[Eric]

Quote:

Originally Posted by Alfa1

I have enabled Bad Behavior again. It immediately freed up my server from an insane server load. Server load went from 38 to 0.7 almost instantly.

I do see a valid members blocked. Details:

A very large number of these:
I dont understand how it is possible that a large number of valid user post more than 2 days after GET.

A large number of these:
I find this one worrisome because its in the 2b021b1f key.
I see these valid members are using proxies like TOR and similar.

Feature request 1: for the log: filter per key, so that it is possible to see all entries except those with key 00000 and key 2b021b1f. Or just view all entries with a certain key. That makes it much easier to see the similarities of the entries with the same key.

Feature request 2: Alert the admin which members have been blocked by BB and why. This makes it easier to detect problems with BB and forum accounts registered by bots. I think the optimal way to notify the admin is by PM.

Feature request 3: Trace IP directly from the log.

Feature request 4: related to FR 2. If bbuserid is present in headers then show link to user profile in the log. This makes it easy to check if the blocked members was a valid user or not.

Regarding: POST more than two days after GET

Looks like this is happening if it's been 48hrs + between the screener cookie and a form submission:

PHP Code:

        // Posting too fast? 5 sec
        // FIXME: even 5 sec is too intrusive
        // if ($screener + 5 > time())
        //    return "408d7e72";
        // Posting too slow? 48 hr
        if ($screener + 172800 < time())
            return "b40c8ddc"; 


Not sure about that at this point. EDIT: I believe I know why now, will try to address this in the next update.

--

Regarding: Required header 'Accept' missing

The browser/user is sending:

Code:

Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

But not sending "Accept:" for eg:

Code:

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

I'm not sure if that's an issue with Chrome, or what.

--

Regarding: IP address found on http:BL blacklist

Not much to do about that one, as far as this mod IMHO - since that's using data from projecthoneypot.

--

On the feature requests, I'll try to get those in the next release

Quote:

Originally Posted by Alfa1

Running in debug mode and checking out the queries exposes this error on forum home:

Hmm. It appears this occurs when BB is trying to set a cookie using the bb2_screener_cookie() function. This could be caused by output from vB/a hook before BB is called.

Quote:

Originally Posted by Lee G

Just been through my last 450 denies and it looks like a Yahoo bot got the cold shoulder

Bot ip 67.195.112.41

Full ip range 67.195.0.0/16
http://whois.domaintools.com/67.195.112.41

Apart from that, its been working like a dream

[S]Will update the whitelist, ty [/S] - Actually, BB already checks this range :/