Posted on: 09/11/06 10:38pm
By: Anonymous (Flagg)
i upgraded to the newest release last night, then installed bad behavior. i deleted the newest round of spammer/users from the users list... far as i can see, bad behavior is installed correctly... HOWEVER... new spammer-users are present within the list... how do I teach bad behavior about this spammer? I see no configuration for bad behavior... when i look at it as admin, nothing is listed and there's absolutely no configuration buttons or anything else... i just assumed, when it noted a bad IP address, it would do things automagically or give me the buttons then... as it stands, even if i knew of a bad IP, i couldn't add it to a list... am I missing something? is it broken or what?
/CF
bad behavior
Posted on: 09/12/06 02:02am
By: Dirk
Did you remember to add that extra line to lib-common.php?
bye, Dirk
bad behavior
Posted on: 09/12/06 06:56am
By: Anonymous (Flagg)
yep. made sure of it.
/CF
bad behavior
Posted on: 09/12/06 07:06am
By: Anonymous (Flagg)
what does bad behavior look at? the logfile or realtime when someone is visting the site? if logfile... what logfile name does it look for? is there a configuration file I need to edit?
/CF
bad behavior
Posted on: 09/12/06 01:22pm
By: Dirk
It should be pointed out that Bad Behavior mainly does two things: It blocks invalid / incorrect requests and it blocks certain well-known spamming tools (and other bad bots, e.g. email harvesters).
It's perfectly possible that the bot you're seeing is new and not known to Bad Behavior yet. And as long as it sends proper HTTP requests, Bad Behavior will just let it through. That's why it's a good idea to have some other tools in place as well.
Also, the Bad Behavior plugin for Geeklog is based on Bad Behavior 1.2.4, while the current version is 2.0.6. That is a complete rewrite and I haven't had the time to look into it and make a Geeklog plugin based on that version.
If you want to block specific IP addresses, you can do that in a .htaccess or using the Ban plugin. There are also modules for Spam-X that add spammers to the Ban list or report them to Bad Behavior.
To summarize: There's no single "silver bullet" against spam. Some tools will block some spam, others will block other sorts of spam.
We have a wiki page,
Dealing with Spam[*1] , with further information and links that you may want to read.
bye, Dirk
bad behavior
Posted on: 09/12/06 01:29pm
By: Anonymous (Flagg)
one other question while I have your attention...
When looking at my httpd logfile, what should I be looking for when it comes to new account creation? I've played around with it a bit and found a couple items, such as mode=new.... in order to track down the IP address that creates these new accounts, I need to know what to look for and haven't as yet found it.
i think it would be wonderful if the powers-that-be would add a line in the next geeklog release or possibly a hot-fix/hack that would add the last known IP address to access an account or the IP address that created the account to the Users page.
/CF
bad behavior
Posted on: 09/12/06 02:41pm
By: Dirk
[QUOTE BY= Flagg] When looking at my httpd logfile, what should I be looking for when it comes to new account creation?[/QUOTE]
A real new user would first use the .../users.php?mode=new URL, then do a POST /users.php. Also check what else is requested from the same IP address - bots don't load images or stylesheets, for example.
You have to keep in mind, though, that you can't tell from a POST /users.php whether they signed up for a new account or logged in with that request. You would have the check the context of that request to find out.
HTH
bye, Dirk