Bad Behavior 2.0.20 has been released. It is a security release and is strongly recommended for all users.
Who should upgrade?
All WordPress users should upgrade immediately to resolve security issues identified in previously released versions of Bad Behavior. Users of other platforms may remain at 2.0.19.
What’s new?
New in this release (since 2.0.19):
- The “Show Blocked” option in the WordPress management page did not do anything. It has been fixed
- A security issue was identified in the new management page for WordPress which would have allowed an attacker to compromise the site administrator’s PC through cross-site scripting or malicious code injection. This issue has been fixed.
Support
Bad Behavior aims to make spamming expensive enough that would-be spammers will find honest work instead, and to do so requires a significant amount of time and resources. If you’d like to help make spam a losing proposition and help stop spammers before they start, make a financial contribution to further development of Bad Behavior.
Download
Download Bad Behavior now!
Some WordPress users have reported in the last few days that using WordPress to update automatically to the latest release of Bad Behavior is failing.
A typical failed upgrade looks like this:
Downloading update from http://downloads.wordpress.org/plugin/bad-behavior.2.0.19.zip
Unpacking the update
Deactivating the plugin
Removing the old version of the plugin
Installing the latest version
Installation failed
If this has happened to you, please check your wp-content/plugins directory, manually remove any directories named Bad-Behavior or bad-behavior that may be present, and then download and reinstall the plugin.
Also, when installation fails in this way, the web server will record error messages in the server’s error_log file. If this has happened to you, please find the relevant information in your error_log and send it to me, so I can figure out what’s going on.
Thanks for your support!
Bad Behavior 2.0.19 has been released. It is a maintenance release and is recommended for all users.
Warning: The minimum system requirements for WordPress have changed as of this version. Bad Behavior on WordPress now requires at least version 1.5. (It was previously version 1.2.) Users of WordPress versions prior to 1.5 should upgrade WordPress prior to updating to this version of Bad Behavior.
Who should upgrade?
All users should upgrade to take advantage of protection from newly identified bots.
WordPress users should upgrade to use the new administration page which allows for browsing and searching Bad Behavior’s log.
What’s new?
New in this release (since 2.0.18):
- The test for the spambot identified in version 2.0.18 was not functioning correctly. The test has been fixed
- A new administration page has been added for WordPress which allows for browsing through the Bad Behavior log. Click Manage > Bad Behavior to view the log files. This feature will be expanded in the future based on user feedback. WordPress version 1.5 or higher is required.
Support
If you find Bad Behavior useful, please consider making a financial contribution to its further development.
Download
Download Bad Behavior now!
Bad Behavior 2.0.18 has been released. It is a maintenance release and is recommended for all users.
This is the first release in a very long time to incorporate protection from newly identified bots.
Who should upgrade?
All users, especially users of Coppermine Photo Gallery, should upgrade to take advantage of protection from newly identified bots. Users in the UK should upgrade to permit users from certain firms to view your site.
What’s new?
New in this release (since 2.0.17):
- Some proxy server products by Clearswift were blocked by Bad Behavior due to an odd header this proxy server uses. This issue has been fixed and all Clearswift products should be able to access Bad Behavior-protected sites.
- A new spambot and a malicious bot targeting Coppermine Photo Gallery have been identified and blocked.
Support
If you find Bad Behavior useful, please consider making a financial contribution to its further development.
Download
Download Bad Behavior now!
There’s a whole lot of buzz about the newest WordPress spam-fighting plugin on the block, and so I decided to go take a look and see if WP-SpamFree lives up to its hype.
“The WP-SpamFree plugin virtually eliminates automated comment spam from bots, including trackback and pingback spam,” its author, Scott Allen, claims. “It takes a different approach than most and stops spam at the door.”
Indeed, everyone who’s tried it reports that their spam has dropped off to virtually zero and that they haven’t heard from anybody who had problems leaving comments. Sounds like the Holy Grail of spam prevention, right?
Not so fast.
WP-SpamFree, it turns out, uses JavaScript and cookies to verify that someone is using an actual web browser to access your site and leave a comment. These approaches are not that different from what other plugins have done in the past. What distinguishes WP-SpamFree in this respect is that it requires both JavaScript and cookies in order for someone to post a comment. This will certainly keep out virtually every spambot out there.
Unfortunately, it will also block most mobile web browsers and some disabled users. In both cases the browsers being used aren’t capable of JavaScript, cookies, or both. If your blog targets mobile web users or people with disabilities, WP-SpamFree might not be for you.
Then there is WP-SpamFree’s method of blocking trackback and pingback spam. These are always automated, so using JavaScript and cookies is impossible. WP-SpamFree, it turns out, uses several extensive internal lists of IP addresses, URL fragments, and keywords to block this type of spam.
This works fairly well; however, the way it’s implemented in the current version of WP-SpamFree (1.9.6.2) is quite strange. It appears the author didn’t want to use arrays and loops to iterate through his lists and instead unrolled all his loops, resulting in a huge plugin clocking in at over 3,700 lines. There’s no obvious good reason for this; it would seem in PHP that the plugin would be much slower than it would otherwise. The gain of not having the loops doesn’t seem nearly as much as the overhead of compiling thousands of extra lines of bytecode. In addition there are several other examples of duplicate code which could have been split into functions.
These technical implementation issues make me wonder at how much experience the programmer has. If they were intentionally done by an experienced programmer, I would have expected them to be mentioned in the README or release notes or a blog entry, but especially in the code comments.
Despite those issues, the plugin works pretty well for what it does. I hope that the author addresses those implementation issues for his next major version, though, to make the plugin even better.
And there are things that WP-SpamFree does not do. It does not block email harvesters, for instance. It also does not block spambots when they scrape your site looking for your comment forms, nor block denial of service attacks. Indeed, under a heavy spam attack, its size and CPU usage could cause limited web hosting resources to be exhausted.
That’s all just a long way of saying that WP-SpamFree has its pros and cons, and if you choose to use WP-SpamFree, you still should keep Bad Behavior around as part of your overall spam prevention strategy.
Bad Behavior 2.0.17 has been released. It is a maintenance release and is optional for all users.
The changes released today are a result of my going back through my email and cleaning house, implementing some changes I somehow missed the first time through. Some of you may have gotten email from me in reply to messages as much as two years old.
Who should upgrade?
WordPress users should upgrade, as well as other users who see spurious PHP notices when posting forms.
What’s new?
New in this release (since 2.0.16):
- Some code specific to WordPress was moved out of the Bad Behavior core.
- Some variables in the screener were initialized to prevent spurious PHP notices.
- The LifeType code was updated to the latest version provided by its developers.
Support
If you find Bad Behavior useful, please consider making a financial contribution to its further development.
Download
Download Bad Behavior now!
