Lunacy Unleashed

Notes from the field in the War on Spam

Bad Behavior 2.0.3

Make a Donation.

Before I get into the release announcement, I just want to ask all of you to send me money so I can buy a T-shirt here at the HOPE conference. Oh, and eat too. NYC has drained my wallet to just about empty. Thanks!

Bad Behavior 2.0.3 has been released to provide additional protection from certain Ukrainian spammers and to prevent certain users from being blocked inappropriately.

New in this release (since 2.0.2):

  • A check has been added for a high-volume Ukrainian spammer who can generate 500,000 spams per day (and quite possibly much more).
  • A blacklist entry has been relaxed in order to prevent inappropriate blocking of a few rare legitimate users and bots.

Download Bad Behavior now!

As always, if you find Bad Behavior valuable, please consider making a financial contribution. I develop Bad Behavior in my spare time, and every little bit means I have more spare time to devote to its development.

And don’t forget to subscribe to the RSS feed or the mailing list. (They’re the same content.)

July 23, 2006 - Posted by | Bad Behavior, Blog Spam, ExpressionEngine, MediaWiki, Spam, WordPress


  1. […] Bad Behavior 2.0.3 has been released, primarily to provide additional protection from certain spammers and adjustments to the blacklisting. […]

    Pingback by Bloggers Buzz | July 23, 2006

  2. […] Michael released Bad Behavior v2.0.3. […]

    Pingback by | Blogroll Dive: 7/24/06 | July 24, 2006

  3. I’ve seen some spams getting through recently even after installing BB 2.0.3. They will do a GET followed by a POST right away. Funny thing is, from the access log, the POST gets a 403 but still gets into WordPress comments. I don’t think the 403 is from BB since there’s not entry in BB log from the IP. But I can’t figure out how it gets the 403. Maybe it’s WordPress (2.0.3 with the tune up plug-in). I don’t have the verbose log but I can provide Apache log if that helps.

    Comment by Stephen Chu | July 24, 2006

  4. FWIW, I’m running Expression Engine 1.4.2 with BB as a plug-in. BB 2.0.2 works fine, but BB 2.0.3 throws this error whenever someone tries to post a comment —


    Error Number: 1064

    Description: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ‘WHERE (`ip` = ‘’ OR `ip` = ‘1’) AND `user_agent`

    Query: SELECT COUNT(*) FROM WHERE (`ip` = ‘’ OR `ip` = ‘1’) AND `user_agent` = ” AND `date` > DATE_SUB(‘2006-07-27 02:16:23’, INTERVAL 1 MINUTE)

    This is using PHP 4.4.1 and MySQL 4.0.16.

    Also, in the db the ‘key’ field is *always* ‘00000000’ and the exp_bad_behavior table gets to be *very* large (as in 15+mb) fairly rapidly and doesn’t seem to trim itself at all. The former issue doesn’t matter much as I don’t know what the ‘key’ field is for anyway, and I suspect the latter issue may be an Expression Engine Issue — for now I’m just clearing out the table periodically.

    Comment by Myria | July 27, 2006

  5. Myria, you can turn off verbose mode if you don’t want logging of every request. If you HAVE it off, and they’re still getting logged, you should bug Paul about this.

    As for clearing out the table, this is done automatically by the housekeeping code — but the housekeeping code only runs on a blocked request. So if you’re not seeing very much bad behavior, this may not happen very often. Bad Behavior trims the logs to the last 7 days of activity.

    The SQL error will be fixed in the next release.

    Comment by Michael Hampton | July 27, 2006

  6. Michael —

    The verbose problem apparently stemmed from the EE plug-in requiring that the settings be explicitely saved in EE or default to ‘on’. Even though the extension page showed verbose as off, it was actually on. Hitting ‘save settings’, despite not having changed them, seemed to fix the issue.

    As for the next version fixing the MySQL probem, unfortunately 2.0.4 introduces a new issue. Any attempt to post a comment causes a “Rotating user-agents detected” (799165c2) error 😦

    Comment by Myria | August 2, 2006

Sorry, the comment form is closed at this time.

%d bloggers like this: