Geeklog Forums

i upgraded to the newest release last night, then installed bad behavior. i deleted the newest round of spammer/users from the users list... far as i can see, bad behavior is installed correctly... HOWEVER... new spammer-users are present within the list... how do I teach bad behavior about this spammer? I see no configuration for bad behavior... when i look at it as admin, nothing is listed and there's absolutely no configuration buttons or anything else... i just assumed, when it noted a bad IP address, it would do things automagically or give me the buttons then... as it stands, even if i knew of a bad IP, i couldn't add it to a list... am I missing something? is it broken or what?


/CF

Did you remember to add that extra line to lib-common.php?

bye, Dirk

yep. made sure of it.



/CF

what does bad behavior look at? the logfile or realtime when someone is visting the site? if logfile... what logfile name does it look for? is there a configuration file I need to edit?



/CF

It should be pointed out that Bad Behavior mainly does two things: It blocks invalid / incorrect requests and it blocks certain well-known spamming tools (and other bad bots, e.g. email harvesters).

It's perfectly possible that the bot you're seeing is new and not known to Bad Behavior yet. And as long as it sends proper HTTP requests, Bad Behavior will just let it through. That's why it's a good idea to have some other tools in place as well.

Also, the Bad Behavior plugin for Geeklog is based on Bad Behavior 1.2.4, while the current version is 2.0.6. That is a complete rewrite and I haven't had the time to look into it and make a Geeklog plugin based on that version.

If you want to block specific IP addresses, you can do that in a .htaccess or using the Ban plugin. There are also modules for Spam-X that add spammers to the Ban list or report them to Bad Behavior.

To summarize: There's no single "silver bullet" against spam. Some tools will block some spam, others will block other sorts of spam.

We have a wiki page, Dealing with Spam, with further information and links that you may want to read.

bye, Dirk

one other question while I have your attention...

When looking at my httpd logfile, what should I be looking for when it comes to new account creation? I've played around with it a bit and found a couple items, such as mode=new.... in order to track down the IP address that creates these new accounts, I need to know what to look for and haven't as yet found it.

i think it would be wonderful if the powers-that-be would add a line in the next geeklog release or possibly a hot-fix/hack that would add the last known IP address to access an account or the IP address that created the account to the Users page.

/CF

A real new user would first use the .../users.php?mode=new URL, then do a POST /users.php. Also check what else is requested from the same IP address - bots don't load images or stylesheets, for example.

You have to keep in mind, though, that you can't tell from a POST /users.php whether they signed up for a new account or logged in with that request. You would have the check the context of that request to find out.

HTH

bye, Dirk