Comments for Bad Behavior / Bad Behaviour

Comment on WordPress brute-force login attacks stepped up by The Brute-Force Password Attack on WordPress Sites « Lorelle on WordPress

The Brute-Force Password Attack on WordPress Sites « Lorelle on WordPress — Tue, 23 Apr 2013 04:48:45 +0000

[...] I first learned about the recent attacks on April 10, 2013, when my friend, Michael Hampton of Bad Behavior fame (the WordPress Plugin and other PHP-based publishing platforms add-on determined to prevent comment spam and evil) noted brute-force login attacks were increasing against WordPress sites: [...]

Comment on WordPress brute-force login attacks stepped up by How To Protect Your WordPress Security

How To Protect Your WordPress Security — Sun, 14 Apr 2013 12:19:44 +0000

[...] WordPress Brute Force Login Attempts Stepped Up [...]

Comment on FeedBurner blocked in Project Honey Pot again by RSS Feed Fixed (I think) | Kestrel's Aerie

RSS Feed Fixed (I think) | Kestrel's Aerie — Wed, 10 Apr 2013 15:58:44 +0000

[...] However, I discovered that FeedBurner didn’t propagate the new article. After a bit of sleuthing, I tracked down the culprit: It seems that Google (which owns FeedBurner) keeps changing stuff, and as a result, one of my anti-spam plugins, Bad Behavior, starts rejecting FeedBurner queries. You can read about that problem here. [...]

Comment on Bad Behavior 2.2.13 by Bad Behavior / Bad Behaviour | Bad Behavior 2.2.14

Bad Behavior / Bad Behaviour | Bad Behavior 2.2.14 — Tue, 09 Apr 2013 01:03:22 +0000

[...] The following changes have been made since 2.2.13: [...]

Comment on Bad Behavior 2.2.12 by Bad Behavior / Bad Behaviour – Bad Behavior 2.2.13

Bad Behavior / Bad Behaviour – Bad Behavior 2.2.13 — Mon, 10 Dec 2012 18:15:14 +0000

[...] The following changes have been made since 2.2.12: [...]

Comment on Disaster Recovery Update by Bad Behavior / Bad Behaviour – Bad Behavior 2.2.8

Bad Behavior / Bad Behaviour – Bad Behavior 2.2.8 — Wed, 31 Oct 2012 13:57:43 +0000

[...] kind words, offers of technical assistance and of course donations during this very stressful disaster recovery. If you haven’t contributed lately, or at all, please help me keep Bad Behavior going by [...]

Comment on PHP Fatal error in Bad Behavior 2.2.11? by Waco

Waco — Fri, 12 Oct 2012 03:16:38 +0000

Thanks for pointing out. I threw an email to my site support team about HTTP 500 error from my homepage and they just pointed me that something went wrong with Bad Behavior plugin. I followed your instruction and my site was back to normal few minutes ago.

Comment on Bad Behavior 2.2.10 by Brad H

Brad H — Fri, 14 Sep 2012 21:33:56 +0000

Thanks for the reply. I guess that also explains why it logs a key of 00000000. Because it’s logging that it DIDN’T block it but it was later identified as spam.

Have you thought about adding these “false negatives” as another test for future bad behavior tests? In other words, if headers, and agent and IP pass all the other tests, but the IP and/or user agent and/or other post attributes consistently gets caught by other spam plugins, then also include it in the black list?

If I wanted to make some mods to Bad Behavior to handle this, it looks like the workhorse function is bb2_screen() and you have nice design pattern going in there of a serial list of screening tests. Thoughts on adding a callback or plugin mechanism to extend Bad Behavior to integrate with other systems?

FWIW, I’ve been running BB on a test system that averages about 60 spam comments a day. Most of them get caught by our content filters ~80%, the other 20% end up in moderation. Since running BB, I’ve seen about 20% get cut out right away by BB2. I see now that when I test the IPs manually against various black lists (Projecthoneypot, Spamhaus, SpamCop, etc)… these IPs are not yet identified as “comment spam sources”. But on inspection, that’s clearly what they are.

Anyway… even though it isn’t a silver bullet for the spam I am seeing, it’s still a great tool. So thanks for your great work! I totally appreciate it!

Comment on Bad Behavior 2.2.10 by Michael Hampton

Michael Hampton — Fri, 14 Sep 2012 07:15:34 +0000

Brad,

At the moment we do not submit to Project Honey Pot. They don’t accept submissions except through their own code, the last time I looked.

The code you are looking at logs spam in Bad Behavior’s log if any other plugin on the system marked it as spam. This helps us get a copy of any spam that Bad Behavior missed without having to enable verbose logging, which can slow down a busy server.

Comment on Bad Behavior 2.2.10 by Brad H

Brad H — Fri, 14 Sep 2012 07:07:07 +0000

I’m looking through the wordpress specific code, and I see a hook for the wp_insert_comment action. I was wondering, does Bad Behavior submit spammers to projecthoneypot.org? Namely if my other spam plugins detect that a comment is a spam comment, does bad behavior noticed the wp_insert_comment hook and submit the spammers IP to project honey pot. I don’t see anything in the code that appears to be doing that, but I didn’t read through all of it.