Bad Behavior 2.2.1 has been released. This is a maintenance release and is recommended for all users.
Who Should Update?
All 2.2 series users should update in order to receive the important bug fixes contained in this release.
Users who have not yet updated to the 2.2 series should plan to update as soon as possible. Support for the 2.0 series will end June 30, 2013.
Download
Download Bad Behavior now.
What’s New?
Changes since 2.2.0:
- On platforms where database logging is available, Bad Behavior would sometimes continue to log even when the logging setting was turned off. This has been fixed.
- When a site enabled the Reverse Proxy option when it was not actually needed, Bad Behavior would sometimes fail to acquire the correct IP address for incoming requests. Bad Behavior’s code to detect this situation and acquire the correct IP address has been improved.
- WordPress: When a different anti-spam plugin identifies a request as spam, and Bad Behavior did not, Bad Behavior will now log a copy of that request (if logging is enabled). This is to help facilitate reporting of spam not yet detected by Bad Behavior. WordPress users may view the log by visiting the administrative page Tools » Bad Behavior Log.
- WordPress: To improve compatibility with other plugins, Bad Behavior no longer stores data in PHP sessions while screening requests.
Support
I will skip the usual speech. If you’re reading this you already know how valuable Bad Behavior is. Donate today to ensure that I can keep going in the fight against our mutual enemies, the spammers.
Bad Behavior 2.2.0 has now been released. This is the first general availability release for the 2.2 series and is recommended for all users.
Support for the Bad Behavior 2.0 branch will end June 30, 2013. All users should make plans to migrate to version 2.2 prior to that date.
Who Should Upgrade?
All users should plan to upgrade to Bad Behavior 2.2.
IPv6 users, and users who use reverse proxies, load balancers or content distribution networks such as Akamai and CloudFlare, should accelerate their migration plans and upgrade as soon as possible.
Download
Impatient? Go download Bad Behavior now. The on-site documentation has already been updated for version 2.2, so please check the documentation before upgrading to familiarize yourself with the changes and new options.
What’s New?
Bad Behavior 2.2 adds new features, including some designed to assist enterprise users with very high traffic installations on large server farms, as well as convenience features for all users and a variety of fixes and improvements.
Since Bad Behavior 2.0:
- Some additional known spammers have been identified and blocked.
- IPv6 support has been improved, including new support for IPv6 whitelisting.
- New configuration options are available for web sites running behind reverse proxies/load balancers and third party content distribution networks such as Akamai and CloudFlare. These options ensure that Bad Behavior can correctly screen requests when operating in these environments.
- Search engines are screened faster and more accurately, improving search engine metrics such as Google Page Speed and YSlow and virtually eliminating the possibility of false positives for search engines. (Bad Behavior still blocks most malicious traffic originating from search engine providers’ networks.)
- Blackhole lists other than http:BL have been removed as unsuitable for sites running Bad Behavior. Because of its comment spammer tracking, http:BL remains the only blackhole list Bad Behavior uses. (It is disabled by default; enable it in your settings if you wish to use it.)
- For platforms without built-in administrative pages, Bad Behavior has a simplified method of changing settings. Settings changes on these platforms are preserved through software updates.
- Bad Behavior’s whitelisting feature has been completely revamped. Whitelists are much easier to maintain and are preserved through software updates.
- Across the board performance improvements have been added.
- Messaging displayed to blocked requests has been significantly improved for clarity and to facilitate issue resolution.
- MediaWiki: Fixes for database access have been incorporated. It should no longer be necessary to place strange hacks in LocalSettings.php to use Bad Behavior on MediaWiki.
- WordPress: Minor display issues in the log viewer have been corrected.
- Numerous additional minor improvements.
What’s Coming?
Shortly I’ll be posting my roadmap for Bad Behavior 3.0, the next major version. This will be a ground-up rewrite of Bad Behavior incorporating lessons learned over the past seven years of fighting link spam and programming in general.
I will also once again be adding new spammers to Bad Behavior as I catch them. Analyzing spammers is an ongoing process and is probably the most time-consuming part of this whole project.
Support
I will skip the usual speech. If you’re reading this you already know how valuable Bad Behavior is. Donate today to ensure that I can keep going in the fight against our mutual enemies, the spammers.
Bad Behavior 2.1.16 has been released. For 2.1 users, this is a maintenance release and upgrading as soon as possible is recommended. Legacy 2.0 users should make migration plans as soon as possible.
This release is the fourth and final release candidate for Bad Behavior 2.2 and should be safe to use on production sites.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only.
Who should upgrade?
All users should make plans to upgrade from 2.0 at this time. People who are porting Bad Behavior to other platforms should finalize any necessary changes to their ports.
What’s new?
New in this release (since 2.1.15):
- A bug caused Bad Behavior to interfere with other PHP code which opened PHP sessions. This interfered with a wide variety of code, most notably various CAPTCHA solutions. This issue has been fixed.
- WordPress: A PHP warning would be printed if Bad Behavior was unable to look up the hostname for an IP address in the administrative page. This warning has been suppressed.
- MediaWiki: A spurious PHP warning would be printed when first installing Bad Behavior. This warning has been suppressed.
- The sample whitelist included with Bad Behavior now includes an updated IP address range for digg.
- Bad Behavior is now licensed under the GNU Lesser General Public License, either version 3, or at your option, any later version.
What’s coming?
At the moment, barring any major bugs, this release will be 2.2. The last thing remaining to be done is documentation; this somehow always turns out to be a larger job than the actual code. I will be updating the online documentation over the next days as my time permits.
Since this branch is finally about as stable as it will get, post-2.2 I will be returning to focus on spammers who have so far evaded Bad Behavior and increasing its capability to block many of the new spambots which have appeared on the network in the last few months.
I will also be focusing on a major rewrite of Bad Behavior which will eventually become 3.0, focusing on lessons learned over the last seven years and bringing in new features which have proved impossible to implement in the current framework. I hope the next seven years will be as exciting as the last, and that together we can kill even more spammers. Dead.
Download
Download the latest release of Bad Behavior now!
Support
If you’ve been here more than a few months, you’ve noticed that this release has been very long delayed. The primary reason for this is that, like most of you, I have to spend my days making money, and can only devote spare time to this project. Unfortunately my spare time is quite limited; I only get to spend more time on this when the community of Bad Behavior users want me to do so enough to put actual money behind it. Then it becomes “money making” and I can actually do significant work on it.
What’s more, I have a lengthy to-do list for a major rewrite which, if it ever gets done, will be Bad Behavior 3.0. I’m excited about it but I have no time to devote to it. This is doubly unfortunate because one of my favorite things in the world is beating spammers to within an inch of their…I mean giving them a quick clean…excuse me. Stopping spam. That’s it.
As I put the finishing touches on 2.2, get the documentation written and prepare it for final release, I’m asking you to decide how much time you want me to spend on this. What is it worth to you? Donate now to ensure that I can continue development and find new ways to frustrate spammers.
Bad Behavior 2.1.15 has been released. For 2.1 users, this is a maintenance release and upgrading as soon as possible is recommended. Legacy 2.0 users should make migration plans as soon as possible.
This release is the third release candidate for Bad Behavior 2.2 and should be safe to use on production sites.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only.
Who should upgrade?
All users should make plans to upgrade from 2.0 at this time. People who are porting Bad Behavior to other platforms should finalize any necessary changes to their ports.
What’s new?
New in this release (since 2.1.13):
- A version 2.1.14 was pushed to WordPress users without notice or announcement. While the software is in release candidate status, it should have had a prior announcement and documentation for the large number of changes from 2.0. Please accept my apologies for any inconvenience. Full documentation is forthcoming.
- New IP address ranges for Google and Yahoo!, which were previously unused for crawling, have been added to Bad Behavior.
- Once a request is determined to be from a search engine, all further checks are skipped.
- Requests from Internet Explorer 6 which are blocked due to a long standing bug in that browser are now blocked only when Bad Behavior is in strict mode. (Users of IE6 should make plans to upgrade as soon as possible, and should have done so years ago.)
- WordPress only: A bug in the built-in log viewer causing the wrong requests to be shown in some circumstances has been fixed.
- WordPress only: Calls to some deprecated WordPress functions have been rewritten.
- The URL whitelisting feature now accepts partial URL matches. This was necessary for compatibility with certain shopping cart plugins.
- Bad Behavior is now licensed under the GNU Lesser General Public License, either version 3, or at your option, any later version.
What’s coming?
I’m currently preparing to release the next major stable release of Bad Behavior, version 2.2. This release is sufficiently different that anyone maintaining a port needs to update their port to handle the new features immediately (such changes are backward compatible if implemented properly).
At the moment, barring any major bugs, this release will be 2.2. The last thing remaining to be done is documentation; this somehow always turns out to be a larger job than the actual code. I will be updating the online documentation over the next days as my time permits.
Download
Download the latest release of Bad Behavior now!
Support
If you’ve been here more than a few months, you’ve noticed that this release has been very long delayed. The primary reason for this is that, like most of you, I have to spend my days making money, and can only devote spare time to this project. Unfortunately my spare time is quite limited; I only get to spend more time on this when the community of Bad Behavior users want me to do so enough to put actual money behind it. Then it becomes “money making” and I can actually do significant work on it.
What’s more, I have a lengthy to-do list for a major rewrite which, if it ever gets done, will be Bad Behavior 3.0. I’m excited about it but I have no time to devote to it. This is doubly unfortunate because one of my favorite things in the world is beating spammers to within an inch of their…I mean giving them a quick clean…excuse me. Stopping spam. That’s it.
As I put the finishing touches on 2.2, get the documentation written and prepare it for final release, I’m asking you to decide how much time you want me to spend on this. What is it worth to you? Donate now to ensure that I can continue development and find new ways to frustrate spammers.
Bad Behavior 2.0.45 has been released. This is a maintenance release and upgrading is recommended for all users.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only.
Who should upgrade?
All users of the Legacy 2.0 series should upgrade to ensure that the Google and Yahoo! search engines can continue to access their sites.
What’s new?
New in this release (since 2.0.44):
- New IP address ranges for Google and Yahoo! have been added.
Download
Download the latest release of Bad Behavior now!
Bad Behavior 2.0.44 has been released. This is a maintenance release and upgrading is recommended for all users.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only.
WordPress users should see the special note below.
Who should upgrade?
All users of the 2.0 series should upgrade to ensure that the Google Web Preview functionality works as intended with their sites.
What’s new?
New in this release (since 2.0.43 and 2.1.12):
- Google Web Preview is now fully supported by Bad Behavior.
Note: Some users have stated that the Google +1 feature does not work when Bad Behavior is enabled. I have investigated this issue and determined that the issue is a problem in Google’s code which Bad Behavior cannot easily work around. This issue has been reported to Google, though I have not yet been notified that Google has fixed the issue. If you see this issue, please report it to Google (again).
What’s coming?
I’m currently preparing to release the next major stable release of Bad Behavior, version 2.2. This release is sufficiently different that anyone maintaining a port needs to update their port to handle the new features immediately (such changes are backward compatible if implemented properly). Ports which are currently feature-complete on 2.1 will not need updating for 2.2 as the API is now stable.
Bad Behavior 2.2 is finalized and I am preparing to release it as soon as I have finished updating its documentation. WordPress users will be receiving its release candidates through automatic update within the next 24 hours, though due to some versioning issues involved in my switching from subversion to git, it will be labeled as 2.1.13 (rc1) or 2.1.14 (rc2). If you use WordPress, check to ensure that you have received 2.1.14 and then check the new options available to you.
After that, the next development branch will target version 3.0. As I’ve mentioned before, it’s a complete ground-up rewrite, so anyone maintaining a port will need to track development and be prepared to completely rewrite their ports. I’m not prepared at this time to give a schedule, as schedules tend to slip, and the 3.0 rewrite has proved more challenging than I anticipated.
For our enterprise users who require long-term support, the 2.0 branch will continue to receive long-term support through June 30, 2012, though you should prepare to update to 2.2 as soon as possible. The 2.2 branch (coming shortly) will be fully supported until the 3.0 release, and then receive long-term support for at least one year beyond that date.
Download
Download the latest release of Bad Behavior now!
Support
I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table. Unfortunately this fact has kept me away from Bad Behavior for several months, as donations have been few and far between.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous donation for any amount. (BTW, I fixed all the broken donation links, I think. If you find any other broken ones, let me know!)
Thank you again for supporting Bad Behavior development!
Bad Behavior 2.1.13 (development) has been released. For 2.1 users, this is a maintenance release and upgrading as soon as possible is recommended.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
All users should upgrade to ensure that their placements in the Google and Yahoo! search engines remain intact.
What’s new?
New in this release (since 2.1.12):
- A logic error in the search engine handling code caused search engine requests to be subjected to additional checks not appropriate for them. This was causing Yahoo! crawler requests to be inadvertently blocked. This error has been fixed.
- New IP address ranges for Google and Yahoo!, which were previously unused for crawling, have been added to Bad Behavior.
What’s coming?
I’m currently preparing to release the next major stable release of Bad Behavior, version 2.2. This release is sufficiently different that anyone maintaining a port needs to update their port to handle the new features immediately (such changes are backward compatible if implemented properly). A backward-incompatible change to the database schema is coming shortly; porters should stand by for further details.
For our enterprise users who require long-term support, the 2.0 branch will continue to receive long-term support through June 30, 2012, and the 2.2 branch (coming shortly) will be fully supported until the 3.0 release, and then receive long-term support through June 30, 2014.
Download
Download the latest release of Bad Behavior now!
Support
You’ve probably noticed that my development schedule for 2.2 and 3.0 continues to slip. The reason for this is that I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
At this point I would need approximately US $2000 in donations to meet an end-of-May date for 2.2 and mid-July for a 3.0 alpha; in a typical month I generally see less than $40 in donations.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous donation for any amount. (BTW, I fixed all the broken donation links, I think. If you find any other broken ones, let me know!)
Thank you again for supporting Bad Behavior development!
Bad Behavior 2.0.43 (stable) and 2.1.12 (development) have been released. For 2.0 users, this is a security release and all users should upgrade as soon as possible. For 2.1 users, this is a maintenance release and upgrading as soon as possible is recommended.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
All users of the 2.0 series should upgrade to prevent leakage of information about your server to spammers and malicious bots.
All users should upgrade to ensure that their placement in the Google search engine remains intact.
What’s new?
New in this release (since 2.0.42 and 2.1.11):
- The 2.0.42 release, and possibly older releases, inadvertently omitted a message intended to be displayed to spammers pretending to be the Yahoo! search engine. Because of this, in non-default server configurations, a PHP notice could appear to the spammer which leaked information about the server. This message has been reinserted and the issue fixed.
- Google is now operating a new IP address range in China, from which it is crawling some Web requests. Interestingly, it is crawling all countries from this Chinese address range. Bad Behavior is now aware of this address range and will no longer block requests from Google which originate in China.
What’s coming?
I’m currently preparing to release the next major stable release of Bad Behavior, version 2.2. This release is sufficiently different that anyone maintaining a port needs to update their port to handle the new features immediately (such changes are backward compatible if implemented properly). Ports which are currently feature-complete on 2.1 will not need updating for 2.2 as the API is now stable.
After that, the next development branch will target version 3.0. As I’ve mentioned before, it’s a complete ground-up rewrite, so anyone maintaining a port will need to track development and be prepared to completely rewrite their ports. It’s going to be a week or two at least before I have alpha code to share, but you will want to make time for it, because there will also be important changes in the way Bad Behavior is distributed. I hope to have 3.0 in beta later this month, and a general release by the end of May.
For our enterprise users who require long-term support, the 2.0 branch will continue to receive long-term support through June 30, 2012, and the 2.2 branch (coming shortly) will be fully supported until the 3.0 release, and then receive long-term support through June 30, 2014.
Download
Download the latest release of Bad Behavior now!
Support
I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous donation for any amount. (BTW, I fixed all the broken donation links, I think. If you find any other broken ones, let me know!)
Thank you again for supporting Bad Behavior development!
Bad Behavior is now available for the vBulletin forum and content management system. I want to welcome the vBulletin community to a completely different way of blocking registration, signature and forum spam.
I’ve been asked a number of times for this, and I’m happy to announce that someone has taken it off my plate. Eric Sizemore has ported Bad Behavior to vBulletin 3.8 and 4.x.
While I haven’t been able to test the mods extensively as yet, they appear sane and usable, and are the first for vBulletin which are feature-complete and 2.2-ready.
If you’re new to Bad Behavior, you should be aware that it operates completely differently than other anti-spam measures you may already use. The biggest difference is that Bad Behavior does not analyze the content of anything posted to your forum. This is sure to surprise you at first, until you see the number of drive-by spam registrations drop off noticeably. Even so, no spam prevention technique is 100% perfect, and so you shouldn’t drop your existing spam prevention techniques until you read this.
Check out Bad Behavior’s complete documentation for more on what all the features do and how it’s done. This is especially important if you use a load balancer, cloud hosting such as Amazon EC2, or an accelerator service such as Akamai; in these cases there is additional configuration you will need to do after installing Bad Behavior.
As with all other ports, you should seek support for anything vBulletin-specific from the port maintainer, Eric (using the links provided above); as always, I continue to provide support for the Bad Behavior core, as well as the WordPress and MediaWiki ports. Welcome again, and here’s to a spam-free forum!
Bad Behavior 2.0.42 (stable) and 2.1.11 (development) have been released. This is a maintenance release recommended for all users.
Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Future development is taking place in the 2.1 development tree.
Who should upgrade?
Users with a significant amount of traffic from mobile devices should upgrade to ensure that requests from older and “dumb” mobile phones are screened properly.
What’s new?
New in this release (since 2.0.41 and 2.1.10):
- Google operates a proxy server for “feature phones” (dumb mobile phones; perhaps should be called feature limited) with limited Web browsers which reformats web pages into a simpler format for viewing on such phones. While it is now rarely used, requests from this proxy server, known as Google Wireless Transcoder, were being treated as search engine requests (and denied for not being a search engine). This issue has been fixed.
- Our new bug tracking system is online. If you find a bug in Bad Behavior, please submit it there. This will help me keep track of outstanding issues and ensure that I can get them resolved in a timely manner without losing track of them in my massive inbox.
What’s coming?
I’m currently preparing to release the next major stable release of Bad Behavior, version 2.2. This release is sufficiently different that anyone maintaining a port needs to update their port to handle the new features immediately (such changes are backward compatible if implemented properly).
After that, the next development branch will target version 3.0. As I’ve mentioned before, it’s a complete ground-up rewrite, so anyone maintaining a port will need to track development and be prepared to completely rewrite their ports. It’s going to be a week or two at least before I have alpha code to share, but you will want to make time for it, because there will also be important changes in the way Bad Behavior is distributed. I hope to have 3.0 in beta within the next month, and a general release by the end of May.
For our enterprise users who require long-term support, the 2.0 branch will continue to receive long-term support through June 30, 2012, and the 2.2 branch (coming shortly) will be fully supported until the 3.0 release, and then receive long-term support through June 30, 2014.
Download
Download the latest release of Bad Behavior now!
Support
I can only spend time on improving Bad Behavior when incoming donations cover the cost of my time. Otherwise I have to engage in paying work to keep food on my table.
I happen to like giving spammers a hard time, and it’s frustrating that I don’t get to spend enough time on it. You can help me make Bad Behavior even better by making your most generous contribution for any amount. (BTW, I fixed all the broken donation links, I think. If you find any other broken ones, let me know!)
Thank you again for supporting Bad Behavior development!
