[error10]

Quote:

Originally Posted by Simon Lloyd

Error10, how do we use your latest release?
Also, this may sound a bit daft to you but i'm sure there are many other users of your efforts that want to ask, could you explain (because i don't have a clue) what each part of this is and what it does, i, like most forum owners are paranoid at denying real users or visitors, so it would be a great help (or perhaps release it as an article on your site)

Here's a POST oneHere's a GET oneIf we know exactly what we are looking at or for it would help, and of course you will have more constructive questions

Simon, for vBulletin you don't necessarily use it directly; but wait for Eric to package it up and post the update. Bad Behavior consists of two parts, the core code which does the work of deciding whether something is bad or not, and a platform connector which lets it talk to vBulletin (or WordPress or MediaWiki or Drupal or whatever). I maintain the core, and Eric maintains the vBulletin connector, packaging the two together into a single downloadable mod. If Eric ever got run over by a bus, it would be possible to take the core and add it in yourself, but let's hope nobody ever gets run over by a bus.

As for the two entries you posted, the Log entry gives an indication of what the issue was, and of course with POST requests you can inspect the entity. The first one is a pretty blatant registration spam. I'm not sure what the issue is with the second one. Perhaps it was on Project Honey Pot? It doesn't look like you provided the log entry for them, so I can't really be certain.

Quote:

Originally Posted by Alfa1

Until there is a solution for 'Required header 'Accept' missing', is there a way to not block users for this reason? Its blocking about 50 valid users every 24 hours. I have no doubt that its caused by registered members with security software. I do not want to block these real users. Talking to all these users or whitelisting all their IPs is not possible.

In the logs of my limited testing these have been 100% real users.

I would be highly surprised if anyone would be able to convince paypal about anything. I have whitelisted the script.

New feature request:
Alert staff if registered member performs SQL injection or other attacks

One thing that I find missing in this addon is a way to feed bad bot data to the blacklist. Please consider to add such functionality. Either as part of this addon or as Projecthoneypot integration. Added to tracker: Feed data to blacklist

I don't want to block real users either, if I can avoid it. But see directly above for Simon's posting of a registration spam, where the spammer has omitted the Accept: header. And obviously not everything is foreseeable. Legitimate users caught by this already get a message stating that it's likely caused by their browser privacy software and some basic instructions on reconfiguring the software. These could always be improved if I knew the specific software causing the problem. I could also move this test to strict mode, though since it actually does block a lot of spam, I fear it would make Bad Behavior almost useless. So this is a hard problem.

A way to send in data, both on bad bots and on legitimate users inappropriately blocked, is on my roadmap already. As for notifying the admin of particular events, I think that will be on Eric.