Lunacy Unleashed

Notes from the field in the War on Spam

Bad Behavior 2 for ExpressionEngine

Paul Burdick of pMachine has managed to put out a port of Bad Behavior 2 for ExpressionEngine in the record time of “an hour this afternoon,” he wrote on the EE forums Thursday.

I took a quick look through the extension and to my eye it looks good. I haven’t tested it myself, but the early results on the forum suggest that it works OK.

Check out the EE forum thread for more info and to download the extension.

Please note these special installation instructions:

You need BOTH the bad_behavior extension from EE AND the standard Bad Behavior download.

To install it: Unpack the stock Bad Behavior download, and you’ll find a Bad-Behavior folder. Inside THAT folder is a bad-behavior folder. Upload ONLY the bad-behavior folder from the stock download, along with the ext.bad_behavior.php from the EE download, to your EE ./system/extensions folder. Then upload the lang.bad_behavior.php file to your EE ./system/language/english folder.

You can then activate and configure Bad Behavior from the Extensions Manager. The ‘strict’ and ‘verbose’ settings should work as for the other ports. I don’t know if the ‘display_stats’ setting has been implemented; I think on EE it probably requires a template change at least…

Thanks, Paul!


July 7, 2006 - Posted by | Bad Behavior, Blog Spam, ExpressionEngine, Spam


  1. Hm, for some reason I can’t leave a reply on the EE forum…

    Comment by Michael Hampton | July 7, 2006

  2. I reported the following in the mentioned thread and Paul said it’s a BB bug.

    I got the following error message (on a blank page) after I submitted a comment to a blog (using the default installed template group).
    But the comment was successfully posted.
    The same happens with Firefox and Safari 2.0.4, being logged in or not.
    The issue seems cookie related – Control Panel Session & User Session Type are set to Cookies only.
    Both browsers are set to accept cookies.
    The extension’s settings are the default one.
    EE build is 20060620.
    BB version 2.0.1

    Notice: Undefined variable: screener in /home/web/ee/system/extensions/bad-behavior/ on line 32
    Notice: Undefined variable: screener2 in /home/web/ee/system/extensions/bad-behavior/ on line 32
    Warning: Cannot modify header information – headers already sent by (output started at /home/web/ee/system/extensions/bad-behavior/ in /home/web/ee/system/extensions/bad-behavior/ on line 8
    Warning: Cannot modify header information – headers already sent by (output started at /home/web/ee/system/extensions/bad-behavior/ in /home/web/ee/system/core/core.functions.php on line 651
    Warning: Cannot modify header information – headers already sent by (output started at /home/web/ee/system/extensions/bad-behavior/ in /home/web/ee/system/core/core.functions.php on line 293

    Comment by Sim | July 11, 2006

  3. Hm, there is a bug in that section of code, but even after I fix it, PHP will still be too verbose and print out all sorts of annoying stuff. You should notify the blog in question of this problem.

    Comment by Michael Hampton | July 11, 2006

  4. The blog in question is the one that I’m developing locally, sorry for unclarity.
    How to get rid of the message ?

    Comment by Sim | July 11, 2006

  5. Hm, you want the display_errors setting in php.ini. It should be switched off for production sites.

    Comment by Michael Hampton | July 11, 2006

  6. erm ok, but how about live sites ? – That is what I meant.

    Comment by Sim | July 11, 2006

  7. I won’t be able to acces php.ini on the production (live) site because it will be on shared hosting service.
    Am I the only one concerned by those errors ?

    Comment by Sim | July 11, 2006

  8. It should already be turned off at the live site; if it isn’t, then the host is not worth your money. (Any PHP script can re-enable it if needed for debugging a script, though.)

    Comment by Michael Hampton | July 12, 2006

  9. hm so I’ll have to make use of error_reporting()
    I develop locally and do live testing.
    I checked the host’s php.ini, and display_errors is set ON.
    But the host is Swiss and well known for its serious.
    Why do you say that it isn’t worth money ?
    I find it wise to allow error reporting by default.

    Could I have the updated version of BB where you fixed the bug ?

    Comment by Sim | July 12, 2006

  10. Your host should not have display_errors set ON because the PHP developers say so:

    This is a feature to support your development and should never be used on production systems (e.g. systems connected to the internet).

    C’est une directive nécessaire en développement mais qui ne doit jamais être utilisée sur un système en production. (e.g. systèmes connectés à Internet). (fr)

    Errors on production systems should be logged, and the extremely verbose PHP notices should never be displayed to users.

    Comment by Michael Hampton | July 12, 2006

  11. Oh, and the bug is in code that isn’t currently used. 🙂 The fix will be out in the next release, but the code still won’t be used. 🙂

    Comment by Michael Hampton | July 12, 2006

  12. I added this line:

    Error_Reporting(E_ALL & ~E_NOTICE);

    in and and that solved the problem.

    Comment by sigork | July 13, 2006

  13. The extension does include the “display” but there is an easy way to get to the information in ExpressionEngine. EE includes a utility that allows you to see the database from the Control Panel. Just go to Admin –> Utilities –> SQL Manager and look at Bad Behavior’s table to see what the BB has caught.

    Comment by leslie | July 13, 2006

  14. Wow BB uses a lot of space, already 900KB and I’m the only user.
    Is it normal that all dates are 0000-00-00 00:00:00 and all keys 00000000 ?

    Comment by Sim | July 20, 2006

  15. No, that’s not normal. Sounds like something is broken. Contact Paul first on the EE forum.

    Comment by Michael Hampton | July 20, 2006

Sorry, the comment form is closed at this time.

%d bloggers like this: