Bad Behavior 2.0.32
November 2nd, 2009 by Michael Hampton
Bad Behavior 2.0.32 has been released. It is a maintenance release and is recommended for specific users identified below.
Please note: As of this release, 2.0 has been branched and development suspended. Further updates to the 2.0 tree will be bug fixes and security fixes only. Future development will be to the 2.1 development tree, the first release of which should be shortly. Expect a post within the next day with more information.
MediaWiki and WordPress users who have not updated in the last year or so should take note of special upgrade instructions below.
Who should upgrade?
Users of specialized web services integrated into their host platforms, for which Bad Behavior should not screen requests, should upgrade to correct potential problems with new functionality introduced in recent releases.
IPv6 users should upgrade to prevent users from being blocked inappropriately.
Users whose web site is hosted on a Windows server using IIS should upgrade to take advantage of new protection against certain attacks.
WordPress users should upgrade for enhancements to the administrative pages.
What’s new?
New in this release (since 2.0.31):
- Due to ongoing issues with various web services such as OpenID and PayPal IPN behaving in strange ways which trigger Bad Behavior, a new whitelist was added in version 2.0.30. You may now add URLs of your site to Bad Behavior’s whitelist. When a URL is added, Bad Behavior will ignore any HTTP request to that particular URL. If you need this feature, please check the
bad-behavior/whitelist.inc.phpfile for further information. In version 2.0.31 this feature failed on some PHP versions due to undocumented PHP behavior. This has been fixed. In addition, the PHP documentation has been fixed to reflect PHP’s actual behavior (which I still think is broken). - Users whose sites are accessible using IPv6 may find IPv6 users are blocked by Bad Behavior when the http:BL feature is enabled and certain versions of PHP are in use. This issue has been fixed.
- A SQL injection attack against Windows servers running IIS has been identified and blocked.
- The WordPress administrative page showing Bad Behavior logs has been enhanced slightly. It now shows reverse DNS records when available and identifies more search engines via http:BL.
Support
Thank you to everyone who has chosen to make a financial contribution toward further development of Bad Behavior. Your contributions ensure that I can prioritize Bad Behavior development and make more frequent and timely releases, like this one.
Download
Special Upgrade Instructions
Users of MediaWiki and WordPress upgrading from version 2.0.20 or earlier should follow these special directions (from 2.0.21 or later, upgrade normally):
For MediaWiki: Before installing this version of Bad Behavior, manually remove (e.g. using FTP or ssh) any old versions you may have, including the lines added to LocalSettings.php. Then install the new version fresh, following the installation instructions for MediaWiki.
For WordPress: If updating to this version through the automatic updater fails, manually remove (e.g. using FTP or ssh) any old versions you may have installed. Then upload and install the new version fresh, following the installation instructions for WordPress. After doing so, future automatic updates should proceed normally.
For other platforms: No changes to your upgrade procedures should be necessary.
