Lunacy Unleashed

Notes from the field in the War on Spam

Bad Behavior 2.0.6 Repackaged

I’ve rebuilt the Bad Behavior 2.0.6 package due to an error which causes users to be blocked in rare circumstances.

If you receive a user complaint that they were blocked, and when they click the “fix this yourself” link and are told they have a “Dynamic IP address,” or that they are not listed on any blacklists, then you are affected by this problem.

This problem occurs when the Web server has a search domain listed in the /etc/resolv.conf file, and the listed domain uses wildcard DNS. This is a very uncommon configuration, as the vast majority of sites either do not list any search domains, or list a domain which doesn’t use wildcard DNS.

Bad Behavior has been altered to bypass the search domain if it is listed, thereby solving the problem. Simply re-download Bad Behavior 2.0.6 to obtain the fix.


September 19, 2006 - Posted by | Bad Behavior


  1. I am using Movabletype and I wonder if anyone has made it workable with MT. I have the older version installed as I found a description on how to but I would very much like to be able to use the functionalit all the way and of course install the latest version.

    Comment by carina62 | September 19, 2006

  2. […] Bad Behavior 2.0.6 Repackaged Okay, let’s try this again. (tags: badbehavior spammers spam security wordpress plugins) […]

    Pingback by links for 2006-09-20 at [MacStansbury] | September 20, 2006

  3. 2.0.6 first release had severe issues for me: 4 real users blocked (only one had enough nerves to mail me the ticket code) and access to wordpress admin area impaired (php warnings or just a blank page. I hope this repackaging solves all this. Perhaps it would have been better to tag it 2.0.7 directly?

    Comment by blau | September 20, 2006

  4. This new filtering method has actually proven itself quite effective: it blocked myself from accessing any of the site admin functionality. I know, the IP my ISP is supplying me with is on 6 blacklists (6 over about 15 I checked), but nevertheless I still would like to access my own site. In my case the IP is dynamically assigned and I have no way to get it changed, considering that half of the IP in the range I am into are blacklisted as well. Maybe a way to insert a whithelist into the settings would help. for now I reversed to version 2.0.5, looking forwad to a better controll over the blacklisting capabilities on future versions. I appreciate your work though!

    Comment by Mauro Sacca' | September 20, 2006

  5. I use B-B in its generic flavour. Upgraded to 2.06 at 18:30, started blocking Russians via blacklist at 20:15. (They were trying to get at my guest book).
    Nice work [again] Michael, definitely worth the donation 🙂

    Comment by Steve | September 21, 2006

  6. Well, as Mauro pointed out, there are large user bases in Italy whose ISP does NAT. Quite easily they get blacklisted because of the usual spam/botnet problems. IP based blocking is, IMHO, prone to false positives.
    After downgrading to 2.0.5, I am testing 2.0.6 repackaged and up now it is working ok. In a few days I’ll load iyt on my main production site and see what my beloved readers say 🙂
    Anyway, BB is an important piece of sw: I could not rely on Akismet alone to weed out spam.

    Comment by blau | September 21, 2006

  7. Right now this is mainly a proof of concept. While it ignores most dynamic IP ranges, it probably isn’t going to be perfect, and for those who do have dynamic IP addresses and get blocked all the time, the best solution is to get a new ISP. 🙂

    I’m working on my own blacklist which takes this sort of thing into account and doesn’t keep a given IP blocked forever (one list I know of has dynamic addresses blocked because they once sent spam two or three years previously!).

    Unfortunately, I’ve had to spend most of my time on other things, because people haven’t been contributing to Bad Behavior development in the last few weeks. 😦

    Comment by Michael Hampton | September 21, 2006

Sorry, the comment form is closed at this time.

%d bloggers like this: