Bad Behavior module available
dpangier - August 19, 2005 - 19:58
Hi,
I am announcing that I have released a first version of a module implementing "bad behavior". The badbehavior module stops comment spam before it starts by trapping and blocking spambots before they have a chance to post comments.
It logs all suspicious activity, and has admin pages for reviewing those logs.
This is an initial release, so there are probably some bugs floating around. If you see any problems, please let me know by replying to this post - I am awaiting CVS access so you get get the module here.
Enjoy the reduction in spam.
David Angier
Thanks!
Hi David,
I've been reading your blogs about Drupal, and I'm glad to see your contributions popping up here. Welcome!
Could you explain a little bit about how it actually works? What does the module define as "suspicious activity", for example? How does this differ from/compliment the spam module?
cheers,
- Robert Douglass
-----
Rate the value of this post: http://rate.affero.net/robertDouglass/
I recommend CivicSpace: www.civicspacelabs.org
My sites: www.hornroller.com, www.robshouse.net
Information
Hi Robert,
Bad Behaviour uses a very different approach to the spam module. They could work side by side quite comfortably, and in fact the WordPress community tend to use a mix of Bad Behavior, SpamKarma and the built-in anti-spam measures.
Bad Behavior works at an earlier point to the other tools, by analysing the HTTP request headers before any page at all loads (not just comment pages or add content pages) - and if the headers are not consistant with real browsers then loads an error page instead. The content is not analysed by this module.
Certain features make it easy to evolve bad behavior in the face of an evolving spammer. If an IP address fails the spam checks, it is added to a blacklist for 2 days, so the spammer can't just fiddle with their spambot until it passes the checks. The module can also be configured to log all requests, so if new spam is getting through the whole detail can be sent to the author. Finally, the logging system logs the entire header, so the reason for blocking can be fully ascertained.
Since the spam module is already a toolset, it may be worth while contributing this as extension to the spam module, instead of yet another new module. As a new contributor, I felt more comfortable working with a clean slate than attempting to modify someone elses work.
Cheers,
David
Very cool
I can hardly wait to review it.
- Robert Douglass
-----
Rate the value of this post: http://rate.affero.net/robertDouglass/
I recommend CivicSpace: www.civicspacelabs.org
My sites: www.hornroller.com, www.robshouse.net
me too
this sounds cool... but does it use a lot of resources?
Bad Behavior 1.2.1 upgrade
There has been an upgrade to Bad Behavior to fix white list support and to cope with Google Desktop.
The original module is compatible with the new version, but now includes installation instructions. To upgrade, simply unzip the latest install of Bad Behavior from here over the top of the original intallation.
David
Administrator e-mail in badbehavior settings?
Hi, David ...
First off, thanks for the module. I'm working on a new site, so I haven't been able to test it in action yet, but as much spam as the current (non-Drupal) site is getting, I'll find out very quickly how effective badbehavior module is. :)
I do have one important question regarding configuration of the module.
The Administrator e-mail for "for potential spammers to contact to gain access" ... should I change this from the default e-mail that comes with the module? And if so, should it be a legitimate address or a blackhole?
The wording of the help text makes me think a blackhole is the answer, but I wanted to be sure.
Thanks!
Gary
E-mail settings
Gary,
The mail address should be a real email address that someone who is a non-spammer can contact if Bad Behavior has blocked them incorrectly. I will change the help text in the next release, which will be in the next few days since there is a new release of Bad Behavior (1.2.2).
David
Bad Behavior 1.2.2
I have now tested BB 1.2.2 with the Drupal module, and it all works fine. The help text has been updated on CVS, and the downloadable module should be updated automatically within 24 hours of this post.
file missing??
Hi Kslap
Your module sounds very impressive. I just downloaded it and went to install it, but I get an error message stating that there is "no such file in line 173" which turns out to be "bad-behavior-core.php".
Am I missing something? Please help.
Thanks
Lev
Missing core application
This is caused by only installing the module, not the core bad-behavior distribution. Please see the README.txt for more information.
Bad Behavior 1.2.3 available
Bad Behavior V1.2.3 has now been released..
The main features are increased detection of spambots, especially those doing trackback spam and increased tolerance of missing user-agent headers which was a problem causing false positives.
This Drupal module is compatible with the release. I advise that you upgrade to avoid false positives, such as this Technorati issue.
quick question
Just a quick question:
How are you testing the script with and without user-agent and if there is a mix of http headers. I'm interested to know how you can test this.
Thank you!
Boby
My Homepage: www.frozenminds.com