Updated for BadBehavior 2.1.13

These instructions work.

Tested and working in Drupal 6.14 with the bad-behavior.2.0.33.zip download.

I have a patch that should enable the module, after using the instructions found in this thread, to work with bad-behavior.2.0.33.zip, enabling the new Project Honey Pot (http:BL) functionality.

See this thread for some extra details: http://drupal.org/node/618482

Would someone please test it and report back? This patch is for version 6.x-1.0-rc2. It also incorporates the fix in #3 of the instructions in the first post of this thread.

Update: I can verify that the new http:BL does work very well.
Maintainer: Could you put up 5 minutes of your time to roll this into a new 1.0 release? :-)

Thank you!
I was pulling out my hair after upgrading my D5 to D6 and not seeing anything in my BB logs.. The instructions above work perfectly.

Attached is a complete compressed tar.gz of the module with version bad-behavior.2.0.33 of Bad Behavior rolled into it, in case anyone needs it all wrapped up. :-)

Minor non-critical fix to the patch, and a full compressed module patched and ready to go, using bad-behavior.2.0.34.

Why not just include bad-behavior code with the module? Sounds like an easier solution to me.

Why not just include bad-behavior code with the module? Sounds like an easier solution to me.

Because they are two different maintained works. The Bad Behavior Drupal module can get updated on a different schedule than the Bad Behavior spam script. (They are two different maintainers for two different items)

Sure, but it does make the installation process overly complicated. Why not include a version with the module and have users update it when they want to?

The patch in #6 is compatible with bad-behavior 2.0.36.

Word from the author of Bad Behavior script: 2.1 should work with the Drupal module if the new whitelist file is created manually or supported in the database.
I'm afraid a patch doesn't seem to be able to add a whitelist file to the module. Please someone incorporate the patches into the module... and add the new separate whitelist file required by 2.1. My testing of version 2.1.1 yeilded failure to work.

Marked #618482: PHP Errors From blackhole.inc.php as a duplicate of this issue.

Ok, I've created a new patch, and this thread has been getting so long that I thought I should summarize. Here are the steps to get badbehavior-6.x-1.0-rc2 up and running on your Drupal 6 website, with Bad Behavior 2.1.1:

1) Download Bad Behavior 2.1.1 script-set here: http://www.bad-behavior.ioerror.us/download
2) Download Bad Behavior, the Drupal v6 Module.
3) Unzip the bad-behavior.2.1.1.zip file, which will create a bad-behavior folder.
4) Uncompress the badbehavior-6.x-1.0-rc2.tar.gz file, which will create a badbehavior folder.
5) Download the badbehavior-6.x-1.0-rc2_BB211.patch in this post and place it in the badbehavior folder.
6) Open the bad-behavior folder (which also contains another 'bad-behavior' folder) and delete the README.txt file from it.
7) Copy the entire contents of the bad-behavior folder, which previously contained the README.txt file, including the second 'bad-behavior' folder, into your badbehavior folder.
8) Apply the badbehavior-6.x-1.0-rc2_BB211.patch.
9) Place the badbehavior folder into your Drupal modules directory on your web server, configure and install per Drupal standard practices.

Voila! You can check your Reports --> Status to find out if you have it installed correctly in Drupal. This should get you up and running with Bad Behavior in the 2.1.x versions.

PS: These instructions and patch will not work for the Bad Behavior 2.0.xx series of scripts... only the 2.1.x series should be used with this.

Attached updated patch makes additions to the README.txt file.

UPDATE: This patch works with Bad Behavior 2.1.2 released on 2010-02-13.

Dave, is there any way to get that last patch applied to this? The maintainer doesn't respond. Do you have access to use my patch, then make the modifications from your patches (http://drupal.org/node/673466 & http://drupal.org/node/664062) into one combined release?

Since this is still a development version of BadBehavior, I think it makes sense to branch the module into a new version for compatability with BadBehavior 2.1.x.

I'm all for making it a Bad Behavior 2.0rc1...

I like your improvements in the other patches you did. I barely had the PHP experience to pull off the HttpBL additions and the modifications to make BB2.1.1 work. I'm afraid modifying my patches to include yours is a bit outside by experience level. YOU on the other hand should be able to incorporate my patch with very little effort from the looks of it. :-)

Setting as postponed until we get the next release and create a new DRUPAL-6--2 branch.

UPDATE: The patch in #13 works with Bad Behavior 2.1.2 released on 2010-02-13.

Please, maintainers -- make a new release! For the logging patch I was able to manually edit the bb module and re-upload it. But the patch for 2.1 looks too complicated for that approach, and I don't have ssh access to my server account to run the patch in a shell terminal. So please make a new release that rolls all this up... thank you!

If you are on a Unix machine or a Mac OSX box, you can patch it right on your machine in a shell access, then upload it to your server.

However, it would be very nice to see a new version out soon. (-;

@gregarios -- thanks! I was able to do the patch on my Mac (patched versus the last release in 2008) and upload the patched module and bb 2.1.2, but I still get a fatal error at line 22 of the module. I have restored the previous version and will wait for the rollup release, but THANK YOU for pointing out I can do patches locally. I can't believe that never occurred to me.

Did you patch 6.x-1.0-rc2 and got the line 22 error?

yes, or so I intended. should I double check that?

@dhochman: Maybe you could show us the exact error? I've been using the module as patched for a couple months now and it seems to work perfectly...

If needed, I could zip up a patched module and attach it so you could test it from one I know works, so you can determine if it was the patching process gone wrong or your particular setup maybe.

Thank you, Gregarios -- I would like to accept that kind offer because I can't see what I might have done wrong. Would you please make a post that includes your working patched module as an attachment? I will try it and report back. Thanks in advance.

Attached is a fully patched Bad Behavior 6.x-1.0-rc2 module with version 2.1.2 of the official scripts included (installed) in it. All you need to do is unzip it and place the resulting folder in your modules directory.

To run it completely like I am, you should go to http://www.projecthoneypot.org/httpbl_configure.php and get a 12 character identification code to enter into the BB settings.

Thank you, Gregarios! This works perfectly and I'm delighted to again be current with bad behavior's latest and greatest iterations. Obviously my patching skills leave something to be desired. I'm most grateful to you.

I will investigate project honeypot and follow up there.

This is a message to confirm that the patch in comment #13 does work with Bad Behavior scripts version 2.1.7 that just came out today.

Maintainer: Any chance of getting this module updated yet?

Thank you thank you.

It is lucky to find this thread.

Please let people know how to install the new version on the main page.

Some changes were needed to this module for compatibility with the new bad behavior 2.1.8 scripts. The full module with the BB 2.1.8 installed in it is attached — just unzip it and drop it in your modules folder, and set the settings.

Dave... any chance of getting a nicely done update for this? (-;

Thanks, gregarios!

I suspect Dave's lost interest, since I haven't seen him participating in these issues in a year or so, but he's been active on other issues.

If I have to take it over myself I will, though just maintaining the core is enough work for a whole team :)

Updated complete package attached...

It's hard for me to review zip files :)

Dave,
I stopped submitting patches because you said you were going to rewrite the module anyway... so I decided to just take the easy route since it is a dead-end version right now. However, if you decided against rewriting it, and you want a patch from me to put out a new version, let me know and I'll supply it. :-)

Dave: After looking at the extensive changes to your dev version... my patch would probably be moot anyway. IS the dev version a 100% functional version currently, with BB 2.1.9?

Subscribing.

I'd love to know if BB 2.1.9 or later is supported...

@Michael Curry: Use the complete attachment from comment #34.

@gregarios

What version of the Drupal bad behavior module was that .zip file (from #34) based on? I just diffed it against the -dev version (http://drupal.org/node/674332) and the .module has changed rather dramatically.

Sorry... my "compatible" version is based from 6.x-1.0-rc2.

When Dave responds to comments #36 & #37 we'll know more.

@gregarios: You're right, my interest in this is very low at the moment. Would you like me to add you as a co-maintainer? It would probably make sense to make a new 2.x branch that works with BB 2.1.x.

Would you like me to add you as a co-maintainer?

I suppose yes — if nothing but to keep up with the BB 2.1.x maintenance additions. Can you point me to instructions and rules on how to put up new releases? I must tell you I haven't been a maintainer for any Drupal modules yet.

Ok... here it is...

Attached is a patch for the 6.x-1.x-dev version, which brings it into compatibility with BB 2.1.10.

Apply the patch by placing it in a fresh copy of 6.x-1.x-dev and running this from inside the badbehaviour directory:
patch -Rp0 < badbehavior_dev_2.1.10_20110129.patch

NOTE: The README.txt file has changed, and it is now a lot less complicated to install the BB scripts — please read it.

DAVE: Please apply this patch, or make some kind of small modification to allow both 2.0.x and 2.1.x versions of the BB scripts to work. (I think it can be done after my changes) Regardless... can you please just make a new release for us from this patch? :-) Please? It is currently running on my production site: www.kpbj.com

(PS: Don't ask me why the patch has the reverse flag in the code... I switched some files, but it works as instructed lol. To read the patch correctly, swap the minuses and pluses.)

Subscribing

NOTE: The 6.x-1.x-dev version with the patch from #44 applied still works nicely with BB 2.1.11.

subscribing

Confirming #46.

The 6.x-1.x-dev (2011-Feb-24) version has had a small update, so I took the opportunity to roll a new patch for it. Please install the attached patch by placing it in the badbehavior folder and running from the command line:
patch -p0 < badbehavior_dev_2.1.11_20110225.patch

This patch includes the new instructions for BB Scripts 2.1.11 installation, so please read the README.txt file.

Dave: Please apply this to make a new 6.x-2.x-dev version at your discretion. Thanks! ;-)

Attached is a new all-inclusive patch that endows the 6.x-1.x-dev (2011-Feb-24) version of the Bad Behavior Drupal module with BB 2.1.11 script compatibility and fixes a small PHP notice: undefined index error resulting from changes in the core.inc module of the BB scripts.

NOTE: This patch includes the new instructions for BB Scripts 2.1.11 installation, so please read the README.txt file.

Dave: Still could use a complete roll-in of this patch into a new version if you have a minute.

Please install this patch from the command line by placing the attached patch file into the "badbehavior" directory of this module and using this command: patch -p0 < badbehavior_dev_2.1.11_20110322.patch run from inside the directory.

Thanks gregarios

I recently ran into problems with the module and would like to update it. I have used command line but rarely, and worry about making an error trying to use it for applying the patch.

I looked and found no similar modules so anything which can be done to make this easier to install is helpful.

@ itserich:
Here are the commands to achieve a complete patched version of the module from the command line of your server:

cd /path/to/yoursite.com/sites/all/modules/
curl -f http://ftp.drupal.org/files/projects/badbehavior-6.x-1.x-dev.tar.gz > badbehavior-6.x-1.x-dev.tar.gz
tar -zxvf badbehavior-6.x-1.x-dev.tar.gz
rm badbehavior-6.x-1.x-dev.tar.gz
cd badbehavior
curl -f http://drupal.org/files/issues/badbehavior_dev_2.1.11_20110322.patch > badbehavior_dev_2.1.11_20110322.patch
patch -p0 < badbehavior_dev_2.1.11_20110322.patch

Then simply follow the instructions in the README.txt file for normal installation.

Thanks gregarios. It took me some time to figure out how to navigate to the path, and then I realized it is the same path as appears when navigating in cpanel.

It appeared to be working up to the end, where it stated hunks failed.

 curl -f http://ftp.drupal.org/files/projects/badbehavior-6.x-1.x-dev.tar.gz > badbehavior-6.x-1.x-dev.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 11296  100 11296    0     0  42782      0 --:--:-- --:--:-- --:--:--  152k
root@webserver [/home/petnotic/public_html/sites/all/modules]#
root@webserver [/home/petnotic/public_html/sites/all/modules]# rm badbehavior-6.x-1.x-dev.tar.gz
rm: remove regular file `badbehavior-6.x-1.x-dev.tar.gz'? y
root@webserver [/home/petnotic/public_html/sites/all/modules]# cd badbehavior
root@webserver [/home/petnotic/public_html/sites/all/modules/badbehavior]# curl -f http://drupal.org/files/issues/badbehavior_dev_2.1.11_20110322.patch > badbehavior_dev_2.1.11_20110322.patch
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2904  100  2904    0     0   7093      0 --:--:-- --:--:-- --:--:-- 28328
root@webserver [/home/petnotic/public_html/sites/all/modules/badbehavior]# patch -p0 < badbehavior_dev_2.1.11_20110322.patch
patching file ./README.txt
Hunk #1 FAILED at 1.
Hunk #2 FAILED at 27.
Hunk #3 FAILED at 45.
3 out of 3 hunks FAILED -- saving rejects to file ./README.txt.rej
patching file ./badbehavior.module
Hunk #1 FAILED at 83.
Hunk #2 FAILED at 97.
Hunk #3 FAILED at 109.
Hunk #4 FAILED at 175.
4 out of 4 hunks FAILED -- saving rejects to file ./badbehavior.module.rej
root@webserver [/home/petnotic/public_html/sites/all/modules/badbehavior]#

It appeared to be working up to the end, where it stated hunks failed.

I'm not sure why it would fail on your machine. What OS are you using? I just tried it again on my Mac (in the command-line) and it worked perfectly. I will try it on my FreeBSD machine in a bit and get back to this.

Ok, attached is a new patch (to go along with the new BB 2.1.12) and new patching instructions. You can just follow the instructions below and it shouldn't fail. At least it works on my FreeBSD server and my OSX 10.6.7 machine.

Instructions:

cd /path/to/yoursite.com/sites/all/modules/
curl -f http://ftp.drupal.org/files/projects/badbehavior-6.x-1.x-dev.tar.gz > badbehavior-6.x-1.x-dev.tar.gz
tar -zxvf badbehavior-6.x-1.x-dev.tar.gz
rm badbehavior-6.x-1.x-dev.tar.gz
cd badbehavior
curl -f http://drupal.org/files/issues/badbehavior_dev_2.1.12_20110407.patch > badbehavior_dev_2.1.12_20110407.patch
patch < badbehavior_dev_2.1.12_20110407.patch

Let me know your results.

Thank you, I will try it tomorrow.

I am on a CentOS 5.5, in my vps.

Thanks gregarios, this applied well and it seems to be working.

This is the first patch I have applied other than manually so it is great to learn how to do it.

This seems to be a unique module so thank you for the help.

Thanks gregarios, the above patch #56 for the BadBehavior 2.1.12 works fine; [function tested] with both Drupal and Pressflow V6.20.

I was half way through writing / debugging my very own Drupal Module / Core update for using both dnsbls_check() and http_bl_check() --when I discovered I was basically re-inventing / implementing what this BadBehavior 2.1.12 library + drupal module achieves. Through Google searches, I found I was literally duplicating what the 'library' BadBehavior' library was doing, and then more searching found this module utilizing that library (great).

This is a very outstanding module and library; when you [can finally] understand what is actually involved to protect web-servers against 'modern' warfare on any kind of 'user' input; forms, registration, guest comments, feedback, ticket-systems, contact us, etc.

Thanks for your effort and drupal community sharing! Appreciated!

I wonder why the full capabilities of Bad Behavior aren't being utilized? With two small file edits (neither to the core of Drupal), Bad Behavior's Screener feature can be implemented. I'll post more here if there's any interest.

Bad Behavior's Screener

I'm interested. Show me what code goes where and I'll set up another patch if possible. Thank you.

As a novice, I think this is a unique module which does not get much attention because the last release date is 3 years ago.

I do not think there is another module which works like Bad Behavior and it should probably be used by many more sites than the Reported Installs indicate. I am lucky to have happened upon it.

As a novice, I think this is a unique module which does not get much attention because the last release date is 3 years ago.

I do not think there is another module which works like Bad Behavior and it should probably be used by many more sites than the Reported Installs indicate. I am lucky to have happened upon it.

Yes. We badly need a new release rolled out of this thread's patch from comment #56. I thought Dave Reid would be the one to do it, but it's not looking like he's got time or something...

Updated patch for the newest BB Scripts...

New patch application instructions:

cd /path/to/yoursite.com/sites/all/modules/
curl -f http://ftp.drupal.org/files/projects/badbehavior-6.x-1.x-dev.tar.gz > badbehavior-6.x-1.x-dev.tar.gz
tar -zxvf badbehavior-6.x-1.x-dev.tar.gz
rm badbehavior-6.x-1.x-dev.tar.gz
cd badbehavior
curl -f http://drupal.org/files/issues/badbehavior_dev_2.1.13_20110427.patch > badbehavior_dev_2.1.13_20110427.patch
patch < badbehavior_dev_2.1.13_20110427.patch

Bad Behavior Screener inserts some javascript in the protected page's headers. According to Michael Hampton, the script does the following:

"The JavaScript code which gets inserted basically generates the same information as the cookie, and then dynamically adds it to every form on the page, so that the information gets submitted with the form (if the user has JavaScript enabled). If JS is disabled, the cookie is used instead. If both are disabled, well, there's nothing I can do about that. This code is used to attempt to detect malicious bots which take over a browser, e.g. Internet Explorer, and which otherwise would appear to be IE to the casual observer. Several recent spambots operate in this manner. It's also used to detect when content scraping is in use and the scraped content is passed to another host in a botnet. This is much less common, but it does happen."

Here's how to implement it:

First, you must reinsert the function into the module. This function is contained in bad-behavior-generic.php, but has been removed from badbehavior.module.

// Screener
function bb2_insert_head() {
        global $bb2_javascript;
        return $bb2_javascript;
}

I placed this on line 228 of badbehavior.module, just after the function bb2_install() code.

Then, for each theme in use on the Drupal installation, edit themes/(theme name)/page.tpl.php to include a call to the bb2_insert_head() function. This has to be placed such that the resulting javascript code is in the {head} portion of the page. For example, in Garland, I placed it after $scripts:

    <?php print $scripts ?>
    <!--[if lt IE 7]>

As such:

    <?php print $scripts ?>
    <?php print bb2_insert_head() ?>
    <!--[if lt IE 7]>

Each theme may use slightly different layouts of similar code. I know that the zen theme in my D5.x installation was a bit different, but not by very much.

Rather than needing to modify the theme, would this help:
http://api.drupal.org/api/drupal/includes--common.inc/function/drupal_ad...

mv useless_text /dev/null

Thank you gregarios.

I think it installed correctly, at least at patch command it reported no errors.

Is there a quick way to know which version of Bad Behavior is working? I am confused how it works because it seems to update the Drupal module and not the Bad Behavior library. Perhaps the update adds onto the library?

mv useless_text /dev/null

@Mr. Sharkey: If you want to continue on the "new features" idea, could you please start a new thread. This thread is reserved for updates to Bad Behavior that keep it in line with the BB Script 2.1.x series. I think you need to start a "feature request" thread.

No Problem, Adios.

@gregarious: I've added you as a co-maintainer. Have at it! I'm no longer actively using badbehavior, so I won't be able to devote a whole lot of time, as has obviously been shown here.

All the relevant information you need to clone/commit the repo as a maintainer as well as create releases is on the project's 'Git instruction' tab.

All the relevant information you need to clone/commit the repo as a maintainer as well as create releases is on the project's 'Git instruction' tab.

Thanks Dave. I'll see what I can do...

New development release is out and can be found here.

@gregarios:

New development release is out and can be found here.

Good news! Thanks for the quick work.

Now, if only we could see the 6.x-2.x-dev release appear on the project home page 'Downloads' section... :D

yes thank you gregarios