Bad Behavior 2.2.12 has been released. This is a maintenance release and is recommended for all users.
The following changes have been made since 2.2.11:
- Search engine screening by IP address is now more lenient; a failure to match a known IP address range no longer blocks the bot outright. This change is in response to a major search engine which is adding large numbers of IP address ranges faster than they can be tracked and added to Bad Behavior. Requests which don’t match a known IP address range still go through normal screening, while requests which match will be passed immediately.
- Search engine IP address screening is bypassed when the request originates from an IPv6 address, pending the addition of IPv6 subnet matching code.
- Requests from the Baidu search engine now go through screening similar to Google and other major search engines. This will help to prevent illegitimate access from clients which falsely claim to be the Baidu search engine.
- Some URL blacklist strings have been removed due to the possibility of their matching legitimate user input (e.g. in a site search phrase).
Just as a reminder, if you use CloudFlare on your site, you must enable the Reverse Proxy option in Bad Behavior’s settings, or many of your visitors and search engines will be blocked.
Work on Bad Behavior 3.0 is finally making progress; I have some very basic almost-functional pre-alpha code and I hope to have it cleaned up enough to attempt to begin using in the next few weeks. Since this is usually the slow season for me, I hope to have some extra time to work on it over the holiday season. If you would like to see this work progress more quickly, or you just want to say thank you, consider making a donation today.