks Dude. I have not a single spammer coming through since weeks! Great job man! Thanks! J.

    Comment by J | July 27, 2006

  55. […] The second is Michael Hampton’s recently updated Bad Behavior 2 (current version: 2.0.4). (I upgraded from 1.2 yesterday and it’s working like a charm.) Hampton works crazy-hard on this plugin and there’s nothing else like it out there. […]

    Pingback by Dead Reckoning » Archive » WordPress Announcements | July 29, 2006

  56. […] I have installed Bad Behavior, a plugin for WordPress that attempts to block roving gangs of spambots before they even get a chance to post. I’ve heard some pretty good things about this plugin, but there’s always a chance it will take a dislike to my site and attempt to wreak havoc. With any luck it’ll play nice. « Prev Archives […]

    Pingback by Standing on the Necks of Giants » Blog Archive » Bad Behavior | July 30, 2006

  57. […] I have been getting an unusual amount of spam today. I run both Bad Behavior 2 and Akismet, but it doesn’t look like Bad Behavior is blocking anything. Fortunately Akismet has been catching everything before it goes up. I am going to step Bad Behavior up to “strict mode” but I want to know if it blocks any non-spam comments. Everyone please leave a comment on this thread so I know its letting you guys through. If it blocks any new visitors (who have never commented before), send me an IM (click the contact tab) and tell me what happened. […]

    Pingback by Justin Dohrmann // » Bad Behavior | August 2, 2006

  58. […] Well, we have added another layer to the defenses. I brought Bad Behavior back. We’ll see how this works… […]

    Pingback by The Roost » Blog Archive » Hosting problems… | August 10, 2006

  59. I’ve been using Bad Behavior for months now with great results. I run it in generic mode to block spam from a guestbook. I installed 2.0.5 about a week ago and now some spammers are getting through 😦

    Has anyone ported generic to work with MySQL/Apache? I know enough php/mysql to be dangerous but can’t quite figure it out.

    Comment by CoralSea | August 11, 2006

  60. I think you missed some error in your latest BB 2.0.5. In bad-behavior-generic.php line 84 you put in an extra ” in the return statement. 😉

    Comment by eyn | August 17, 2006

  61. WordPress Bad Behavior 2

    Hace un par de meses fue lanzada la versión 2 de Bad Behavior y hace dos semanas la versión 2.0.5.

    Bad Behavior es un plugin muy rápido (milesimas de segundo por cada página vista) que busca comportamiento sospechoso en las cabeceras HTTP y bloque…

    Trackback by SigT | August 23, 2006

  62. […] I forgot to mention, there’ve been 4 spam comments lately, totally yuck. So I decided to install Bad Behavior which is some sort of spam filter I suppose. If anyone posts a comment and it doesn’t show up, please email me (mim at this domain) and let me know cos I’ll try something else then. Thanks! […]

    Pingback by Blog Spam | nothing edifying | August 25, 2006

  63. […] Bad Behavior stops spam and suspicious looking bots before WordPress is even ‘touched’, saving precious CPU cycles and db queries. […]

    Pingback by Sam Devol :: WordPress Tools and Resources | August 25, 2006

  64. […] I just downloaded and activated Bad Behavior 2 and am testing it. […]

    Pingback by » Akismet Down? | August 27, 2006

  65. […] Bad Behavior, conceived in 2005 as a fingerprinting method for HTTP requests, has proven “shockingly effective” at identifying and blocking the kind of attacks described above. […]

    Pingback by Bad Behavior at Online Diary | August 28, 2006

  66. […] Bad Behavior 2 released. […]

    Pingback by WordPress Visual QuickStart Guide » WordPress has a podcast | September 15, 2006

  67. […] Personalmente utilizzo da un po’ di tempo questa collezione di script e devo dire che mi son sempre trovato bene, buon filtro e pochi errori nel riconoscere accessi indesiderati alle pagine web. Dopo un parto durato parecchio tempo, lo scorso Luglio è stata rilasciata la versione 2.0 che pare funzioni veramente bene. […]

    Pingback by Brivio Stefano personal Blog » Blog Archive » Bad Behavior | October 1, 2006

  68. […] Bad Behavior (link) […]

    Pingback by PlagiarismToday » Five Essential Wordpress Content Protection Plugins | October 9, 2006

Sorry, the comment form is closed at this time.

%d bloggers like this: