Posted on: 05/26/05 05:04am
By: Dirk
Bad Behavior[*1] is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however.
(quoted from the author's homepage)
I wrote a
Geeklog wrapper for Michael Hampton's Bad Behavior plugin for WordPress. The difference to the
hack[*3] I provided earlier is that this plugin now logs the blocked requests and provides you with an interface to review them.
Happy blocking ...
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 05/28/05 12:06am
By: Anonymous (IO ERROR)
Dirk, you've done it again! I hope you don't mind if I go ahead and integrate your work into the next release of Bad Behavior.
Bad Behavior plugin for Geeklog
Posted on: 05/28/05 05:12am
By: Dirk
Michael released a
security update[*4] for Bad Behavior. I've updated the
Geeklog plugin accordingly (upgrading instructions are included).
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 05/28/05 12:02pm
By: Dirk
[QUOTE BY= IO ERROR] I hope you don't mind if I go ahead and integrate your work into the next release of Bad Behavior. [/QUOTE]
Feel free ...
Actually, I sent you an email. Did you not get it or did my spam filter eat the reply?
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 05/28/05 04:02pm
By: ScurvyDawg
I get an error upon trying to open the archive Dirk.
End-of-central-directory signature not found. Either this file is not a Zip file, or it constitutes one disk of a multi-part Zip file.
I have used Zip to unpack many tar.gz files in the past. What do you reccomend for a windows machine if it is a valid archive?
Bad Behavior plugin for Geeklog
Posted on: 05/28/05 04:15pm
By: Dirk
Ouch, I just realised that I'd uploaded the wrong version anyway - it did not include the updated Bad Behavior files
Please download the file yet again. It should be 28115 bytes now. And unpacks on the server just fine ...
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 05/28/05 04:17pm
By: ScurvyDawg
LOL
Thanks Dirk
You the man
Bad Behavior plugin for Geeklog
Posted on: 06/13/05 05:03pm
By: Dirk
Here's a small patch to make it display the number of logfile entries after its entry in the Admin's block (where it only says "(N/A)" at the moment):
function plugin_getadminoption_bad_behavior ()
{
global $_CONF, $LANG_BAD_BEHAVIOR, $wp_bb_log;
if (SEC_inGroup ('Bad Behavior Admin')) {
return array ($LANG_BAD_BEHAVIOR['plugin_display_name'],
$_CONF['site_admin_url'] . '/plugins/'
. BAD_BEHAVIOR_PLUGIN . '/index.php',
DB_count ($wp_bb_log));
}
}
This is a replacement for the function of the same name in the plugin's functions.inc file.
Also, please not that Bad Behavior deletes logfile entries older than 7 days automatically.
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 06/13/05 05:52pm
By: ScurvyDawg
does this download work for everyone else?
I cannot get it for some odd reason. I get an invalid archive. Would someone who can get it unpack it and email me the files to scurvydawgATgmail.com I would owe you one.
Thanks for everything.
Bad Behavior plugin for Geeklog
Posted on: 06/13/05 06:02pm
By: Anonymous (mach)
got it, repacked it, sent it
Bad Behavior plugin for Geeklog
Posted on: 06/13/05 07:09pm
By: ScurvyDawg
[QUOTE BY= mach] got it, repacked it, sent it[/QUOTE]
Thank you thank you thank you thank you thank you.
Bad Behavior plugin for Geeklog
Posted on: 06/15/05 02:16pm
By: Dirk
I've updated
the plugin now to sync it with the release of
Bad Behavior 1.1.1[*5] . It also includes the patch described above.
Looking at what it catched on my
site[*6] , it really seems to help against spam - some of the blocked requests were most likely from our
Bulgarian[*7] friends. Not to mention the occasional bot it stops in its tracks ...
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 06/15/05 02:25pm
By: ScurvyDawg
FYI - Will not open in Winzip
Fantastic AMAZING awesome plugin though
Bad Behavior plugin for Geeklog
Posted on: 06/19/05 04:34pm
By: Dirk
Bad Behavior plugin for Geeklog
Posted on: 06/19/05 08:17pm
By: ScurvyDawg
Fine force me to get yet another unpacking utility. I will get WinRar as this refuses to open in WinZip.
Dirk why the animosity towards WinZip friendly files?
Bad Behavior plugin for Geeklog
Posted on: 06/20/05 12:55am
By: r_f_o_t
[QUOTE BY= ScurvyDawg]Dirk why the animosity towards WinZip friendly files?[/QUOTE]
You could also look at it as WinZip's animosity towards gzipped files. (Or is it tarred files that throws WZ)
Other Windows utilities can unpack them properly. Just a random thought.
Chuck
Bad Behavior plugin for Geeklog
Posted on: 06/20/05 09:21am
By: ScurvyDawg
[QUOTE BY= r_f_o_t] [QUOTE BY= ScurvyDawg]Dirk why the animosity towards WinZip friendly files?[/QUOTE]
You could also look at it as WinZip's animosity towards gzipped files. (Or is it tarred files that throws WZ)
Other Windows utilities can unpack them properly. Just a random thought.
Chuck[/QUOTE]
Good point Chuck
Bad Behavior plugin for Geeklog
Posted on: 06/20/05 09:48am
By: DTrumbower
[QUOTE BY= ScurvyDawg] Fine force me to get yet another unpacking utility. I will get WinRar as this refuses to open in WinZip.
Dirk why the animosity towards WinZip friendly files?[/QUOTE]
I've never had a problem with WinZip. It uncompressed fine for me.
What version are you using?
Bad Behavior plugin for Geeklog
Posted on: 06/20/05 01:49pm
By: ScurvyDawg
8.1.SR1
I am at work and thats what we have installed. Most likely I have the same ver at home.
How about you?
Bad Behavior plugin for Geeklog
Posted on: 06/20/05 04:26pm
By: DTrumbower
[QUOTE BY= ScurvyDawg] 8.1.SR1
How about you?[/QUOTE]
9.0 sr-1. But I'm sure I had a version 8 work too, unless version 9 has been out for two years.
Bad Behavior plugin for Geeklog
Posted on: 07/02/05 01:01pm
By: Dirk
Bad Behavior plugin for Geeklog
Posted on: 07/09/05 06:07am
By: Dirk
Bad Behavior 1.1.4[*10] is out, as is the
Geeklog plugin of the same name.
This release also addresses two bugs specific to the Geeklog plugin:
- Fresh installs often ended with an SQL error.
- The log only showed the first 50 entries (the "Google paging" at the end of the page was missing).
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 08/08/05 04:08pm
By: Dirk
Michael has released
Release Candidate 1[*11] of Bad Behavior 1.2. If you want to try it out, simply download it and copy the files over the ones that ship with version 1.1.4 of the Geeklog plugin (make sure to keep the bad-behavior-geeklog.php file).
I'll release a proper update when 1.2 goes final.
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 08/17/05 01:45pm
By: Dirk
Michael Hampton has released Bad Behavior 1.2. See
the announcement[*12] on his site for the details.
On the Geeklog side, I had to remove the "self test" feature, as Bad Behavior now keeps track of IP addresses that misbehaved. So after the self test, you would be blocked from your own site ... I'll try to come up with a solution in a future release.
Also new is the ability for members of the Bad Behavior Admin group to search through the Bad Behavior logs.
The Geeklog plugin is available for download
from here, as usual.
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 08/17/05 01:47pm
By: ScurvyDawg
Dirk you ROCK!!!
Bad Behavior plugin for Geeklog
Posted on: 08/18/05 02:25pm
By: Anonymous (Benta)
[QUOTE BY= Dirk] Michael Hampton has released Bad Behavior 1.2. See
the announcement[*12] on his site for the details.
On the Geeklog side, I had to remove the "self test" feature, as Bad Behavior now keeps track of IP addresses that misbehaved. So after the self test, you would be blocked from your own site ... I'll try to come up with a solution in a future release.
Also new is the ability for members of the Bad Behavior Admin group to search through the Bad Behavior logs.
The Geeklog plugin is available for download
from here, as usual.
bye, Dirk[/QUOTE]
A new one already? Sweet.
Anything one should think about when upgrading from 114? Do we need to uninstall the 114 and reinstall 1.2?
Thanks!
Bad Behavior plugin for Geeklog
Posted on: 08/18/05 02:36pm
By: Dirk
[QUOTE BY= Benta] Anything one should think about when upgrading from 114? Do we need to uninstall the 114 and reinstall 1.2?[/QUOTE]
You could try reading the included installation instructions ...
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 08/20/05 02:35pm
By: Dirk
If you experienced an SQL error in fresh installs, please download the plugin again.
The change is in public_html/bad-behavior-database.php and does not affect updates from earlier versions.
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 08/26/05 02:54pm
By: Dirk
Bad Behavior 1.2.1
is out[*13] , fixing a problem with the whitelist.
The Geeklog plugin is avaliable
here, as usual.
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 09/23/05 03:56pm
By: Dirk
Bad Behavior 1.2.2[*14] is out, and the Geeklog plugin of the same name is available
here.
Michael Hampton has replaced BB's automatic 48 hour block with a more dynamic approach. Sorry again to the few people who ran into this on geeklog.net ...
On the Geeklog side, the plugin now also lists the most common misbehaviors in the site's stats section (visible only to Bad Behavior Admins, of course).
Also new is a search option from the request details page. Often, you will find a note there saying "I know you and I don't like you, dirty spammer" which means that this request came from a repeat offender. But you didn't know why it was blocked in the first place. Now you can use the "search" option next to the IP address to get a list of previous entries for that IP address, the first of which will also list why that address was blocked.
And as a reminder: Bad Behavior links IP addresses to the Whois info from Tom Willet's
NetTools[*15] , if those are installed and enabled in config.php ($_CONF['ip_lookup']). This makes it easier to find out that that blocked GoogleBot was indeed fake, since it came from Russia ...
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 10/30/05 12:18pm
By: Dirk
I completely missed Michael's
announcement[*16] of Bad Behavior 1.2.3 a week ago. The
Geeklog plugin has now been updated to sync with that version.
I'd also like to point out Michael's helpful article
What to do when Bad Behavior blocks you (or your friends)[*17] in case you run into problems with this plugin.
Furthermore, there's an
experimental Bad Behavior module for Spam-X[*18] . So when Spam-X encounters a spam post, it reports the spammer's IP address to Bad Behavior which then blocks all further attempts. This may help in cases where you get a lot of spam from the same IP address.
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 12/02/05 05:01pm
By: Dirk
Michael Hampton has released
Bad Behavior 1.2.4[*19] . The updated Geeklog plugin is available
from the usual place[*2] .
On the Geeklog side, this version fixes a minor bug in the search function: When the query string was empty (e.g. when you where searching by author), the plugin returned all its entries. Empty search queries are now ignored unless you explicitly search for entries of type "Bad Behavior".
bye, Dirk
Bad Behavior plugin for Geeklog
Posted on: 10/14/06 11:42am
By: kirkmc
The doc says this works with GL 1.3.x, but I'm running 1.3.9 and I get a message, when trying to install, that I need a later version of GL.
I know, I should probably upgrade, but don't have the time, as this seems like a daunting procedure. In the mean time, you should probably correct the doc for the plugin.
Best,
Kirk
Bad Behavior plugin for Geeklog
Posted on: 10/14/06 12:00pm
By: Dirk
Okay, it's not too obvious, but the "1.3.10" that is part of the archive name is the minimum Geeklog version required for this plugin.
bye, Dirk
Re: Bad Behavior plugin for Geeklog
Posted on: 01/01/07 11:07am
By: Dirk
I've just uploaded a small
update[*20] to the Bad Behavior plugin for Geeklog. This update does not change anything in the actual blocking functionality but only in the Geeklog backend:
Changes
Bad Behavior 1.2.4-1 uses the exact same version of the WordPress plugin as
1.2.4, i.e. there were no changes as far as blocking spam bots and the like
are concerned. All the changes happened in the Geeklog backend.
- Now requires at least Geeklog 1.4.0
- Added an option to unblock an IP address (from the detail view).
- The overview of recently blocked requests now lists the reason instead of the
referrer. This should make it easier and more obvious to figure out why a
request was blocked (without having to click through to the details view).
- Fixed inconsistency in the search results page: Clicking on the IP address
will now actually do an IP lookup (if $_CONF['ip_lookup'] is enabled). To
see the details of a blocked request, you will now have to click on the date.
- Made the statistics blend in with the 1.4 design.
- Added instructions for the included Spam-X module.
I am fully aware that there's already a version 2 of Bad Behavior. That is, however, a complete rewrite of the original WordPress plugin and I haven't had the time to look into it.
bye, Dirk
Re: Bad Behavior plugin for Geeklog
Posted on: 01/04/07 12:46am
By: Anonymous (Jon Almada)
Got this error on installing the plugin to my 1.4.0sr5-1 site...
Plugin Compatibility Check Failed
This plugin requires a newer version of Geeklog. Either upgrade your copy of Geeklog or get a newer version of the plugin.
Any thoughts? I thought that 1.4.x sites ran with the new plugin...
Jon
Re: Bad Behavior plugin for Geeklog
Posted on: 01/04/07 03:31am
By: Dirk
The install script checks for the existence of function SEC_getGroupDropdown - which is only available as of Geeklog 1.4.1. Not sure why it does that, though, since Bad Behavior doesn't need that function.
You can remove that check from the plugin's install.php for now. I'll update the tarball later today. Sorry about that.
bye, Dirk
Re: Bad Behavior plugin for Geeklog
Posted on: 01/04/07 09:39pm
By: Anonymous (Jon Almada)
Dirk - I did as you said and it worked great! Many thanks! This plugin is really great and it already caught 47 headers before I ran the install of the plugin ;>
Take that bots!
Jon