Uncategorized

No More Bad Behavior with Bad Behavior on the Prowl

Over the years, angry blog posts about spam is my most frequent blog post activity (well, until Twitter came out). I’ve been long resigned to scripted onslaughts of attempts to insert unwanted content into the comment space as a SFOL (Sad Fact of Life).

For the most part, I’ve had excellent luck with Spam karma 2 catching most spam and keeping it from my pages. 27,000 spams eaten in maybe 3 years, oi!

But each one results in an email that at first excites me (wow, a real person had something really to say!) which today turned to sour grape juice 10 times with a series of comments like “pjtxgw qbvxdmac fkzv zdmltnav ouiszlfmj qfidsozar oapzfsdb” or “”. What’s weird is that the URLs inserted are gibberish too. My only guess is they attempt to foist an approved comment past a sleepy blog writer, and once the gate is open, they can post anything.

But these came in thick clumps today, maybe 20 in total, and even more that were caught in SK2. I know some people sweat by Askimet for WordPress, and a little bit of searching brought me to something which is billed as a first line of defense in conjunction with these two existing spam traps.

Bad Behavior.

Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it.

Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site’s load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.

It is listed as working with a whole raft of PHP driven systems, not only WordPress, but drupal, mediawiki, and about 10 more. There is some wry humor there too- following the link for how it works:

How Bad Behavior Works
It’s black magic.

(This is a placeholder. I’ll explain the whole thing later.)

I downloaded it (you have to smile at a site called “homeland stupidity”), installed the plugin, enabled it. In less than 3 minutes, it had already reported stopping 10 attempts.

I’m curious to see what effect it has. And I am eager to try it on our MediaWiki sites as I am tired of the bots that create random 6 character accounts, and wipe out and deface our content. More on that later, one report from the front lines of the War on Spam at a time.

Profile Picture for Alan Levine aka CogDog
An early 90s builder of the web and blogging Alan Levine barks at CogDogBlog.com on web storytelling (#ds106 #4life), photography, bending WordPress, and serendipity in the infinite internet river. He thinks it's weird to write about himself in the third person.

Comments

  1. I’ve installed Bad behavior on several mediawikis and wordpress blogs now, but I’m not very clear as to whether it helps a gread deal or just a little bit.

    It doesn’t stop one particular mediawiki spambot technique which finds a page with an ampersand somewhere, then deletes everything after the ampersand. That’s not bad behavior apparently, it’s just pointless stupidity which goes undetected.

    For the blogs I was hoping it would save a little bandwidth by intecepting bots before they even get to SK2. But my bandwidth has gone up anyway, maybe less so than without, but I can’t say for certain.

    The gibberish comments I’ve heard are an attempt to confuse your filters so it’s probably better to delete them rather than mark as spam.

  2. Thanks Andy– it was not clear to me exactly what BB does, and after writing it I realized it does not provide any sort of log for its activities.

    And thanks for the tips on the gibberish spam.

    Sigh, if I had all the time back I waste on dealing with… oh well, pointless dreaming gets you nowhere.

  3. I’ve had waaaay more bad luck with Bad Behavior than I figure it’s worth. I used it on wiki.ucalgary.ca and weblogs.ucalgary.ca, and had a seemingly endless stream of emails from students who were being banned from editing content. I’d check the logs, and BB didn’t like something in their user-agent, or their router setup, or some magic fu. I’ve disabled it on all of the sites I’d used it on…

  4. Sigh, too good to be true. Black magic under question. Thanks for the tip, D’Arcy-san, code master (bows respectufully in a general northerly direction)

Leave a Reply

Your email address will not be published. Required fields are marked *