Bad Behavior 2 Beta 1
June 7th, 2006 by Michael Hampton
First I want to say thank you to everyone who tried out an alpha version of Bad Behavior 2. Your valuable feedback and comments have resulted in a tool which eliminates some 99% of spam long before you would ever have to see it. And that means much less time spent cleaning out comments and reverting edits.
Based on your feedback, and on my own experience getting slashdotted last week, I’ve changed the pre-release quite a bit from previous pre-releases and it’s now ready for a wider audience. Here’s a quick rundown of the changes:
- Trackback spam is pretty much dead. If you see a trackback spam get past Bad Behavior, I want to know about it.
- Bad Behavior is stopping 99% or more of comment spam and an unknown amount of automated wiki vandalism. (I have no chicken to measure it.)
- A check which required waiting five seconds before submitting POST requests has been removed. While it showed some benefit in stopping spam, it was unduly interfering with legitimate activity.
- A check for misconfigured proxy servers has been disabled. While it blocked quite a bit of spam, it also blocks many corporate and government users, not to mention the entire country of Singapore. This appears to be a Microsoft ISA Server bug or misconfiguration, and when someone tells me how to fix it, this check will be re-enabled.
- Several additional checks for spam and malicious activity have been added.
- Database logging has been revamped, and the verbose option reinstated. When verbose is off, only blocked requests and some suspicious requests will be logged. On most requests, with verbose option off, Bad Behavior will make only one database query (to retrieve its settings).
- On WordPress, the administrative screen has been expanded. You can now turn verbose mode logging on or off from this screen.
- Once again, strangely enough it seems to be even faster than previous versions.
Some issues remain. I plan to implement a special page for MediaWiki, but I need some help from someone who is familiar with MediaWiki internals on implementing both the special page and the ability to save options. Please e-mail me if you have this knowledge.
I also plan to complete a technical support page both within WordPress and MediaWiki so that administrators can look up both missed spam and false positives. This should be complete prior to final release.
As always, I still need people to run the code, make sure it’s letting everyone through, and stopping spam. If it fails to catch spam, or blocks someone without good reason, then I need a report.
Now, on to installing it! Since people got confused last time, I’m going to break this into separate sections for WordPress and MediaWiki. But there is something common to both:
You will need to REMOVE all prior versions of both Bad Behavior 1 and Bad Behavior 2 BEFORE installing this release, because those versions may interfere with this one if left in place.
Then you need to DROP the *bad_behavior table from your database BEFORE installing this release, because the table format has changed. You can do this from within phpMyAdmin, for instance. (For instance, wp_bad_behavior or mw1_bad_behavior.)
Then you’re ready to install Bad Behavior 2 Beta 1. Follow the directions for your platform.
WordPress: The plugin installs just like any other plugin. Unzip it and you’ll have a Bad-Behavior folder. Upload the ENTIRE folder and its contents into your wp-content/plugins folder. Then activate the plugin from the Plugins administrative page. Once activated, you can edit its settings from the Options » Bad Behavior page.
MediaWiki: The extension installs just like any other extension. Unzip it and you’ll have a Bad-Behavior folder. If you want to edit the settings, edit the Bad-Behavior/bad-behavior-mediawiki.php file, find the text “Manually adjust settings here” and you can change them on the next line.
Upload the ENTIRE folder and its contents into your extensions folder. Then add the following to the end of LocalSettings.php:
include( 'extensions/Bad-Behavior/bad-behavior-mediawiki.php' );
And you’re done.
The to-do list is pretty short, though it’s possible I’ve forgotten something. If I did, please leave a comment below.
WordPress: Implement the database search facility on the Options > Bad Behavior admin screen.
MediaWiki: Implement the special page. Implement the ability to save options.
ExpressionEngine: Targeted for next alpha/beta release.
Generic/Third Party Ports: Should be possible now, but I don’t have a generic template ready yet.
And as always, if you find Bad Behavior valuable, please consider making a financial contribution. I develop Bad Behavior in my spare time, and every little bit counts.
And don’t forget to subscribe to the RSS feed or the mailing list. (They’re the same content.)