Archive for the 'Blog Spam' Category
Bad Behavior versions 2.0.37 and 2.1.3 have been released. For the 2.0 stable branch, this release is a maintenance release recommended for all users.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
Users deploying Bad Behavior on Microsoft IIS should upgrade to ensure that all Bad Behavior functionality works as intended.
Users who receive a significant amount of traffic from proxied connections (e.g. small business and enterprise users) should upgrade to prevent a tiny minority of these users from being blocked.
Users following the development branch should upgrade to take advantage of support for the CloudFlare reverse proxy service.
What’s new?
New in the 2.0.37 stable release (since 2.0.36):
- In rare configurations, the Firefox and Safari web browsers may send the nonexistent “Proxy-Connection” HTTP header. Old versions of Internet Explorer may also send this header in their default configurations. This usually occurs when the web browser is configured to connect to an (obsolete) HTTP/1.0 proxy or has been explicitly configured to use HTTP/1.0 when talking to a proxy, even if the proxy understands HTTP/1.1. This header originated with a proposal made by (then) Netscape which was rejected for inclusion in HTTP in 1998 due to its causing interoperability problems. Bad Behavior checks for this header as it has historically made an excellent indicator of malicious activity if it is seen at the origin server, because proxy servers are expected to strip the header. Because of the slight possibility of blocking legitimate users, this check is now active only in strict mode. (Thanks to Mark Nottingham for reporting this issue.)
- A workaround for a problem with PHP on IIS servers has been implemented. This issue caused various parts of Bad Behavior’s functionality to fail on IIS. (Thanks to Michael Kingery for reporting this issue.)
New in the 2.1.3 development release (since 2.1.2):
- The changes listed above for 2.0.37 have also been implemented.
- New code which implements “round-trip DNS” for verifying that an IP address belongs to a specific entity is now being used to verify Googlebot and MSNbot. This code replaces the old hard-coded IP addresses.
- Support for the CloudFlare reverse proxy service has been added. Users of this service should now be able to use Bad Behavior successfully. (Thanks to Matthew Prince at Project Honey Pot for his assistance with this implementation.)
Download
Download Bad Behavior now!
The 2.1 development releases will not be offered through the WordPress automatic upgrade facility. Only stable releases will be offered through automatic upgrade.
Support
You’ve probably noticed that there hasn’t been a release of Bad Behavior in several months. This is due entirely to the fact that I can only spend time on it when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by setting up a recurring contribution, or making your most generous one-time contribution for any amount.
Thank you again for supporting Bad Behavior development!
Bad Behavior 2.0.29 has been released. It is a maintenance release and is recommended for all users.
MediaWiki and WordPress users who have not updated in the last year or so should take note of special upgrade instructions below.
Who should upgrade?
All users should upgrade to resolve issues with certain specialized web crawlers being blocked. Users who wish to use OpenID in conjunction with Bad Behavior should also upgrade to resolve authentication issues.
What’s new?
New in this release (since 2.0.28):
- Users authenticating to a Bad Behavior-protected site using a third party OpenID were blocked with a message stating that: “Data may not be posted from offsite forms.” In most circumstances, your site does not want to receive a POST which originated from another site; however, OpenID requires this. A new option, offsite_forms, has been added to Bad Behavior to permit data to be posted to your site from other sites. Enabling this option will allow OpenID to work but may expose your site to spam which was previously blocked. WordPress users will find the option on Bad Behavior’s options page; other platforms should check their platform-specific documentation for how to set options.
- A few specialized web crawlers use an unusual form of the Range: HTTP header in their requests, requesting a range starting with 0. This behavior, while technically permitted by the HTTP specification, is most often seen with malicious crawlers; web browsers and major search engines do not use it. Bad Behavior will now block these requests only when strict mode is enabled.
Support
Thank you to everyone who has chosen to make a financial contribution toward further development of Bad Behavior. Your contributions ensure that I can prioritize Bad Behavior development and make more frequent and timely releases, like this one.
Download
Download Bad Behavior now!
Special Upgrade Instructions
Users of MediaWiki and WordPress upgrading from version 2.0.20 or earlier should follow these special directions (from 2.0.21 or later, upgrade normally):
For MediaWiki: Before installing this version of Bad Behavior, manually remove (e.g. using FTP or ssh) any old versions you may have, including the lines added to LocalSettings.php. Then install the new version fresh, following the installation instructions for MediaWiki.
For WordPress: If updating to this version through the automatic updater fails, manually remove (e.g. using FTP or ssh) any old versions you may have installed. Then upload and install the new version fresh, following the installation instructions for WordPress. After doing so, future automatic updates should proceed normally.
For other platforms: No changes to your upgrade procedures should be necessary.
Bad Behavior 2.0.28 has been released. It is a maintenance release and is recommended for all users.
MediaWiki and WordPress users who have not updated in the last year or so should take note of special upgrade instructions below.
Who should upgrade?
All users should upgrade to resolve issues identified after yesterday’s 2.0.27 release. These issues could cause PHP warnings to appear on your site, or could cause legitimate trackbacks to be blocked.
What’s new?
New in this release (since 2.0.27):
- A particularly nasty trackback spammer advertising various drugs was blocked in the 2.0.27 release. An error in the logic may have caused legitimate trackbacks to be blocked. This error has been corrected.
- A PHP warning which appeared in the IPv6 handling code has been corrected.
Support
Thank you to everyone who has chosen to make a financial contribution toward further development of Bad Behavior. Your contributions ensure that I can prioritize Bad Behavior development and make more frequent and timely releases, like this one.
I also want to say thanks to everyone who reported the problems in the previous release; you are too numerous to mention and my email box is still filling up with reports. So thank you.
Download
Download Bad Behavior now!
Special Upgrade Instructions
Users of MediaWiki and WordPress upgrading from version 2.0.20 or earlier should follow these special directions (from 2.0.21 or later, upgrade normally):
For MediaWiki: Before installing this version of Bad Behavior, manually remove (e.g. using FTP or ssh) any old versions you may have, including the lines added to LocalSettings.php. Then install the new version fresh, following the installation instructions for MediaWiki.
For WordPress: If updating to this version through the automatic updater fails, manually remove (e.g. using FTP or ssh) any old versions you may have installed. Then upload and install the new version fresh, following the installation instructions for WordPress. After doing so, future automatic updates should proceed normally.
For other platforms: No changes to your upgrade procedures should be necessary.
Bad Behavior 2.0.27 has been released. It is a maintenance release and is recommended for all users.
MediaWiki and WordPress users who have not updated in the last year or so should take note of special upgrade instructions below.
Who should upgrade?
All users should upgrade to take advantage of improved spam detection. Users who have an IPv6-enabled web site should upgrade to resolve problems relating to resolution of IPv6 addresses.
What’s new?
New in this release (since 2.0.26):
- A particularly nasty trackback spammer advertising various drugs has been blocked in this release.
- A check for a certain type of referrer spam had been broken and has been fixed.
- Bad Behavior attempted to pass IPv6 addresses, in an incorrect format, to blacklists which are not themselves ready to handle IPv6 addresses. On Mac OS X, this also caused users on localhost to be blocked, since it uses the IPv6 address for localhost, even without another IPv6 network connection. A workaround was placed in version 2.0.26 to disable checking IPv6 addresses until the various blacklists are able to accept IPv6 addresses. The workaround was not coded correctly and has been corrected in this release.
- A harmless PHP notice has been suppressed.
Support
With the economy the way it is, I’ve had to spend the past few months on projects which pay the bills, with Bad Behavior on the back burner. If Bad Behavior has helped you, please make a financial contribution toward further development. Your contribution ensures that I can prioritize Bad Behavior development and make more frequent and timely releases.
Download
Download Bad Behavior now!
Special Upgrade Instructions
Users of MediaWiki and WordPress upgrading from version 2.0.20 or earlier should follow these special directions (from 2.0.21 or later, upgrade normally):
For MediaWiki: Before installing this version of Bad Behavior, manually remove (e.g. using FTP or ssh) any old versions you may have, including the lines added to LocalSettings.php. Then install the new version fresh, following the installation instructions for MediaWiki.
For WordPress: If updating to this version through the automatic updater fails, manually remove (e.g. using FTP or ssh) any old versions you may have installed. Then upload and install the new version fresh, following the installation instructions for WordPress. After doing so, future automatic updates should proceed normally.
For other platforms: No changes to your upgrade procedures should be necessary.
Bad Behavior 2.0.21 has been released. It is a maintenance release and is recommended for all users.
MediaWiki and WordPress users should take note of special upgrade instructions below.
Who should upgrade?
Users who receive significant traffic from the Ukraine should upgrade to fix an issue which may cause users in the Ukraine to be blocked.
All users should upgrade to take advantage of protection from newly identified spambots and malicious bots as well as a new method of spambot detection.
What’s new?
New in this release (since 2.0.20):
- Users who specified the Ukrainian language in their browser settings were mistakenly blocked. This issue has been fixed.
- Bad Behavior now incorporates data on harvesters and comment spammers compiled by Project Honey Pot and published through its http:BL service. In order to enable this feature, you must obtain an http:BL access key and provide this key to Bad Behavior in its settings. While the http:BL settings can be fine-tuned to block or allow requests based on the threat level and age of a harvester or comment spammer record, the default settings have been extensively tested and found to block virtually all spammers known to http:BL while allowing all legitimate users, even those that http:BL may have classified as suspicious. This feature obsoletes any other http:BL plugins you may have, and they can be removed.
- The Majestic-12 search engine crawler was mistakenly blocked. This block has been removed and a block placed for a malicious bot which pretends to be the Majestic-12 crawler.
- The bot used by Attributor, a service which looks for copyright infringement and sends takedown notices, has been identified and blocked.
- Several additional spambots have been identified and blocked by user agent.
Support
If Bad Behavior has helped you, please make a financial contribution toward further development. Your contribution ensures that I can prioritize Bad Behavior development. Otherwise I must spend most of my time on other projects which pay the bills. Which is a shame, because I really enjoy making spammers miserable and drying up their revenue streams until it’s more profitable for them to work at McDonald’s than to send spam.
Download
Download Bad Behavior now!
Special Upgrade Instructions
For MediaWiki: Before installing this version of Bad Behavior, manually remove (e.g. using FTP or ssh) any old versions you may have, including the lines added to LocalSettings.php. Then install the new version fresh, following the installation instructions for MediaWiki.
For WordPress: If updating to this version through the automatic updater fails, manually remove (e.g. using FTP or ssh) any old versions you may have installed. Then upload and install the new version fresh, following the installation instructions for WordPress. After doing so, future automatic updates should proceed normally.
For other platforms: No changes to your upgrade procedures should be necessary.
Bad Behavior 2.0.20 has been released. It is a security release and is strongly recommended for all users.
Who should upgrade?
All WordPress users should upgrade immediately to resolve security issues identified in previously released versions of Bad Behavior. Users of other platforms may remain at 2.0.19.
What’s new?
New in this release (since 2.0.19):
- The “Show Blocked” option in the WordPress management page did not do anything. It has been fixed
- A security issue was identified in the new management page for WordPress which would have allowed an attacker to compromise the site administrator’s PC through cross-site scripting or malicious code injection. This issue has been fixed.
Support
Bad Behavior aims to make spamming expensive enough that would-be spammers will find honest work instead, and to do so requires a significant amount of time and resources. If you’d like to help make spam a losing proposition and help stop spammers before they start, make a financial contribution to further development of Bad Behavior.
Download
Download Bad Behavior now!
Bad Behavior 2.0.19 has been released. It is a maintenance release and is recommended for all users.
Warning: The minimum system requirements for WordPress have changed as of this version. Bad Behavior on WordPress now requires at least version 1.5. (It was previously version 1.2.) Users of WordPress versions prior to 1.5 should upgrade WordPress prior to updating to this version of Bad Behavior.
Who should upgrade?
All users should upgrade to take advantage of protection from newly identified bots.
WordPress users should upgrade to use the new administration page which allows for browsing and searching Bad Behavior’s log.
What’s new?
New in this release (since 2.0.18):
- The test for the spambot identified in version 2.0.18 was not functioning correctly. The test has been fixed
- A new administration page has been added for WordPress which allows for browsing through the Bad Behavior log. Click Manage > Bad Behavior to view the log files. This feature will be expanded in the future based on user feedback. WordPress version 1.5 or higher is required.
Support
If you find Bad Behavior useful, please consider making a financial contribution to its further development.
Download
Download Bad Behavior now!
Bad Behavior 2.0.18 has been released. It is a maintenance release and is recommended for all users.
This is the first release in a very long time to incorporate protection from newly identified bots.
Who should upgrade?
All users, especially users of Coppermine Photo Gallery, should upgrade to take advantage of protection from newly identified bots. Users in the UK should upgrade to permit users from certain firms to view your site.
What’s new?
New in this release (since 2.0.17):
- Some proxy server products by Clearswift were blocked by Bad Behavior due to an odd header this proxy server uses. This issue has been fixed and all Clearswift products should be able to access Bad Behavior-protected sites.
- A new spambot and a malicious bot targeting Coppermine Photo Gallery have been identified and blocked.
Support
If you find Bad Behavior useful, please consider making a financial contribution to its further development.
Download
Download Bad Behavior now!
There’s a whole lot of buzz about the newest WordPress spam-fighting plugin on the block, and so I decided to go take a look and see if WP-SpamFree lives up to its hype.
“The WP-SpamFree plugin virtually eliminates automated comment spam from bots, including trackback and pingback spam,” its author, Scott Allen, claims. “It takes a different approach than most and stops spam at the door.”
Indeed, everyone who’s tried it reports that their spam has dropped off to virtually zero and that they haven’t heard from anybody who had problems leaving comments. Sounds like the Holy Grail of spam prevention, right?
Not so fast.
WP-SpamFree, it turns out, uses JavaScript and cookies to verify that someone is using an actual web browser to access your site and leave a comment. These approaches are not that different from what other plugins have done in the past. What distinguishes WP-SpamFree in this respect is that it requires both JavaScript and cookies in order for someone to post a comment. This will certainly keep out virtually every spambot out there.
Unfortunately, it will also block most mobile web browsers and some disabled users. In both cases the browsers being used aren’t capable of JavaScript, cookies, or both. If your blog targets mobile web users or people with disabilities, WP-SpamFree might not be for you.
Then there is WP-SpamFree’s method of blocking trackback and pingback spam. These are always automated, so using JavaScript and cookies is impossible. WP-SpamFree, it turns out, uses several extensive internal lists of IP addresses, URL fragments, and keywords to block this type of spam.
This works fairly well; however, the way it’s implemented in the current version of WP-SpamFree (1.9.6.2) is quite strange. It appears the author didn’t want to use arrays and loops to iterate through his lists and instead unrolled all his loops, resulting in a huge plugin clocking in at over 3,700 lines. There’s no obvious good reason for this; it would seem in PHP that the plugin would be much slower than it would otherwise. The gain of not having the loops doesn’t seem nearly as much as the overhead of compiling thousands of extra lines of bytecode. In addition there are several other examples of duplicate code which could have been split into functions.
These technical implementation issues make me wonder at how much experience the programmer has. If they were intentionally done by an experienced programmer, I would have expected them to be mentioned in the README or release notes or a blog entry, but especially in the code comments.
Despite those issues, the plugin works pretty well for what it does. I hope that the author addresses those implementation issues for his next major version, though, to make the plugin even better.
And there are things that WP-SpamFree does not do. It does not block email harvesters, for instance. It also does not block spambots when they scrape your site looking for your comment forms, nor block denial of service attacks. Indeed, under a heavy spam attack, its size and CPU usage could cause limited web hosting resources to be exhausted.
That’s all just a long way of saying that WP-SpamFree has its pros and cons, and if you choose to use WP-SpamFree, you still should keep Bad Behavior around as part of your overall spam prevention strategy.
Bad Behavior 2.0.14 has been released. It is a maintenance release and is recommended for all users.
Who should upgrade?
Users of WordPress 2.5 or later should upgrade to enable the new Flash-based image uploader.
What’s new?
New in this release (since 2.0.13):
- Shockwave Flash has been removed from the blacklist, since software that uses Bad Behavior (WordPress 2.5 and later) now includes Flash animations which access the software backend. Since some email harvesters use Shockwave Flash as a user-agent string, this may result in additional email spam being received if email addresses are exposed on your site.
Download
Download Bad Behavior now!
Support
If you find Bad Behavior useful, please consider making a financial contribution to its further development.
