Bad Behavior 2.0.9
January 8th, 2007 by Michael Hampton
Bad Behavior 2.0.9 has been released. It is a strongly recommended upgrade for all users.
This release is likely the final release in the 2.0 series as I make a major change in the development process; see below for details on this change.
This release addresses a further set of “false positive” reports received from various users which affect some uncommon circumstances.
New in this release (since 2.0.8):
- A workaround has been placed for a problem with the Clearswift Web Policy Engine. Users behind this proxy server are no longer blocked.
- A workaround has been placed for a bug in the LiveJournal OpenID process which Six Apart refuses to fix. Logins using OpenID will no longer fail.
- A workaround has been placed for bugs in some versions of Internet Explorer and Safari web browsers which caused them to be blocked after leaving a comment on WordPress. These requests are no longer blocked.
- A spam prevention feature was causing users to be blocked from their own blogs when they also subscribed to their own feed, or when they accessed the site with multiple web browsers at the same time; it has been disabled for rework.
The 2.0 series of Bad Behavior will be maintained as a legacy branch, with only bug fixes, false positive fixes and security fixes applied to this branch, if any such fixes are needed. No new checks for spammers will be added.
Shortly I will introduce a “development” 2.1 series on a much shorter development cycle, with days or perhaps even hours between releases. In this branch I’ll be experimenting with new spam prevention features, rolling them out quickly and rolling back quickly in case of actual trouble. I’ll also be rolling out a new packaging method which I’ve discussed previously, that will make Bad Behavior even more platform-independent than it currently is, and allow for the “core” to be updated separately from the “glue” which connects it to your host platform.
Once features prove themselves through development and testing to be stable, they’ll be rolled forward into a “stable” 2.2 series, intended for those users who are averse to the risks of blocking legitimate users or having the occasional crash. While I work very hard to ensure that every release, however labeled, does not crash, and does not generate false positives, things occasionally happen which are outside my control.
This parallel development scheme will help balance the needs of the two primary groups of Bad Behavior users.
The first group needs enterprise-grade code which ideally never blocks a single legitimate request and can quickly be rolled into production environments with a high degree of confidence. The tradeoff is the same as it has always been: to prevent any chance of false positives, Bad Behavior’s stable branch will permit some spam, anywhere from 0.1% to 10%, to pass through, and will require a backup solution such as Akismet. Even so, it will drastically reduce the amount of time and money spent managing spam, especially for deployments of dozens or hundreds or thousands of sites.
To serve this class of users more effectively, I’m also studying the feasibility of offering support contracts for enterprise users of Bad Behavior. Services offered under such contracts might include installation assistance, on-call support, hotfix development and deployment, and per-incident support. If your organization may need such a service, stay tuned for more details in the near future.
The second group, I believe, is the majority of Web sites: those for whom a rare blocked user is merely an annoyance rather than a critical problem, and who have much lower tolerance for spam because they aren’t being paid to manage their own blogs, wikis and forums. As much as possible, Bad Behavior’s development branch will limit spam for this class of users to 0.5% missed. The tradeoff is that you will be asked to do what you already do: to report any problems you encounter, whether they be missed spam or blocked users or plain old crashes.
And for users who would like to have their cake and eat it too, the development and stable versions will be installable side-by-side on the same site, and you will be able to switch back and forth between them at the click of a button.
Finally, prior to the first stable 2.2 release, I will be reworking all of Bad Behavior’s documentation and moving Bad Behavior from its current home to a new site dedicated solely to Bad Behavior. So you all will have to update your feed URLs to the new location soon. (Mailing list readers won’t have to do anything.)
In the meantime, Bad Behavior remains a user-supported project, with all code released under the GNU General Public License. If you find Bad Behavior valuable, please consider making a financial contribution. I develop Bad Behavior in my limited spare time, and every contribution means I can devote more time to its development.
bj Says
A minute of your time is needed, you can explain better than I can:
http://modxcms.com/forums/index.php/topic,11356.0.html
Thanks, Michael!
Jan 25th, 2007 at 6:34 pm
Terry O'Brien Says
I installed B-B 2.0.9 when I was developing a Wiki on my development system. When I upgraded to MediaWiki 1.9.3, I started getting the error message: “Fatal error: Call to undefined function wfQuery() in \HypnoMediaWiki\extensions\bad-behavior.php on line 63″
I’m at a loss to figure out what’s happening here, as wfQuery() is a standard MediaWiki dB function that appears several other places.
Any recommendations or suggestions?
Jan 25th, 2007 at 8:52 pm
c00i90wn Says
I have exactly the same problem as Terry O’Brien with MW 1.9.2 (1.9.3 does not exist)
Feb 7th, 2007 at 3:56 pm
новини Says
I have the same problem. Any solution, yet?
Feb 27th, 2007 at 11:15 am
Lucia Says
I’ve tried to install BB 2.0.10 at my SMF forum using the instructions for “other” installion. I dropped the Bad-Behavior folder in the “sources directory” and added this line to the “index.php” folder (which is the file called every time, and loades everything from the Sources directory).
require_once($sourcedir . ‘/Bad-Behavior/bad-behavior-generic.php’);
When I try to add a comment, I get this error.
=====
Notice: Undefined variable: screener2 in /home/.name/username/domainName/forum/Sources/Bad-Behavior/bad-behavior/post.inc.php on line 39
Warning: Cannot modify header information – headers already sent by (output started at /home/.name/username/domainName/forum/Sources/Bad-Behavior/bad-behavior/post.inc.php:39) in /home/.name/username/domainName/forum/Sources/Bad-Behavior/bad-behavior/screener.inc.php on line 8 loaded Bad Behavior
====
Any tips? Thanks!
Feb 28th, 2007 at 3:58 pm
R. Richard Hobbs Says
FYI If you are using Joomla-Wordpress (or Open-WP as it now known) Bad Behavior would not work as a plugin, but I found a hack to one of the Wordpress includes that Open-WP uses that seems to work:
http://forum.j-prosolution.com/openwp-feature-request/2660-bad-behavior-plugin-jd-wp.html
So maybe you can think of itas yet another port of Bad Behavior?
cheers
RH
Mar 28th, 2007 at 7:59 pm
ThePete Says
Wow, I’m really mad. I use BB2.0.9 and I just spent an hour writing a concise, well-written post but when I, the logged-in admin of my site, clicked “publish” I got an error 403 message saying that “We’re sorry, but we could not fulfill your request for /wp-admin/post.php on this server.
Your Internet Protocol address is listed on a blacklist of addresses involved in malicious or illegal activity. See the listing below for more details on specific blacklists and removal procedures.
Your technical support key is: 4cac-42ba-1366-73cd
You can use this key to fix this problem yourself.
If you are unable to fix the problem yourself, please contact xxx @ xxx . com and be sure to provide the technical support key shown above.”
This is very upsetting to me because a site visitor told me that she had the same trouble when she tried to leave a comment. I posted five times yesterday and it was fine. I have made no changes on the site between yesterday and today. WHY is BB blocking my users and I?
What’s even better is that your script claims that the user can “fix this problem yourself.” with the provided key–the catch is, when you click on the link you go to some ioerror.us website that doesn’t ask for the key and gives the user some BS crap about anti-viral software or whatever. I’m on a Mac, man, I don’t use any anti-viral software!!
BB2 has been doing a great job but if it’s *ever* going to block the site admin from posting, erase the attempted post from existence (which is seems to have done) and somehow prevent WP’s autosave from working, I’m not sure it’s worth the help BB gives me. And I know it’s BB2 that is stopping me from posting because when I turned off BB2 I could post just fine.
Dec 6th, 2007 at 11:56 am
Michael Hampton Says
You should install the current version of Bad Behavior.
Dec 6th, 2007 at 6:18 pm