Archive Page 2
Bad Behavior 2.1.15 has been released. For 2.1 users, this is a maintenance release and upgrading as soon as possible is recommended. Legacy 2.0 users should make migration plans as soon as possible.
This release is the third release candidate for Bad Behavior 2.2 and should be safe to use on production sites.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only.
Who should upgrade?
All users should make plans to upgrade from 2.0 at this time. People who are porting Bad Behavior to other platforms should finalize any necessary changes to their ports.
What’s new?
New in this release (since 2.1.13):
- A version 2.1.14 was pushed to WordPress users without notice or announcement. While the software is in release candidate status, it should have had a prior announcement and documentation for the large number of changes from 2.0. Please accept my apologies for any inconvenience. Full documentation is forthcoming.
- New IP address ranges for Google and Yahoo!, which were previously unused for crawling, have been added to Bad Behavior.
- Once a request is determined to be from a search engine, all further checks are skipped.
- Requests from Internet Explorer 6 which are blocked due to a long standing bug in that browser are now blocked only when Bad Behavior is in strict mode. (Users of IE6 should make plans to upgrade as soon as possible, and should have done so years ago.)
- WordPress only: A bug in the built-in log viewer causing the wrong requests to be shown in some circumstances has been fixed.
- WordPress only: Calls to some deprecated WordPress functions have been rewritten.
- The URL whitelisting feature now accepts partial URL matches. This was necessary for compatibility with certain shopping cart plugins.
- Bad Behavior is now licensed under the GNU Lesser General Public License, either version 3, or at your option, any later version.
What’s coming?
I’m currently preparing to release the next major stable release of Bad Behavior, version 2.2. This release is sufficiently different that anyone maintaining a port needs to update their port to handle the new features immediately (such changes are backward compatible if implemented properly).
At the moment, barring any major bugs, this release will be 2.2. The last thing remaining to be done is documentation; this somehow always turns out to be a larger job than the actual code. I will be updating the online documentation over the next days as my time permits.
Download
Download the latest release of Bad Behavior now!
Support
If you’ve been here more than a few months, you’ve noticed that this release has been very long delayed. The primary reason for this is that, like most of you, I have to spend my days making money, and can only devote spare time to this project. Unfortunately my spare time is quite limited; I only get to spend more time on this when the community of Bad Behavior users want me to do so enough to put actual money behind it. Then it becomes “money making” and I can actually do significant work on it.
What’s more, I have a lengthy to-do list for a major rewrite which, if it ever gets done, will be Bad Behavior 3.0. I’m excited about it but I have no time to devote to it. This is doubly unfortunate because one of my favorite things in the world is beating spammers to within an inch of their…I mean giving them a quick clean…excuse me. Stopping spam. That’s it.
As I put the finishing touches on 2.2, get the documentation written and prepare it for final release, I’m asking you to decide how much time you want me to spend on this. What is it worth to you? Donate now to ensure that I can continue development and find new ways to frustrate spammers.
Bad Behavior 2.0.45 has been released. This is a maintenance release and upgrading is recommended for all users.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only.
Who should upgrade?
All users of the Legacy 2.0 series should upgrade to ensure that the Google and Yahoo! search engines can continue to access their sites.
What’s new?
New in this release (since 2.0.44):
- New IP address ranges for Google and Yahoo! have been added.
Download
Download the latest release of Bad Behavior now!
Bad Behavior 2.0.44 has been released. This is a maintenance release and upgrading is recommended for all users.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only.
WordPress users should see the special note below.
Who should upgrade?
All users of the 2.0 series should upgrade to ensure that the Google Web Preview functionality works as intended with their sites.
What’s new?
New in this release (since 2.0.43 and 2.1.12):
- Google Web Preview is now fully supported by Bad Behavior.
Note: Some users have stated that the Google +1 feature does not work when Bad Behavior is enabled. I have investigated this issue and determined that the issue is a problem in Google’s code which Bad Behavior cannot easily work around. This issue has been reported to Google, though I have not yet been notified that Google has fixed the issue. If you see this issue, please report it to Google (again).
What’s coming?
I’m currently preparing to release the next major stable release of Bad Behavior, version 2.2. This release is sufficiently different that anyone maintaining a port needs to update their port to handle the new features immediately (such changes are backward compatible if implemented properly). Ports which are currently feature-complete on 2.1 will not need updating for 2.2 as the API is now stable.
Bad Behavior 2.2 is finalized and I am preparing to release it as soon as I have finished updating its documentation. WordPress users will be receiving its release candidates through automatic update within the next 24 hours, though due to some versioning issues involved in my switching from subversion to git, it will be labeled as 2.1.13 (rc1) or 2.1.14 (rc2). If you use WordPress, check to ensure that you have received 2.1.14 and then check the new options available to you.
After that, the next development branch will target version 3.0. As I’ve mentioned before, it’s a complete ground-up rewrite, so anyone maintaining a port will need to track development and be prepared to completely rewrite their ports. I’m not prepared at this time to give a schedule, as schedules tend to slip, and the 3.0 rewrite has proved more challenging than I anticipated.
For our enterprise users who require long-term support, the 2.0 branch will continue to receive long-term support through June 30, 2012, though you should prepare to update to 2.2 as soon as possible. The 2.2 branch (coming shortly) will be fully supported until the 3.0 release, and then receive long-term support for at least one year beyond that date.
Download
Download the latest release of Bad Behavior now!
Support
I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table. Unfortunately this fact has kept me away from Bad Behavior for several months, as donations have been few and far between.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous donation for any amount. (BTW, I fixed all the broken donation links, I think. If you find any other broken ones, let me know!)
Thank you again for supporting Bad Behavior development!
Bad Behavior 2.1.13 (development) has been released. For 2.1 users, this is a maintenance release and upgrading as soon as possible is recommended.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
All users should upgrade to ensure that their placements in the Google and Yahoo! search engines remain intact.
What’s new?
New in this release (since 2.1.12):
- A logic error in the search engine handling code caused search engine requests to be subjected to additional checks not appropriate for them. This was causing Yahoo! crawler requests to be inadvertently blocked. This error has been fixed.
- New IP address ranges for Google and Yahoo!, which were previously unused for crawling, have been added to Bad Behavior.
What’s coming?
I’m currently preparing to release the next major stable release of Bad Behavior, version 2.2. This release is sufficiently different that anyone maintaining a port needs to update their port to handle the new features immediately (such changes are backward compatible if implemented properly). A backward-incompatible change to the database schema is coming shortly; porters should stand by for further details.
For our enterprise users who require long-term support, the 2.0 branch will continue to receive long-term support through June 30, 2012, and the 2.2 branch (coming shortly) will be fully supported until the 3.0 release, and then receive long-term support through June 30, 2014.
Download
Download the latest release of Bad Behavior now!
Support
You’ve probably noticed that my development schedule for 2.2 and 3.0 continues to slip. The reason for this is that I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
At this point I would need approximately US $2000 in donations to meet an end-of-May date for 2.2 and mid-July for a 3.0 alpha; in a typical month I generally see less than $40 in donations.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous donation for any amount. (BTW, I fixed all the broken donation links, I think. If you find any other broken ones, let me know!)
Thank you again for supporting Bad Behavior development!
Bad Behavior 2.0.43 (stable) and 2.1.12 (development) have been released. For 2.0 users, this is a security release and all users should upgrade as soon as possible. For 2.1 users, this is a maintenance release and upgrading as soon as possible is recommended.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
All users of the 2.0 series should upgrade to prevent leakage of information about your server to spammers and malicious bots.
All users should upgrade to ensure that their placement in the Google search engine remains intact.
What’s new?
New in this release (since 2.0.42 and 2.1.11):
- The 2.0.42 release, and possibly older releases, inadvertently omitted a message intended to be displayed to spammers pretending to be the Yahoo! search engine. Because of this, in non-default server configurations, a PHP notice could appear to the spammer which leaked information about the server. This message has been reinserted and the issue fixed.
- Google is now operating a new IP address range in China, from which it is crawling some Web requests. Interestingly, it is crawling all countries from this Chinese address range. Bad Behavior is now aware of this address range and will no longer block requests from Google which originate in China.
What’s coming?
I’m currently preparing to release the next major stable release of Bad Behavior, version 2.2. This release is sufficiently different that anyone maintaining a port needs to update their port to handle the new features immediately (such changes are backward compatible if implemented properly). Ports which are currently feature-complete on 2.1 will not need updating for 2.2 as the API is now stable.
After that, the next development branch will target version 3.0. As I’ve mentioned before, it’s a complete ground-up rewrite, so anyone maintaining a port will need to track development and be prepared to completely rewrite their ports. It’s going to be a week or two at least before I have alpha code to share, but you will want to make time for it, because there will also be important changes in the way Bad Behavior is distributed. I hope to have 3.0 in beta later this month, and a general release by the end of May.
For our enterprise users who require long-term support, the 2.0 branch will continue to receive long-term support through June 30, 2012, and the 2.2 branch (coming shortly) will be fully supported until the 3.0 release, and then receive long-term support through June 30, 2014.
Download
Download the latest release of Bad Behavior now!
Support
I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous donation for any amount. (BTW, I fixed all the broken donation links, I think. If you find any other broken ones, let me know!)
Thank you again for supporting Bad Behavior development!
Bad Behavior is now available for the vBulletin forum and content management system. I want to welcome the vBulletin community to a completely different way of blocking registration, signature and forum spam.
I’ve been asked a number of times for this, and I’m happy to announce that someone has taken it off my plate. Eric Sizemore has ported Bad Behavior to vBulletin 3.8 and 4.x.
While I haven’t been able to test the mods extensively as yet, they appear sane and usable, and are the first for vBulletin which are feature-complete and 2.2-ready.
If you’re new to Bad Behavior, you should be aware that it operates completely differently than other anti-spam measures you may already use. The biggest difference is that Bad Behavior does not analyze the content of anything posted to your forum. This is sure to surprise you at first, until you see the number of drive-by spam registrations drop off noticeably. Even so, no spam prevention technique is 100% perfect, and so you shouldn’t drop your existing spam prevention techniques until you read this.
Check out Bad Behavior’s complete documentation for more on what all the features do and how it’s done. This is especially important if you use a load balancer, cloud hosting such as Amazon EC2, or an accelerator service such as Akamai; in these cases there is additional configuration you will need to do after installing Bad Behavior.
As with all other ports, you should seek support for anything vBulletin-specific from the port maintainer, Eric (using the links provided above); as always, I continue to provide support for the Bad Behavior core, as well as the WordPress and MediaWiki ports. Welcome again, and here’s to a spam-free forum!
Bad Behavior 2.0.42 (stable) and 2.1.11 (development) have been released. This is a maintenance release recommended for all users.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
Users with a significant amount of traffic from mobile devices should upgrade to ensure that requests from older and “dumb” mobile phones are screened properly.
What’s new?
New in this release (since 2.0.41 and 2.1.10):
- Google operates a proxy server for “feature phones” (dumb mobile phones; perhaps should be called feature limited) with limited Web browsers which reformats web pages into a simpler format for viewing on such phones. While it is now rarely used, requests from this proxy server, known as Google Wireless Transcoder, were being treated as search engine requests (and denied for not being a search engine). This issue has been fixed.
- Our new bug tracking system is online. If you find a bug in Bad Behavior, please submit it there. This will help me keep track of outstanding issues and ensure that I can get them resolved in a timely manner without losing track of them in my massive inbox.
What’s coming?
I’m currently preparing to release the next major stable release of Bad Behavior, version 2.2. This release is sufficiently different that anyone maintaining a port needs to update their port to handle the new features immediately (such changes are backward compatible if implemented properly).
After that, the next development branch will target version 3.0. As I’ve mentioned before, it’s a complete ground-up rewrite, so anyone maintaining a port will need to track development and be prepared to completely rewrite their ports. It’s going to be a week or two at least before I have alpha code to share, but you will want to make time for it, because there will also be important changes in the way Bad Behavior is distributed. I hope to have 3.0 in beta within the next month, and a general release by the end of May.
For our enterprise users who require long-term support, the 2.0 branch will continue to receive long-term support through June 30, 2012, and the 2.2 branch (coming shortly) will be fully supported until the 3.0 release, and then receive long-term support through June 30, 2014.
Download
Download the latest release of Bad Behavior now!
Support
I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous contribution for any amount. (BTW, I fixed all the broken donation links, I think. If you find any other broken ones, let me know!)
Thank you again for supporting Bad Behavior development!
Bad Behavior 2.0.41 (stable) and 2.1.10 (development) have been released. This is a maintenance release recommended for all users.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
All users should upgrade to ensure that requests from major search engines are always approved.
What’s new?
New in this release (since 2.0.40 and 2.1.9):
- The Yahoo! Slurp search engine crawler recently changed its HTTP headers, and as a result, Bad Behavior began inadvertently blocking it. So that future similar changes made by search engines do not impact you, Bad Behavior’s search engine handling has been changed so that if a request is confirmed as coming from a major search engine, all other tests are bypassed and the request is approved. Bad Behavior natively checks for Google, Microsoft and Yahoo! search engines, and when http:BL is in use, Bad Behavior can confirm several other smaller search engines. Bad Behavior will continue to block requests which falsely claim to be one of these search engines.
- The README file included with Bad Behavior has been updated.
- The copy of the GNU General Public License version 2, included with the 2.0 release of Bad Behavior, was inadvertently replaced with version 3 in the distribution. Version 2 has been re-included in the distribution. For the moment, the stable branch remains licensed under GPLv2 while the development branch has moved to LGPLv3.
Download
Download the latest release of Bad Behavior now!
Support
I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous contribution for any amount. (BTW, I fixed all the broken donation links, I think. If you find any other broken ones, let me know!)
Thank you again for supporting Bad Behavior development!
Bad Behavior version 2.1.9 has been released. It is a development release intended for testing and verification of new functionality and should not normally be used on production sites. This release includes a security fix and all development users are strongly urged to upgrade as soon as possible.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
All development users should upgrade to ensure that cross-site requests are screened properly and to protect against cross-site request forgery.
All development users who use a reverse proxy, load balancer, HTTP accelerator, or similar technology should upgrade to take advantage of new functionality supporting these deployments. (This includes CloudFlare. They say you’ll throw the first one away, and I certainly did.)
What’s new?
New in this release (since 2.1.8):
What’s coming?
I’ve set up an issue tracking system so that people can report bugs more easily. It’s bare bones at the moment, but you can use it to report bugs now. In the future it will be used to hold development information and a browsable source code repository.
I’ve also set up a git repository for Bad Behavior. The first code to be checked in will be the first 3.0 alpha, which I hope to have available within the next week or so. Details on how to access the repository will come at that time.
Download
Download the latest development release of Bad Behavior now!
Support
I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous contribution for any amount. (BTW, I fixed all the broken donation links, I think. If you find any other broken ones, let me know!)
Thank you again for supporting Bad Behavior development!
Bad Behavior version 2.0.40 has been released. It is a security release. All users are strongly urged to upgrade as soon as possible.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
All users should upgrade to ensure that cross-site requests are screened properly and to protect against cross-site request forgery.
What’s new?
New in this release (since 2.0.39):
- [Ticket 3] Bad Behavior provides an option to allow cross-site POST requests; these are meant to be blocked by default as most sites do not need to receive form data submitted from other sites. However, the option to enable it for those sites which do need it had inverted logic, resulting in cross-site requests being allowed when the option was set to disallow them, and vice versa. This issue has been fixed.
Download
Download Bad Behavior now!
Support
You’ve probably noticed that until recently there hadn’t been a release of Bad Behavior in several months. This is due entirely to the fact that I can only spend time on it when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous contribution for any amount.
Thank you again for supporting Bad Behavior development!
