Recent Topics
  1. b2evolution CMS Support Forums
  2. b2evolution Support
  3. Plugins & Extensions
  4. Fighting spam!
  5. [HACK] Bad Behavior / Bad Behaviour

[HACK] Bad Behavior / Bad Behaviour

1 Oct 04, 2005 19:59    

What is Bad Bevahior / Bad Behaviour?
[list]According to its [url=http://www.ioerror.us/software/bad-behavior/]official site[/url]:

[list]Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however. Bad Behavior is available for several PHP-based software packages, and also can be integrated in seconds into any PHP script.[/list:u]
Learn more about [url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url] on its [url=http://www.ioerror.us/software/bad-behavior/]official site[/url].[/list:u]

What does this hack do?
[list]The hack presented in this thread implements [url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url] for [url=http://b2evolution.net]b2evolution[/url].

Please notice there is no user-interface implemented here. So, if you want to know what [url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url] did to protect your [url=http://b2evolution.net]b2evolution[/url] blogs from spammers, use a [url=http://www.mysql.com]MySQL[/url] client like [url=http://www.phpmyadmin.net/]phpMyAdmin[/url] to edit the associated evo_bad_behavior_log table.[/list:u]

How quick is it?
[list][url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url] takes approximatively 10 ms on my 2 GHz/512 MB server with [url=http://turck-mmcache.sourceforge.net/]Turck MMCache for PHP[/url] installed. It's nothing compared to the whole page generation (100-2,000 ms).[/list:u]

Is it the ultimate antispam hack?
[list]No, [url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url] is not the ultimate antispam hack. However, used with other antispam solutions, including:[list]

  • an [url=http://isaacschlueter.com/2005/06/b2evolution_antispam_recheck_cronjob/]up to date b2evolution antispam blacklist[/url],[*]a [url=http://isaacschlueter.com/2005/06/referer_spam_blocker_for_b2evo/]Referer Spam Blocker for b2evolution[/url],[*]avoiding [url=http://isaacschlueter.com/2005/09/dont-publish-stats/]Sharing Statistics (and why it’s a really really dumb idea)[/url] also explained in [url=http://b2evolution.net/man/2004/12/29/control_referer_spam_howto]How to control referer spam hits from search engines[/url],

  • [url=http://forums.b2evolution.net/viewtopic.php?t=4876]banning untrusted IPs[/url][/list:u][url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url] should help reducing spam on your blogs.[/list:u]

    • What b2evolution versions are supported?
    [list]The following implementation supports most [url=http://b2evolution.net]b2evolution[/url] versions, including 0.9.0.x (Europe, Berlin, Oslo, Madrid, Copenhagen, Paris, Amsterdam), 0.9.1 (Dawn) and should still be compatible with the yet to be release 0.9.2 (Phoenix) release without any change.[/list:u]

    Implementation

    Download Bad Behavior / Bad Bahaviour
    [list]First of all, download the latest version of [url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url] (currently 1.2.2) and copy the downloaded and unzipped bad-behavior folder into your [url=http://b2evolution]b2evolution[/url] installation plugins directory, so you should see a:

    plugins\bad-behavior\bad-behavior-generic.php

    file.[/list:u]
    Create a b2evolution hook
    [list]Copy and paste the:

    plugins\bad-behavior\bad-behavior-generic.php

    file to create a new:

    plugins\bad-behavior\bad-behavior-b2evo.php

    file.

    For your convenience, edit the configuration parameters you can find in the first half of the bad-behavior-b2evo.php file (in most cases, just update the e-mail address with yours).

    Edit the new bad-behavior-b2evo.php file so the second half looks like this:

    ###############################################
#   DO NOT EDIT BELOW THIS LINE
###############################################

$wp_bb_mtime = explode(' ', microtime());
$wp_bb_timer_start = $wp_bb_mtime[1] + $wp_bb_mtime[0];

define('WP_BB_CWD', dirname(__FILE__));

// Callbacks

// generic code; you should reimplement these if you want logging and
// database functions

// return a UTC date in the format preferred by your database
function wp_bb_date() {
	return gmdate('Y-m-d H:i:s');
}

// run a SQL query and return # of rows affected, or FALSE if query failed
function wp_bb_db_query($query) {
    // b2evolution-specific code by kwa (http://blog.lesperlesduchat.com/dev.php)
    global $DB;
    return $DB->query( $query );
}

// Load core functions and do initial checks
require_once(WP_BB_CWD . "/bad-behavior-core.php");

$wp_bb_mtime = explode(' ', microtime());
$wp_bb_timer_stop = $wp_bb_mtime[1] + $wp_bb_mtime[0];
$wp_bb_timer_total = $wp_bb_timer_stop - $wp_bb_timer_start;


function wp_bb_timer_display() {
	global $wp_bb_timer_total;
	echo "\n<!-- Bad Behavior " . WP_BB_VERSION . " run time: " . number_format($wp_bb_timer_total, 3) . " seconds -->\n";
}

?>

    As you can see, there are mainly two lines differenciating this [url=http://b2evolution.net]b2evolution[/url] implementation from its [url=http://www.wordpress.org]WordPress[/url] cousin you can find in the neighbouring bad-behavior-wordpress.php file.
    [/list:u]

    Update the whitelist
    [list]If you use the [url=http://forums.b2evolution.net/viewtopic.php?t=4672]Simple Cache Hack[/url] or access to your server with your own server using file_get_contents() (or similar functions sending an empty user agent), you'll have to update the whitelist or your server is going to be considered as spammer and receive a 412 Precondition Failed [url=http://www.web-cache.com/Writings/http-status-codes.html]HTTP status code[/url]. If you are not concerned, just skip this section.

    Edit the bad-behavior-whitelist.php file and update the following whitelist (around lines 37-45):

    // Includes four examples of whitelisting by IP address and netblock.
// All are commented out.
$wp_bb_whitelist_ip_ranges = array(
//	"10.0.0.0/8",
//	"172.16.0.0/12",
//	"192.168.0.0/16",
//	"127.0.0.1",
);

    as follows:

    // Includes four examples of whitelisting by IP address and netblock.
// All are commented out.
$wp_bb_whitelist_ip_ranges = array(
    $_SERVER[ 'SERVER_ADDR' ],
//	"10.0.0.0/8",
//	"172.16.0.0/12",
//	"192.168.0.0/16",
//	"127.0.0.1",
);

    [/list:u]

    Configure b2evolution to use Bad Bahavior / Bad Behaviour
    [list]Now, we have to configure [url=http://b2evolution]b2evolution[/url] to use [url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url].

    If you haven't created one before, create an empty conf/hacks.php and and edit it with the following code:

    <?php 

?>

    Edit your conf/hacks.php file and add the following lines at the end of it:

    // Add Bad Behavior / Bad Behaviour with logging feature enabled
require_once dirname(__FILE__)."/$conf_dirout/$plugins_subdir/bad-behavior/bad-behavior-b2evo.php"

    so you should see the following three lines at the end of your conf/hacks.php files:

    // Add Bad Behavior / Bad Behaviour with logging feature enabled
require_once dirname(__FILE__)."/$conf_dirout/$plugins_subdir/bad-behavior/bad-behavior-b2evo.php"
?>

    [/list:u]

    Performance display
    [list]If you want to check [url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url]'s performance, edit your favorite skin _main.php file and add the following code:

    <?php wp_bb_timer_display(); // Bad behaviour / Bad Bahaviour execution time ?>

    just before:

    </body>

    appearing at the end of your skin file.

    Then, load your favorite blog using your favorite skin. Finally, display the web page's source code and go to the very end of it. You shoud see the time spent in [url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url]'s filtering and logging. It should look like this:

    <!-- Bad Behavior 1.2.2 run time: 0.008 seconds -->

    I have noticed [url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url] takes about 4 to 22 ms with an average time of about 10 ms on my 2 GHz/512 MB server with [url=http://turck-mmcache.sourceforge.net/]Turck MMCache for PHP[/url] installed. Almost nothing compared to the whole page processing.[/list:u]
    That's all!

    Back to top

    2 Oct 04, 2005 20:54

    Nice job! -- of ALL of the WP hacks, this is one thats definitely worth porting over. I actually started using this a couple months back, and its taken care of what few spam attempts I havent managed to deter through my hardened .htaccess

    Ioerror takes a very intelligent approach in this -- catching spam before it makes it to your blog, and not relying on keywords or content.

    Kudos Kwa!

    Back to top

    3 Oct 04, 2005 22:51

    No, it's not the ultimate antispam hack, but I'm still working on that. :)

    Thanks for the port. The less spam, the better, as far as I'm concerned.

    Back to top

    5 Oct 05, 2005 07:52

    error wrote:

    No, it's not the ultimate antispam hack, but I'm still working on that. :)

    Thanks for the port. The less spam, the better, as far as I'm concerned.

    lol, there goes the neighborhood :P

    Back to top

    6 Oct 16, 2005 04:36

    kwa wrote:

    How quick is it?

      [url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url] takes approximatively 10 ms on my 2 GHz/512 MB server with [url=http://turck-mmcache.sourceforge.net/]Turck MMCache for PHP[/url] installed. It's nothing compared to the whole page generation (100-2,000 ms).[/list:u][/quote] I've noticed [url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url] slows down with time. It's probably due to its logging feature (I left it to one week, the default value). After two weeks, its execution time increased a lot: 
      <!-- Bad Behavior 1.2.2 run time: 0.465 seconds -->
      That's more than 4 times slower than on day one. However, whitelisted domains need only 4 ms. It logged 641 blocked requests (1.15%) out of a total of 55,989 requests. However, I noticed blocking open proxies and spammer servers (both using DNSBLs) appears to be a quicker (< 100 ms) and better way (more spammers blocked) to block spammers. However, using both approaches increases the number of blocked spammers. As for [url=http://b2evolution.net]b2evolution[/url]'s stats (see [url=http://forums.b2evolution.net/viewtopic.php?t=5245]CPU Usage Reduction Hack: Auto pruning of old stats[/url]), I believe [url=http://www.ioerror.us/software/bad-behavior/]Bad Bevahior / Bad Behaviour[/url]'s slowest part is auto prunning of old stats. I'm going to investigate about that issue. (Does anyone know of any free PHP performance analyzer/tunning software?)
    Back to top

    7 Nov 09, 2005 17:28

    Ouch!

    <!-- Bad Behavior 1.2.3 run time: 2.090 seconds -->

    Back to top

    8 Nov 09, 2005 17:29

    Seocnd time around was better.. :)

    <!-- Bad Behavior 1.2.3 run time: 0.023 seconds -->

    Back to top

    9 Nov 09, 2005 20:39

    mikkyT wrote:

    Ouch!
    <!-- Bad Behavior 1.2.3 run time: 2.090 seconds -->

    Seocnd time around was better.. :)
    <!-- Bad Behavior 1.2.3 run time: 0.023 seconds -->

    What have you done to improve the speed by a factor of 90?

    Back to top

    10 Mar 01, 2006 03:13

    I do not understand about your Bad Behavior run time.

    Accordingly my understanding Bad Behavior should slow down only when a comment/trackback is submitted, but not to slow down posts display.

    What is wrong in my undestanding? :-/

    Back to top

    11 Mar 02, 2006 14:42

    Bad Behavior logs either spammers and legitime accesses. Bad Behavior uses the identified spammers log to block already identified spammers even if they fix their scripts to behave otherwise for a given period of time.

    Legitime accesses logging is only used by yourself if you want to report a spammer to the author that has not been identified as one. Since 99% of the log are real legitime users, the log tends to increase in size, slows down the script and since you don't report anything, becomes useless. Remove the legitime users logging and you're going to speed up Bad Behavior execution.

    Back to top

    12 Jul 08, 2006 13:40

    Bad behaviour 2 is out, could someone possibly take a look at what needs doing?

    As far as I can see theres two extra functions in the generic php script and Im not sure of the change to make (other than the query one).

    My old version of BB is starting to fail as the spammers are changing the headers used etc so it needs upgrading.

    Back to top

    13 Mar 03, 2007 17:34

    Hi,

    Thanks for the notes on installing to b2evolution... of all the anti-spam solutions, this looks essential.

    I following your instructions for 1.9.2 but had to make a few directory and file name changes. But it does not appear to be installing as no dbase changes have been made. I am testing on local host.

    1. how do we know this is active?
    2. I copy/pasted your code for the bad-behavior-b2evo.php file, but was unclear (sorry). Do we leave all script as is (except for the email address) and then add on your script? or does your script replace certain parts of the file?

    Changes for 1.9.2 are:

    Hack.php - File Directory path needs to be customised for plugin folder
    from:
    require_once dirname(__FILE__)."/$conf_dirout/$plugins_subdir/bad-behavior/bad-behavior-b2evo.php"

    to:
    require_once "$plugins_path/bad-behavior/bad-behavior-b2evo.php"

    The script to add hack - load core functions and do initial checks needs to be changed:
    from:
    require_once(WP_BB_CWD) . "/bad-behavior-core.php");
    to:
    require_once(WP_BB_CWD) . "/bad-behavior/core.inc.php
    (folder and file name change)

    Hope this helps someone

    Back to top

    14 Mar 03, 2007 17:47

    Hi,

    1.9.2 is parsing errors due to the bb2_insert_head()
    I have placed it in the_main.php header with a php...

    --

    Notice: Undefined variable: screener2 in C:\Documents and Settings\HP_Administrator\My Documents\websites\b2evolution\blogs\plugins\bad-behavior\bad-behavior\post.inc.php on line 42

    Warning: Cannot modify header information - headers already sent by (output started at C:\Documents and Settings\HP_Administrator\My Documents\websites\b2evolution\blogs\plugins\bad-behavior\bad-behavior\post.inc.php:42) in C:\Documents and Settings\HP_Administrator\My Documents\websites\b2evolution\blogs\plugins\bad-behavior\bad-behavior\screener.inc.php on line 11

    Warning: Cannot modify header information - headers already sent by (output started at C:\Documents and Settings\HP_Administrator\My Documents\websites\b2evolution\blogs\plugins\bad-behavior\bad-behavior\post.inc.php:42) in C:\Documents and Settings\HP_Administrator\My Documents\websites\b2evolution\blogs\inc\VIEW\_menutop.php on line 39

    Back to top

    15 Mar 17, 2007 02:07

    So I have read the entire post and still cannot get anything to work. :oops:

    Does this create a table in the database? It looks like it will but so far nothing. All I get when I have the hack.php file on the server is a blank page. I have tried to call the script directly and still the same.... a blank page.

    What am I doing wrong? Could it be that I am on a Windows server?

    Any suggestions would be welcome. I am running 1.9.2. The spam is annoying and it would be great to stop it.

    Thanks in advance for the advice/help.

    Back to top

    16 Apr 22, 2007 05:09

    This hack is not intended to work with the latest b2evolution versions. It works with versions 0.9.x only.

    Back to top


    Form is loading...