Bad Behavior 2.0.21
August 5th, 2008 by Michael Hampton
Bad Behavior 2.0.21 has been released. It is a maintenance release and is recommended for all users.
MediaWiki and WordPress users should take note of special upgrade instructions below.
Who should upgrade?
Users who receive significant traffic from the Ukraine should upgrade to fix an issue which may cause users in the Ukraine to be blocked.
All users should upgrade to take advantage of protection from newly identified spambots and malicious bots as well as a new method of spambot detection.
What’s new?
New in this release (since 2.0.20):
- Users who specified the Ukrainian language in their browser settings were mistakenly blocked. This issue has been fixed.
- Bad Behavior now incorporates data on harvesters and comment spammers compiled by Project Honey Pot and published through its http:BL service. In order to enable this feature, you must obtain an http:BL access key and provide this key to Bad Behavior in its settings. While the http:BL settings can be fine-tuned to block or allow requests based on the threat level and age of a harvester or comment spammer record, the default settings have been extensively tested and found to block virtually all spammers known to http:BL while allowing all legitimate users, even those that http:BL may have classified as suspicious. This feature obsoletes any other http:BL plugins you may have, and they can be removed.
- The Majestic-12 search engine crawler was mistakenly blocked. This block has been removed and a block placed for a malicious bot which pretends to be the Majestic-12 crawler.
- The bot used by Attributor, a service which looks for copyright infringement and sends takedown notices, has been identified and blocked.
- Several additional spambots have been identified and blocked by user agent.
Support
If Bad Behavior has helped you, please make a financial contribution toward further development. Your contribution ensures that I can prioritize Bad Behavior development. Otherwise I must spend most of my time on other projects which pay the bills. Which is a shame, because I really enjoy making spammers miserable and drying up their revenue streams until it’s more profitable for them to work at McDonald’s than to send spam.
Download
Special Upgrade Instructions
For MediaWiki: Before installing this version of Bad Behavior, manually remove (e.g. using FTP or ssh) any old versions you may have, including the lines added to LocalSettings.php. Then install the new version fresh, following the installation instructions for MediaWiki.
For WordPress: If updating to this version through the automatic updater fails, manually remove (e.g. using FTP or ssh) any old versions you may have installed. Then upload and install the new version fresh, following the installation instructions for WordPress. After doing so, future automatic updates should proceed normally.
For other platforms: No changes to your upgrade procedures should be necessary.
Joe Says
I have just installed the new version of bb. I deleted the previous version, and deleted the old bb database before updating.
I am now getting the following errors in my wordpress dashboard, and after entering my honeypot key
Warning: Wrong parameter count for array_key_exists() in /f1/content/eruptingmind/public/wp-content/plugins/bad-behavior/bad-behavior/post.inc.php on line 33
Warning: Cannot modify header information – headers already sent by (output started at /f1/content/*/public/wp-content/plugins/bad-behavior/bad-behavior/post.inc.php:33) in /f1/content/*/public/wp-content/plugins/bad-behavior/bad-behavior/screener.inc.php on line 8
Aug 5th, 2008 at 11:35 am
Tom Says
What’s wrong with attributor? As far as I can tell it merely notifies someone if their content is being used elsewhere and lets them fire a polite e-mail off about it.
Blocking it seems very irresponsible to me.
Aug 5th, 2008 at 11:46 am
Dutch Gecko Says
I’m running on WP 2.0.11 (old version I know) and I’m getting a few errors. After deleting spam caught by Akismet, I get a number of “headers already sent” errors for various plugins. When visiting the BB admin page I get the normal WordPress header, the BB title and donation information, followed by “Fatal error: Call to undefined function: paginate_links() in /home/dutchgec/public_html/wp-content/plugins/bad-behavior/bad-behavior-wordpress-admin.php on line 121″ after which the page stops.
2.0.19 had even more errors (to the extent that I could not load the admin panel at all) but I didn’t have time to test that one extensively.
Aug 5th, 2008 at 11:48 am
Dr Web Says
I have updated just now to the latest version using the automatic updater and the message saying that the plugin was successfully updated appeared, but, a few seconds later when I tried to publish a comment, I’ve got this error, looks like it’s the same error as Joe, on the first comment got, and he made a fresh installation.
I am running wordpress 2.6.
Thanks for any help.
Warning: Wrong parameter count for array_key_exists() in /home/drpen3/public_html/wp-content/plugins/bad-behavior/bad-behavior/post.inc.php on line 33
Warning: Cannot modify header information – headers already sent by (output started at /home/drpen3/public_html/wp-content/plugins/bad-behavior/bad-behavior/post.inc.php:33) in /home/drpen3/public_html/wp-content/plugins/bad-behavior/bad-behavior/screener.inc.php on line 8
Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent (output started at /home/drpen3/public_html/wp-content/plugins/bad-behavior/bad-behavior/post.inc.php:33) in /home/drpen3/public_html/wp-content/plugins/wordpress-automatic-upgrade/wordpress-automatic-upgrade.php on line 114
Warning: Cannot modify header information – headers already sent by (output started at /home/drpen3/public_html/wp-content/plugins/bad-behavior/bad-behavior/post.inc.php:33) in /home/drpen3/public_html/wp-includes/classes.php on line 806
Aug 5th, 2008 at 12:02 pm
rocksea Says
same error here..
Aug 5th, 2008 at 1:12 pm
mok Says
When saving a Draft of my post(s) I keep getting these error messages after upgrading to the new BadBehaviour software option.
Warning: Wrong parameter count for array_key_exists() in /home/.wycliffe/giosalazar/blog.strength2endure.com/wp-content/plugins/bad-behavior/bad-behavior/post.inc.php on line 33
Warning: Cannot modify header information – headers already sent by (output started at /home/.wycliffe/giosalazar/blog.strength2endure.com/wp-content/plugins/bad-behavior/bad-behavior/post.inc.php:33) in /home/.wycliffe/giosalazar/blog.strength2endure.com/wp-content/plugins/bad-behavior/bad-behavior/screener.inc.php on line 8
Warning: Cannot modify header information – headers already sent by (output started at /home/.wycliffe/giosalazar/blog.strength2endure.com/wp-content/plugins/bad-behavior/bad-behavior/post.inc.php:33) in /home/.wycliffe/giosalazar/blog.strength2endure.com/wp-includes/classes.php on line 806
Aug 5th, 2008 at 1:20 pm
Jenn Says
Same errors here.
Aug 5th, 2008 at 2:11 pm
Michael Hampton Says
All right, that’s enough of the “me too” posts. I know you’re seeing it. I’ll get it fixed shortly.
Dutch Gecko, please update to the current version of Bad Behavior before reporting problems. I know all about the admin panel on 2.0.11 anyway; it doesn’t work and isn’t going to work. It requires WP 2.1 or higher. So you need to update WordPress if you want to use it without problems.
Aug 5th, 2008 at 3:17 pm
Michael Hampton Says
Tom, I took a long hard look at Attributor after I found its bot. I happen to like its approach of recommending to copyright owners that they ask for a backlink rather than sending a takedown notice, but they will still send takedown notices if the content owner wants.
The problem that I see is that Attributor also allows for sending automated takedown notices, without human intervention. This not only doesn’t allow for fair use, also as we’ve seen with Cyveillance, there’s a good chance that people will get takedown notices who haven’t even copied someone’s content.
There’s also the little issue of some poor kid who happened to copy an article he liked onto his personal blog (which all of six people read) possibly being forced to put up ads which pay whoever wrote the article and taking down his own ads.
So I need a lot more information on what this company does and how it does it before I’ll say that they are entirely a good thing.
Attributor’s bot also crawls too quickly through archives (they’ve hit me over 17,000 times in the past few days) putting excessive load on whatever server it hits. I would block them for that alone.
Interestingly, the fingerprint for their bot matches precisely several other malicious bots I’ve found in the last week which have harvested email addresses and delivered spam.
Aug 5th, 2008 at 4:05 pm
Michael Hampton Says
Oh, I forgot to mention, Attributor is the company which allowed the Associated Press to send all those takedown notices to bloggers and make ridiculous claims like that fair use was limited to less than five words of an article and you had to pay an arm and a leg to quote any more than that.
Aug 5th, 2008 at 4:15 pm
Michael Hampton Says
And just when you thought it was safe to go back in the water, there’s more!
According to its whitepaper, Attributor lets a content owner send these automated takedown notices not only to a blogger, but directly to the search engines, making the blog virtually disappear from the Internet, and the blogger doesn’t necessarily have any idea what happened.
I haven’t heard any news reports yet of this sort of thing happening to somebody who didn’t really deserve it, though it’s only a matter of time.
Aug 5th, 2008 at 4:20 pm
Michael Hampton Says
Oh, I should note that Attributor’s bot has gone absolutely nuts since being blocked. It’s now hitting the same pages over and over, despite getting a 403 response, at the rate of once every 3 or 4 seconds. That’s over 20,000 requests a day. Of course this is what it was doing before, but now it’s going even faster. This is not a nice, friendly bot.
Aug 5th, 2008 at 6:37 pm
Justice Man Says
Just a note to say I observed these series of errors in BB admin:
Warning: strpos() [function.strpos]: Empty delimiter in /home/…./public_html/wp-content/plugins/bad-behavior/bad-behavior-wordpress-admin.php on line 166
Warning: strpos() [function.strpos]: Empty delimiter in /home/…../public_html/wp-content/plugins/bad-behavior/bad-behavior-wordpress-admin.php on line 165
And it keeps going and going for quite a few lines before it stops. This is using WordPress 2.6 PHP5 MySQL5 Other than that the admin page seems to function ok.
Aug 5th, 2008 at 6:39 pm
Rich P Says
Hi Michael,
Thanks for pointing out our crawling activities – we had a few complaints last week and are working to fix the bug that caused the excessive crawling.
Thanks for acknowledging our insistence on the benefits of links vs Takedown notices. There is a great post here that spells this out more specifically.
I wanted to respond to a couple of your points below:
<<The problem that I see is that Attributor also allows for sending automated takedown notices, without human intervention.
** This is incorrect, and I will clarify the materials to make sure it doesn’t lead people to this conclusion. Before any link request or removal notice is sent, a person must approve – in the removal notice case, this approval is subject to penalty of perjury.
<< . . .but directly to the search engines, making the blog virtually disappear from the Internet, and the blogger doesn’t necessarily have any idea what happened.
** Our service does enable removal of a blog post from the search engine index – again under penalty of perjury. This capability is used primarily to remove splogs that are *great* at SEO and whose content is stored at an off-shore host and less likely to respond.
If you want specific information about our crawling issues last week and the steps we are taking to fix, it may be more efficient to call me at 650.703.2985, but I will certainly respond to any questions here too.
Aug 5th, 2008 at 6:44 pm
Michael Hampton Says
Justice Man, I got this report from multiple people and it will be addressed in the next release (within a day or so).
Aug 5th, 2008 at 6:51 pm
Michael Hampton Says
Rich, thanks for stopping by to discuss Attributor’s procedures regarding takedown notices and the activity of the crawler. I’ve been hit by splogs as well and I appreciate any effort that helps take them down. I also appreciate learning that sending a takedown notice requires human intervention, even if this doesn’t stop certain humans from being boneheaded about it.
I’ll send you further information shortly by email. (There’s some highly technical stuff and you’ll probably want it in email format to send to your developers for their review.)
Aug 5th, 2008 at 6:52 pm
Rich P Says
Agree 100% – to be legal, we need to involve humans. We’re focused on providing web-wide visibility for all plus new choices like Link and License requests to avoid a default legal option.
As you point out, we lose control when humans get involved
Please do send me your questions – I’ll make sure it gets to the right person.
Rich
Aug 5th, 2008 at 7:16 pm
Michael Hampton Says
Rich, I sent you that email.
And while this isn’t really about Bad Behavior, as a blogger, I occasionally quote content from other sources, some of whom are your company’s clients. (Though as far as I know, I’m always below your default 5% threshold.) In my situation, I appreciate it very much when a content owner who might have a problem with such excerpts contacts me directly rather than going directly for the takedown notice. This has only happened once in three years, when someone felt that my excerpt was too long. I shortened it, and we were both satisfied with the outcome.
Speaking of which, I always link back to the original source, but with providers like AP and Reuters, this is tricky, since they have a habit of removing content after 7-30 days from their own sites or from (the majority of) those sites to which they syndicate. Most of my broken links are to AP or Reuters articles which have since been taken down. I don’t know how much influence you have with your clients, but I would appreciate having a way to get a permanent link to such articles that I reference, whether I quote from them or not.
Aug 5th, 2008 at 7:35 pm
Justice Man Says
Michael, thanks and great work as usual. I can’t wait to try out the Honey Pot to see how well it works!
Aug 5th, 2008 at 7:56 pm
R. Richard Hobbs Says
I had the same errors went back to previous version. Auto upgrade went fine – looked for forensics in the error log but nothing there.
Also Project Honey pot is unresponsive to my attempt to register a new account – have been waiting all day for a verification email in spite of several resend requests.
Thanks again for a great plugin – some kinks just seem to be needed to be worked out.
Aug 5th, 2008 at 10:15 pm
R. Richard Hobbs Says
RE-upgraded using special instructions (my site is WP) and all went well – thank you.
Still no response from Project Honeypot.
Aug 5th, 2008 at 10:22 pm
R. Richard Hobbs Says
Errors came back – even after deactivating / deleting the 2.0.2.1 plugin / dropping the BB table / cleaning any db options out / then reinstalling / still getting the errors – I am back in 2.0.2.0 and it works fine.
RH
Aug 5th, 2008 at 10:49 pm
Matt Says
Gah, 2.0.21 is BROKEN. DO NOT INSTALL!
Aug 6th, 2008 at 12:44 am
Widget Says
shouldn’t line 33 in post.inc.php be this:
if (array_key_exists(‘Referer’, $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
return “cd361abb”;
}
Instead of:
if (array_key_exists($package['headers_mixed']['Referer']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
Aug 6th, 2008 at 1:55 am
Splash Says
It is indeed broken… none of my users could log in after the upgrade and I had to delete it from the webhost to deactivate the plugin. Using 2.0.20 in the meantime. Hope you guys can make a fix!
Thank you~
Aug 6th, 2008 at 2:41 am
Annie Says
I know you already have several reports that the newest version broken and causing some issues so I won’t reiterate that.
Hope a fix is released soon as Bad Behavior is too valuable of a plugin to be left deactivated for too long.
Thanks!
~ Annie
Aug 6th, 2008 at 3:03 am
Jeremy Says
Folks, you do not need to deactivate, just delete the plugin and reinstall the previous version, available on this site.
http://downloads.wordpress.org/plugin/bad-behavior.2.0.20.zip
Aug 6th, 2008 at 5:10 am
Rich P Says
Michael,
Thanks again for sending the email – it is now in the hands of our crawling team and they should be in touch shortly if they haven’t already.
Thanks a lot for the feedback – each publisher takes a different approach to their content. We’re hoping to guide the way with best practice documents that have them starting with the link request and only escalating to removal notices as a last resort.
Despite the occasional flare-ups, most publishers are indeed coming around to the value of a link. I’m not sure if Reuters or AP will listen to me
but I will definitely forward this post to our main contacts there.
Thanks again!
Rich
Aug 6th, 2008 at 7:22 am
Michael Hampton Says
OK, kids, the new version is out, which should fix all the errors posted above.
Aug 6th, 2008 at 8:03 am
SuPerRaJJ Says
Alright. I had come here to report about the latest version’s issue but I think I have seen enough people report it to u already. So, I guess I will leave it to that. I will wait for a fix from you and in the meantime I’m reverting back to 2.0.20 as BB cannot be removed from the blog you know! Protects what’s good
Aug 6th, 2008 at 8:06 am
Michael Hampton Says
You mean the fix I posted 20 minutes ago?
Aug 6th, 2008 at 8:08 am
Rich Pearson Says
Hi Michael,
We’ve just released a private beta version of FairShare, our free blogger service (www.fairshare.cc). A handful of users with the Bad Behavior plug-in have been unable to use FairShare because we can’t crawl their sites. I wanted to get your idea on what we could do to get on the whitelist. We have a couple ideas here but wanted to talk to you first.
Rich
Feb 11th, 2009 at 8:16 pm
Michael Hampton Says
Rich, I will contact you privately to get more information.
Feb 12th, 2009 at 2:48 am