Archive for January, 2011
Bad Behavior 2.0.41 (stable) and 2.1.10 (development) have been released. This is a maintenance release recommended for all users.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
All users should upgrade to ensure that requests from major search engines are always approved.
What’s new?
New in this release (since 2.0.40 and 2.1.9):
- The Yahoo! Slurp search engine crawler recently changed its HTTP headers, and as a result, Bad Behavior began inadvertently blocking it. So that future similar changes made by search engines do not impact you, Bad Behavior’s search engine handling has been changed so that if a request is confirmed as coming from a major search engine, all other tests are bypassed and the request is approved. Bad Behavior natively checks for Google, Microsoft and Yahoo! search engines, and when http:BL is in use, Bad Behavior can confirm several other smaller search engines. Bad Behavior will continue to block requests which falsely claim to be one of these search engines.
- The README file included with Bad Behavior has been updated.
- The copy of the GNU General Public License version 2, included with the 2.0 release of Bad Behavior, was inadvertently replaced with version 3 in the distribution. Version 2 has been re-included in the distribution. For the moment, the stable branch remains licensed under GPLv2 while the development branch has moved to LGPLv3.
Download
Download the latest release of Bad Behavior now!
Support
I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous contribution for any amount. (BTW, I fixed all the broken donation links, I think. If you find any other broken ones, let me know!)
Thank you again for supporting Bad Behavior development!
Bad Behavior version 2.1.9 has been released. It is a development release intended for testing and verification of new functionality and should not normally be used on production sites. This release includes a security fix and all development users are strongly urged to upgrade as soon as possible.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
All development users should upgrade to ensure that cross-site requests are screened properly and to protect against cross-site request forgery.
All development users who use a reverse proxy, load balancer, HTTP accelerator, or similar technology should upgrade to take advantage of new functionality supporting these deployments. (This includes CloudFlare. They say you’ll throw the first one away, and I certainly did.)
What’s new?
New in this release (since 2.1.8):
What’s coming?
I’ve set up an issue tracking system so that people can report bugs more easily. It’s bare bones at the moment, but you can use it to report bugs now. In the future it will be used to hold development information and a browsable source code repository.
I’ve also set up a git repository for Bad Behavior. The first code to be checked in will be the first 3.0 alpha, which I hope to have available within the next week or so. Details on how to access the repository will come at that time.
Download
Download the latest development release of Bad Behavior now!
Support
I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous contribution for any amount. (BTW, I fixed all the broken donation links, I think. If you find any other broken ones, let me know!)
Thank you again for supporting Bad Behavior development!
Bad Behavior version 2.0.40 has been released. It is a security release. All users are strongly urged to upgrade as soon as possible.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
All users should upgrade to ensure that cross-site requests are screened properly and to protect against cross-site request forgery.
What’s new?
New in this release (since 2.0.39):
- [Ticket 3] Bad Behavior provides an option to allow cross-site POST requests; these are meant to be blocked by default as most sites do not need to receive form data submitted from other sites. However, the option to enable it for those sites which do need it had inverted logic, resulting in cross-site requests being allowed when the option was set to disallow them, and vice versa. This issue has been fixed.
Download
Download Bad Behavior now!
Support
You’ve probably noticed that until recently there hadn’t been a release of Bad Behavior in several months. This is due entirely to the fact that I can only spend time on it when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous contribution for any amount.
Thank you again for supporting Bad Behavior development!
Bad Behavior version 2.1.8 has been released. It is a development release intended for testing and verification of new functionality and should not normally be used on production sites.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
All development users should upgrade to ensure that web pages are indexed properly in the Bing search engine, as well as to take advantage of new functionality described below.
CloudFlare users should upgrade to ensure that their sites remain accessible when using the CloudFlare reverse proxy service.
What’s new?
New in this release (since 2.1.7):
- Microsoft has begun using a new IP address range for its msnbot search engine crawler, which provides data for the Bing search engine. This address range is now correctly recognized as belonging to Microsoft. (Reported by multiple users.)
- Round-trip DNS detection code in previous versions was failing in strange ways due in part to a long-standing bug in PHP which is still not fixed as of this writing. This affected access by search engines as well as for anyone when the site uses CloudFlare. The round-trip DNS detection code has been temporarily disabled until a workaround or fix for PHP is available.
- Due to the above issue, Bad Behavior effectively disables itself when CloudFlare use is detected. This is temporary until certain tests can be rearranged.
- A number of very small files have been consolidated into slightly larger files to reduce disk I/O. Here we are targeting the typical 4K memory page (and future 4K disk block) boundary. More such consolidation will take place in the near future.
- A small number of additional user-agents have been added to the internal blacklist and one has been modified to eliminate a potential false positive.
What’s coming?
Bad Behavior’s system requirements have been specified for the first time, at user request. Bad Behavior 2.0 requires PHP 4.3 or later, and 2.1 requires PHP 5.2 or later (5.3 when running on Windows). Both releases require MySQL 4.0 or later when using a database. I have had code contributed which offers PostgreSQL support and I will be integrating this soon. Note that as 2.1 is still the development branch, requirements may change (up or down) as development progresses.
Thanks to Dave Reid, who has provided a basic class structure for Bad Behavior, the next major release will be (mostly) object oriented while maintaining high performance and compatibility with PHP scripts which don’t make extensive use of OO. This will actually make it easier to do ports to various systems such as Drupal and enable ports to replace parts of Bad Behavior’s functionality when it makes sense for them to do so.
Future versions of Bad Behavior, beginning with the next development release, will be licensed under the GNU Lesser General Public License version 3. This licensing change will make it easier to resolve legal issues with porting to certain non-free software such as Simple Machines Forum, vBulletin, ExpressionEngine, etc. by making it unnecessary to grant specific license exemptions for such software in most cases. If you’re planning a port and still have legal issues, contact me.
Download
Download the latest development release of Bad Behavior now!
Support
I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by setting up a recurring contribution, or making your most generous one-time contribution for any amount.
Thank you again for supporting Bad Behavior development!
Bad Behavior version 2.0.39 has been released. It is a maintenance release recommended for all users.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
All users should upgrade to ensure that the Microsoft Bing search engine crawler can correctly crawl your site.
What’s new?
New in this release (since 2.0.38):
- Microsoft has begun using a new IP address range for its msnbot search engine crawler, which provides data for the Bing search engine. This address range is now correctly recognized as belonging to Microsoft. (Reported by multiple users.)
Download
Download Bad Behavior now!
Support
You’ve probably noticed that until recently there hadn’t been a release of Bad Behavior in several months. This is due entirely to the fact that I can only spend time on it when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by setting up a recurring contribution, or making your most generous one-time contribution for any amount.
Thank you again for supporting Bad Behavior development!