Lunacy Unleashed

Notes from the field in the War on Spam

Bad Behavior: Your first line of defense

In the two days or so since I released Bad Behavior 2, it’s been downloaded 267 times. That’s 267 (or more) people enjoying the peace of mind that comes from knowing that web spam doesn’t have to be a nightmare. If you’re reading this, you are probably one of them. Congratulations!

Since I have a lot of new subscribers lately, this seemed like a good time to talk about what Bad Behavior is, what it isn’t, and how it fits into an overall spam prevention strategy.

First and foremost, Bad Behavior is an open source project developed by a stressed and overworked guy (me) with a high profile blog (Homeland Stupidity) in my limited spare time between finding people who want code written for cash and writing that code. If you’ve been around a while, then you know Bad Behavior 2 was delayed for months for just this reason, and was released without all of the planned features.

So the project relies on contributions from its users to allow me to devote more time to Bad Behavior, rather than the other projects which usually pay the bills. Tens of thousands of people use Bad Behavior now, but the number of people who have contributed financially over its lifetime is fewer than 100. (If you’re one of them, you can skip the next section.)

For those of you who have used Bad Behavior and enjoyed not having ads for Viagra, poker, forex, and gawd knows what else for all this time, you should first upgrade to Bad Behavior 2 to get the additional protections it provides. Then by way of saying thanks, buy me a beer. 🙂 Okay, you can’t do that online, so consider dropping off $5.00 or £3.00 or €4,25 instead. Or if you feel it’s really worth it, you can contribute more from the sidebar.

Your contributions will allow me to devote more time to further development of Bad Behavior. This is sorely needed because, despite the best efforts of the brightest minds on the Internet, spam isn’t going away anytime soon. (We just haven’t figured out how to deliver electric shock over the Internet yet.) This will allow me to spend time on solving your spam problem so you don’t have to.

Bad Behavior is completely different from any other anti-spam solution out there, in that it doesn’t specifically target spam itself. Rather, it targets the methods by which the spam is delivered. Until I released the first version last year, this approach had never been tried. It proved very effective at stopping a lot of malicious activity, not just spam: It also blocks many email address harvesters, meaning less e-mail spam, and some types of automated cracking attempts, improving your server’s security.

While a somewhat similar solution called mod_security exists, it has a rather different purpose, doesn’t target spam, and regular people can’t install mod_security on their shared web hosting accounts. Bad Behavior blocks spam as well as other malicious activity and can be installed by anyone (except GoDaddy customers).

On some high traffic sites, or those specifically targeted by spammers, the traffic from these spam attacks can be so excessive as to exceed your account’s bandwidth limits, or overload the server, and cause your account to be suspended. Bad Behavior helps to prevent both of these situations by blocking malicious activity as soon as possible, before either bandwidth or CPU are expended on a request which will turn out to be bogus.

But because Bad Behavior intends to block no legitimate users whatsoever, it must necessarily let some things pass. Consider it your first line of defense, and back it up with a secondary line of defense in the form of a more traditional anti-spam tool for your platform. For WordPress, this can include Akismet or Spam Karma 2.

You absolutely should use both, as what will happen if you use only the secondary line of defense is that your administrative screen will rapidly fill with so much spam that you won’t be able to find and recover the occasional legitimate comment that those tools block. By blocking most spammers before you ever see it, the amount of garbage you have to sift through to find legitimate comments, or the number of edits you have to revert on your wiki, is greatly reduced.

In this way Bad Behavior saves you time and frustration. And this is why I think you should continue to support it: it gives you peace of mind by turning spam from a colossal nightmare into, well, not much at all.


July 7, 2006 - Posted by | Bad Behavior, Blog Spam, Spam, WordPress


  1. Working nicely for me. Thought you’d like to know that IE7’s Phishing Filter has started flagging this page as a “suspicious website”. Probably the references to performance enhancing substances 😉

    I filled in the feedback thingy telling them that I think it’s a legitimate site.

    Comment by Les | July 7, 2006

  2. IE7 seems to do that on occasion. I have no idea why. And I don’t even think it has anything to do with Cialis, Levitra or the like. It’s done it to me on other sites which make no mention of those substances. 🙂

    Comment by Michael Hampton | July 7, 2006

  3. Hey Michael,

    Congrats on the release. My internet has been down for quite some number of days. Gonna go get my hands on BB2 now.

    Comment by Ajay | July 7, 2006

  4. I used Spam Karma 2 a long time because it worked very well. Then switched over to Bad Behavior 2. Bad Behavior 2 couldn’t elimate all the spam. Now I’m using both as you recomended and everything works like a charm. i really appreciate your work.

    Comment by Christian | July 7, 2006

  5. Thanks for the heads up on Spam Karma 2. Along with Bad Behavior it makes a great solution…


    Comment by Stevious | July 7, 2006

  6. Using this combined with Akismet and nothing gets through.

    I love it!

    Comment by Chris G. | July 8, 2006

  7. Same here, you RULE! As formaking donations,… I’d like to buy you a beer, but PayPal is just too much for a mere student like me. Just mail me and give me an account number. I’ll transfer you a beer…

    Comment by Citizen Kane | July 9, 2006

  8. I tried that. Unfortunately, the beer clogs up the fiber-optic cables and makes a complete mess… for some reason, Euros flow through just fine though. 🙂

    Comment by Michael Hampton | July 9, 2006

Sorry, the comment form is closed at this time.

%d bloggers like this: