Archive for September, 2005

What to do when Bad Behavior blocks you (or your friends)

September 30th, 2005 by Michael Hampton

This article applies to the obsolete 1.x.x versions of Bad Behavior. If you are reading this, you are probably in the wrong place. Users who have been blocked by Bad Behavior should read this instead. Site administrators should update to a current version of Bad Behavior as soon as possible.

One of the two topics I get most frequently is the assertion that Bad Behavior has blocked a legitimate request from an actual user, sometimes even the owner of the blog! Since this seems to come up every so often, I’m going to see if I can help out, and maybe eliminate the need for some of these folks to contact me.(But before we get started, if you are an AOL user, do not use the built-in AOL browser. Use Firefox or something else. And get a real ISP as soon as possible.)

Before doing anything, though, ensure that you have the latest version of Bad Behavior.

The first thing to do is to determine why Bad Behavior blocked you. Get your IP address, and then log in to your phpMyAdmin, and Search the bad_behavior_log table for your IP address. In the returned fields, the denied_reason field will have a short explanation.

If the denied_reason says, “I know you and I don’t like you, dirty spammer,” keep looking for other entries. This reason means the IP address was previously identified and is being temporarily blocked, and another entry will have the real reason for the block.

If the denied_reason says, “Required header ‘Accept’ missing,” check to ensure that you are not using a proxy server, personal firewall, or any other software that may be interfering with your Web browsing. This type of software, if not configured properly, will cause this problem. Bypass the proxy (when possible) and try again. If you see this message, and you are using GoDaddy shared hosting, be aware that this is caused by GoDaddy and there is nothing I can do about it. Switch web hosts.

If the denied_reason contains a long string of “Aaaaaaaaaaaaa,” says “User-Agent … prohibited,” or contains “Banned proxy server” and you aren’t using a proxy server, this means your computer has most likely been infected with a virus or Trojan horse which is sending comment and referrer spam. Have your computer cleaned before trying again.

If the denied_reason contains anything else, you may find that the reason for the block is made obvious by the reason given. For instance, if you have used a fake User-Agent string, Bad Behavior may detect this and block you. In this case you would correct the User-Agent string and try again.

If you still can’t figure out why you were blocked, Export the records from phpMyAdmin in either SQL format and send them to me. You do not need to zip them. If you send me an Excel format file, I will curse your name until the end of days, and probably not respond.

   Bad Behavior,Blog Spam,WordPress    10 Comments

Bad Behavior Images

September 28th, 2005 by Michael Hampton

The 88×31 buttons for Bad Behavior and Bad Behaviour are hotlink protected. Please copy them to your site, instead of linking directly to them. Otherwise, people will see something you probably don’t want them to see. Thank you.

   Bad Behavior    Closed

Bad Behavior 1.2.2

September 23rd, 2005 by Michael Hampton

Make a Donation.

Bad Behavior 1.2.2 has been released to address an issue which a few people have brought to my attention. Bad Behavior is the Web’s premier link spam killer, targeting automated spambots which post comment, trackback and referrer spam, as well as email harvesters.

In Bad Behavior 1.2.1, a new feature was implemented which blocked the IP address of a spammer for 48 hours. As it turns out, this is too long for some, too short for others. The new version takes a more balanced approach.

Now, if a spammer is blocked, its IP address is blocked for 10 minutes. If another attempt is received, the block is doubled to 20 minutes. And so on, without limit.

All attempts which are currently in the bad_behavior_log count toward this blocking, so changing the logging duration from the default of 7 days will have an effect on how effectively this new blocking works.

If you find yourself blocked by this version of Bad Behavior, do not try to reload the page for at least 10 minutes, in any browser. And, if you have such problems, don’t bother posting a comment; contact me directly instead. I read email much more frequently than the comments. :)

In addition, this version provides callback functions which you can implement (for instance, in another plugin) which are called upon each request which is either allowed through or blocked. You must return from the callback function, and you should not output anything. The functions are:

wp_bb_approved_callback($wp_bb_http_headers_mixed);
wp_bb_denied_callback($wp_bb_http_headers_mixed, $http_response, $denied_reason);

$wp_bb_http_headers_mixed is an associative array containing all of the HTTP headers for the request. $http_response contains the error code (403 or 412) logged to the database. And $denied_reason contains the text string logged to the database as to why the request was denied.

Please note that the callback functions currently work only on the MediaWiki port (and the Geeklog port, when Dirk gets around to it). They will work on WordPress and other platforms in a future release.

In addition, this version will block access attempts where there is no User-Agent field set, due to an increase in the amount of spam matching this profile. A very few legitimate bots fail to set the User-Agent; if you happen to use one, contact its author to have them fix it, and also place it on the whitelist.

Download Bad Behavior now!

   Bad Behavior,Blog Spam,WordPress    12 Comments