vB Bad Behavior (vB4)
 

/**
* vB Bad Behavior is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*/

What is vB Bad Behavior?
This is an integration of the Bad Behavior software with vBulletin.

What is Bad Behavior?
Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it. Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site's load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.

Visit http://bad-behavior.ioerror.us/ for more.

Features
For more information on the features of Bad Behavior (and subsequently this mod) please go to Bad Behavior's site:

http://bad-behavior.ioerror.us/documentation/benefits/

For features related to the mod itself, please take a look at the screenshots.

This mod should work with vB 4.x, it was tested on 4.1.2/4.1.3. Screenshots are from vB 3.x, but it should still look relatively the same with vB4.

Installation
1. Extract the contents of the zip file.
2. Upload the contents of the `upload` folder to your forum root.
3. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
4. Import the product using the `product-vb_badbehavior.xml` file.
5. Configure the mod in AdminCP -> Settings -> Options -> vB Bad Behavior Options

Upgrading

vB Bad Behavior
In many cases, all you'll need to do to upgrade is follow the installation instructions above.

The only difference, will be you'll need to allow the files to overwrite. Also, when re-importing the product file, you'll need to set "Allow Overwrite" to "Yes".

Bad Behavior
Bad Behavior's files are at `/includes/bad-behavior/`. If you wish to update manually go to:

http://bad-behavior.ioerror.us/download/

And download the latest development version. Extract the zip, and upload the contents of `bad-behavior` to `/includes/bad-behavior/` allowing the files to overwrite.

Versions
The current version of Bad Behavior this mod is using is: v2.2.16
The current version of Bad Behavior (development) is: v2.2.16

Changelog
Version 1.0.14, 09/22/2015

• Bad Behavior upgraded to 2.2.16

Version 1.0.13, 04/23/2013

• Bad Behavior upgraded to 2.2.14

Version 1.0.12, 12/21/2012 -- Released: 02/05/2013

• Bad Behavior upgraded to 2.2.13
• Added some more ranges to whitelist.ini

Version 1.0.10, 09/09/2012

• Bad Behavior upgraded to 2.2.10

Version 1.0.9, 06/17/2012

• Bad Behavior upgraded to 2.2.7

Version 1.0.8, 06/12/2012

• Bad Behavior upgraded to 2.2.6
• New Setting: EU Cookie

Version 1.0.7, 05/04/2012

• Bad Behavior upgraded to 2.2.3
• Cron/Scheduled Task for automatic log pruning added.

Version 1.0.6, 01/04/2012

• Bad Behavior upgraded to 2.1.15

Version 1.0.5, 05/26/2011

• Added option for bypassing users/members.
• If the visitor is a user, and is in usergroup 5, 6, or 7 (admin/mod/super mod) - Bad Behavior is bypassed.
• Modified bad-behavior core to check for Google Web Preview
  • file edited: /includes/bad-behavior/core.inc.php
• Added a link beside the IP address in the log for WhoIs.

Version 1.0.4, 04/28/2011

• Bad Behavior upgraded to 2.1.13 (fixes search engine block issues)
• Added Paypal/Paypal IPN IP address to the whitelist.
• Added payment gateway file names to the whitelist.

Version 1.0.3, 04/21/2011

• Fix #1: Pruning log doesn't work.
• Fix #3: POST more than two days after GET (added support for BB's javascript)
• Fix #5: Cannot modify header information error (suppressed error in BB's function)
• Implemented #6: Filter per key (new admincp option to list keys not to be shown in log)
• Implemented #9: Show link to member profile (if userid is found in headers, link to profile)

Version 1.0.2, 04/10/2011

• Updated /includes/functions_vb_badbehavior.php to:
  • disable Reverse Proxy if Reverse Proxy Addresses are empty
  • distinguish SQL queries using "SET", for example: SET @@session.wait_timeout = 90 - which is used by BB
  • set "offsite_forms" to false by default, as it's not really needed in vB IMHO, and it can cause problems with certain setups
  • cleaned up the bb2_read_settings() function and fixed a typo in one of the vbulletin options calls
• Updated /includes/whitelist.ini to include the following GOOGLE ranges:
  • 74.125.0.0/16
  • 216.239.32.0/19
  • 209.85.128.0/17
  • 66.102.0.0/20
• Updated /admincp/vb_badbehavior.php
  • Log pruning was pruning all logs, despite what was entered for number of days

Version 1.0.1, 04/06/2011

• Bad Behavior upgraded to 2.1.12
• Changed files:
  • /includes/bad-behavior/core.inc.php
  • /includes/bad-behavior/searchengine.inc.php
• "Verbose" admin option now set to "No" by default.

Version 1.0.0, 04/05/2011

• Initial release.

Screenshots
Screenshots can now be seen at: http://www.secondversion.com/images/vb/vb_badbehavior/

I was running out of room for attachments here on vB.org


Development

https://github.com/ericsizemore/vb_b...ree/master/vb4


Only those who "Mark As Installed" will receive support for this modification.

Reserved for future use.

An update will be coming soon, since a new version of Bad Behavior was released.

Version 1.0.1, 04/06/2011
- Bad Behavior upgraded to 2.1.12
- Changed files:
o /includes/bad-behavior/core.inc.php
o /includes/bad-behavior/searchengine.inc.php
- "Verbose" admin option now set to "No" by default.

I've reached the max. number of attachments for this thread - so I'll have to move the screenshots elsewhere. I will do this soon.

Thanks for this, I'm going to have a play with it at the weekend.

installed

plz can you tell me

i had high load in my server, can i get some benefit from this?

Thanks for this :)

Installed with thanks for testing on 4.04pl1 of vBulletin ... :)

Regards,
Doug

Screenshots can now be seen at: http://www.secondversion.com/images/vb_badbehavior/

I was running out of room for attachments here on vB.org - Also, to lower the size of the download... removed the screenshots from the zip files.

Yes, you could. Malicious bots can result in part of that load, if not most of it - with Bad Behavior blocking them, most folks do see a decrease in load.

Thanks for the update ... :up:

This mod seems to block a LOT of things .... :eek:

Some of them seem pretty nasty. For example ..

When I click on an item in the log under the key "dfd9b1ad", it says on a pop screen ...

I assume this something trying to do something bad to our site?

Also, I've been to project honeypot site and I can't find anywhere to register for an API key?

Regards,
Doug

looking good so far, its already flagged up a couple of accounts which we had previously banned for being spam bots. If it performs as well on previously unseen spammers, this could be a motm.

Thank you ... appreciate that ... :up:

Regards,
Doug

SVN now available at: http://subversion.assembla.com/svn/v...ior/trunk/vb4/
Trac as well: http://trac.assembla.com/vb-bad-behavior/

Sorry ... :confused:

I just updated to 1.0.2 ....

Do I need to do go to that site and do this SVN thing as well?

Also, what is Trac and is it something that goes with Bad Behavior?

Thanks ... add-on seems to be working very well so far and catches an incredible amount of intrusions on the front end, although it does block IE6 users.

Regards,
Doug

SVN is just a backup of the latest files.
Trac is a Project Tools for this addon.

You can add the issue with BB blocking IE6 here:
http://trac.assembla.com/vb-bad-behavior/newticket

Updated to v1.0.3 with thanks .... :)

Sent PayPal donation previously ... :up:

Regards,
Doug

Does this work on PHP 5.3.6 without any problems?

I've been testing on PHP 5.3.6, with no problems.

Although I don't remember receiving it (admittedly I'm very forgetful), I appreciate it :)

Very bad mod for anyone interested in search engine traffic as it blocks all search engine spiders,

Uninstalled.

What proof do you have that it does?

because i tested it?

use a search engine spider simulator this google one for example:
install the mod and search one of your pages it will return a 403, uninstall/disable the mod and it returns to normal,

anyone using google tools can also submit a sitemap and see the full list of urls returned as error pages

So... you used something that spoofs the User-Agent? http://whois.domaintools.com/66.115.160.58 is the IP that site sent, obviously not owned by Google - the script checks the IP as well.

As for sitemaps, just checked that as well - no problems here, Google was able to access them just fine.

my google sitemap is showing a list of errors on every page and adsense adverts are not displaying as the adsense spider can not access the page either,

if you have view spiders enabled on your forums you should notice that no spiders are showing after installing this

could possibly be a conflict with another mod, i'll do some checking

I have no such issue on my site. What settings do you use?

how this work with vbseo?

i got a ip 74.86.16.2, which it seems it got blocked , not sure :S

*Tagged*

Thank You.

Hey all,

For some reason I wasn't getting notifications despite being subscribed to the thread. I went back through the messages to see what I might have missed that needs my attention:

Yes. In the thread for the 3.8 version of Bad Behavior. Alfa1 said his server load dropped from 38 to 0.7. I've heard very similar stories over the years, and indeed, this is one of the things that Bad Behavior does well.

Some Google IP addresses were missing from Bad Behavior because Google never used them for crawling before. Apparently they're feeling the crunch from the IP address shortage. All of the remaining Google IP address ranges that I know of will be in the next update, which should be out later today.

Seems to be working just fine on our site using 4.04 .... :confused:

Haven't seen any change in spider activity or viewing activity using our Google Analytics software.

Regards,
Doug

Updated Bad Behavior core to 2.1.13, but it may be a little bit before an official release of the mod, as I plan on making further changes. For the time being:

http://trac.assembla.com/vb-bad-beha...engine.inc.php
http://trac.assembla.com/vb-bad-beha...r/core.inc.php

You can download those files, then overwrite the corresponding files in: /yourforum/includes/bad-behavior/

Updated with thanks ... :up:

Regards,
Doug

Thank you I just installed it

Updated...

Version 1.0.4, 04/28/2011
- Bad Behavior upgraded to 2.1.13 (fixes search engine block issues)
- Added Paypal/Paypal IPN IP address to the whitelist.
- Added payment gateway file names to the whitelist.
- Changes: http://trac.assembla.com/vb-bad-beha...%40trunk%2Fvb4

installed and ran for a day to test. seems to have issues with members running IE6 (they cannot upgrade them due to corperate policies in place )

snippets from log
happening to around 10 people sofar but have disabled while i try to sort out the issue with IE6, if that is indeed the cause

user agents for another two having issues
thanks in advance :)

Gawd, I wish IE6 would just die already.

Anyway, I'll take care of this in the next release.

ok, thanks mate, corperate users are a pain ;-)