WordPress.org

Ready to get started?Download WordPress

Forums

Bad Behavior 1.0-rc1 (8 posts)

  1. error
    Member
    Posted 8 years ago #

    Announcing Release Candidate 1 of Bad Behavior.

    Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however.

    Why?

    Spam Karma and similar solutions should be your last line of defense against comment spammers, not your first. If the spambot has fetched a page from your site, you have already lost: the spammer now has your email addresses and your comment form, you are paying for the wasted bandwidth, and you can bet he'll be back. Bad Behavior is your first line of defense.

    In pre-release testing Bad Behavior blocked spambots responsible for comment spam, referrer spam and email spam, leaving virtually nothing for Referrer Karma and Spam Karma to do. In fact, we disabled Referrer Karma, and Bad Behavior promptly picked up the slack and blocked all the referrer spam coming in.

    Bad Behavior not only can function as a WordPress plugin, it can also be integrated through a "generic" interface to virtually any PHP-based software.

  2. RosieMBanks
    Member
    Posted 8 years ago #

    What about Google bots? Does Bad Behavior allow web crawlers from search engines to access the site?

  3. error
    Member
    Posted 8 years ago #

    What about Google bots? Does Bad Behavior allow web crawlers from search engines to access the site?

    Of course. Googlebot, Yahoo! Slurp, msnbot, and pretty much any other search engine bot are completely unaffected.

    During testing we found that a few less-well-known search engine bots were matching profiles because they were trying to look similar to some other user-agent (MSIE, or in one case, Konqueror). The code recognizes them and allows these search engine bots to pass through unaffected.

  4. RosieMBanks
    Member
    Posted 8 years ago #

    Thanks! I'm giving it a try.

  5. Mark Jaquith
    WordPress Lead Dev
    Posted 8 years ago #

    I've been using it for several days, and it's stopped hundreds of attempted accesses by bad bots. Lately, it seems that they've stopped even trying to access my site! Spam Karma 2 is getting mighty bored.

  6. error
    Member
    Posted 8 years ago #

    I don't recommend you turn off Spam Karma 2 just yet; I haven't caught every spambot known to man! (Yet.)

  7. error
    Member
    Posted 8 years ago #

    I have released 1.0 Release Candidate 2 of Bad Behavior, which fixes a few minor problems which were reported with the first release candidate. If you are currently running RC1, please update now. Thank you!

  8. error
    Member
    Posted 8 years ago #

    Security Update: All Bad Behavior users should update to 1.0-rc3 immediately to prevent malicious attacks on your database.

    Fixed in this release:

    • A security issue has been identified and fixed which prevents malicious attackers from attempting SQL injection attacks by sending specially crafted data in the HTTP headers. While no exploits are known at this time, all users are urged to update immediately.
    • A few more false positives have been fixed.
    • A few more spambots are now banned.
    • An email address now appears on the error page for people to contact if they are having trouble. You have the option of changing it to your own email address or leaving as the default, in which case email will come to me. Keep in mind that the email address will be visible to spammers!

Topic Closed

This topic has been closed to new replies.

About this Topic