Bad Behavior 1.0
May 1st, 2005 by Michael Hampton
First of all, I want to say thank you to the many people all over who have tried out pre-release versions of Bad Behavior and contributed feedback, comments, praise and code. This project would not have gone nearly as smoothly without all of your assistance. Shortly I’ll be setting up a thanks page for the major contributors with inbound links to your sites.
Bad Behavior
The home page for Bad Behavior explains what it is and why you want to install it, but for those of you who haven’t been keeping up, here’s the summary:
Gone over your bandwidth quota this month? Had to upgrade your web hosting plan? Who’s visiting your site so much? It’s those pesky spambots. They suck down your web pages repeatedly looking for links to post blog spam to, and email addresses to send conventional spam to. And then they come back the next day for more.
Bad Behavior is a PHP-based solution for keeping unwanted blog, wiki, forum, guestbook and referrer spam away from your site. Initially developed on WordPress, its modular architecture allows it to be ported to virtually any PHP-based application, and so far it has been ported to one wiki (MediaWiki) and a port to a forum (Geeklog) is in progress.
Download Bad Behavior now! And contact me with any questions or comments.
Changes
Since Release Candidate 3, there have been only a few changes.
- An additional spambot was identified and banned.
- An otherwise harmless PHP Notice was suppressed.
- The user-agent was being logged in the request_uri field in the database. This has been fixed.
Thanks Again
Thanks again to everyone who has been involved with Bad Behavior! Now comes the fun part, adding new features. If you have an idea for a feature that Bad Behavior lacks, please let me know!
MacManX Says
I’m noticing the same thing as Carsten. I’ll send the log results in an email.
May 3rd, 2005 at 12:32 am
MacManX Says
Thanks for the quick response! ^_^
May 3rd, 2005 at 1:31 am
Carsten Says
Thanks for the great plugin – Since install, Spam Karma 2 has not had to send a single comment to hell. The only thing I noticed was since I installed 1.0, GoogleBot is being blocked?
From the log:
66.249.65.130
GET / HTTP/1.1
Accept-Encoding: gzip
Connection: Keep-alive
Host: http://www.subaquasternalrubs.com
User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
IP checks out as belonging to Google…
May 2nd, 2005 at 10:11 pm
Michael Hampton Says
MacManX, I received your log entries. This is completely new behavior on the part of Googlebot which doesn’t match its previous behavior. In fact, it hardly looks like Googlebot at all! My guess is Google rolled out a change to Googlebot or is doing some kind of experimentation. You should also be seeing many, many hits from Googlebot which are not getting blocked, as well.
The “normal” Googlebot contains an
Accept:header, whose contents can vary, and a headerFrom: googlebot(at)googlebot.com. I hope you don’t mind, but I’m going to send a copy of the headers from this weird incarnation of Googlebot to them so they can research it.From my end I’ll have a point release out shortly which whitelists Googlebot when it comes from Google’s registered IP netblock.
May 3rd, 2005 at 1:18 am
Carsten Says
Yeah, thanks
May 3rd, 2005 at 7:10 am
Michael Hampton Says
Carsten and MacManX: After researching this issue further, I’ve come to the preliminary conclusion that you might be looking at a spambot, rather than Googlebot. I’ve learned two things in the past couple of days which mean I have to postpone my plans to whitelist Googlebot and Google’s IP netblock.
First, it is possible to use Google’s Language Tools as a proxy in order to scrape sites for links and email addresses. This isn’t very well known, but there are apparently spammers doing this already. Second, Google is running a proxy server in conjunction with their new Web Accelerator service. Finally, I’ve received no response whatsoever, not even an automated response, from the email I sent to Google.
I’m going to continue to watch this carefully. If you continue to see hits from Google’s IP netblock which are actually blocked by Bad Behavior, please send them to me and CC: abuse@google.com.
May 5th, 2005 at 3:22 am
TedFox Says
If i have two copies of bad behavior running on 2 subdomains, but same SQL database, what do I need to change for the logging to different tables. I tried changing the variable at the top of database.php, but that does not seem to be enough.
May 16th, 2005 at 1:48 am
Michael Hampton Says
TedFox, it’s sufficient to change the $wp_bb_log variable at the top of bad-behavior-database.php, but it’s not necessary; several copies of Bad Behavior can log to the same table without problem. You can separate entries for each subdomain by querying on the http_host field.
May 16th, 2005 at 1:57 am