Integration with vBulletin - vB Bad Behavior

/**
* vB Bad Behavior is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*/

What is vB Bad Behavior?
This is an integration of the Bad Behavior software with vBulletin.

What is Bad Behavior?
Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it. Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site's load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.

Visit http://bad-behavior.ioerror.us/ for more.

Features
For more information on the features of Bad Behavior (and subsequently this mod) please go to Bad Behavior's site:

http://bad-behavior.ioerror.us/documentation/benefits/

For features related to the mod itself, please take a look at the screenshots.

This mod should work with the entire 3.x series (well, beginning with 3.5), but it's only been tested on 3.8.x. I'm not sure if this works on vB 4.x yet, as I've not tested it - but if you try it out, let me know!

Installation
1. Extract the contents of the zip file.
2. Upload the contents of the `upload` folder to your forum root.
3. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
4. Import the product using the `product-vb_badbehavior.xml` file.
5. Configure the mod in AdminCP -> vBulletin Options -> vBulletin Options -> vB Bad Behavior Options

Upgrading

vB Bad Behavior
In many cases, all you'll need to do to upgrade is follow the installation instructions above.

The only difference, will be you'll need to allow the files to overwrite. Also, when re-importing the product file, you'll need to set "Allow Overwrite" to "Yes".

Bad Behavior
Bad Behavior's files are at `/includes/bad-behavior/`. If you wish to update manually go to:

http://bad-behavior.ioerror.us/download/

And download the latest development version. Extract the zip, and upload the contents of `bad-behavior` to `/includes/bad-behavior/` allowing the files to overwrite.

Versions
The current version of Bad Behavior this mod is using is: v2.2.14
The current version of Bad Behavior (development) is: v2.2.14

Changelog
Version 1.0.13, 04/23/2013

• Bad Behavior upgraded to 2.2.14

Version 1.0.12, 12/21/2012 -- Released: 02/05/2013

• Bad Behavior upgraded to 2.2.13
• Added some more ranges to whitelist.ini

Version 1.0.10, 09/09/2012

• Bad Behavior upgraded to 2.2.10

Version 1.0.9, 06/17/2012

• Bad Behavior upgraded to 2.2.7

Version 1.0.8, 06/12/2012

• Bad Behavior upgraded to 2.2.6
• New Setting: EU Cookie

Version 1.0.7, 05/04/2012

• Bad Behavior upgraded to 2.2.3
• Cron/Scheduled Task for automatic log pruning added.

Version 1.0.6, 01/04/2012

• Bad Behavior upgraded to 2.1.15

Version 1.0.5, 05/26/2011

• Added option for bypassing users/members.
• If the visitor is a user, and is in usergroup 5, 6, or 7 (admin/mod/super mod) - Bad Behavior is bypassed.
• Modified bad-behavior core to check for Google Web Preview
  • file edited: /includes/bad-behavior/core.inc.php
• Added a link beside the IP address in the log for WhoIs.

Version 1.0.4, 04/28/2011

• Bad Behavior upgraded to 2.1.13 (fixes search engine block issues)
• Added Paypal/Paypal IPN IP address to the whitelist.
• Added payment gateway file names to the whitelist.

Version 1.0.3, 04/21/2011

• Fix #1: Pruning log doesn't work.
• Fix #3: POST more than two days after GET (added support for BB's javascript)
• Fix #5: Cannot modify header information error (suppressed error in BB's function)
• Implemented #6: Filter per key (new admincp option to list keys not to be shown in log)
• Implemented #9: Show link to member profile (if userid is found in headers, link to profile)

Version 1.0.2, 04/10/2011

• Updated /includes/functions_vb_badbehavior.php to:
  • disable Reverse Proxy if Reverse Proxy Addresses are empty
  • distinguish SQL queries using "SET", for example: SET @@session.wait_timeout = 90 - which is used by BB
  • set "offsite_forms" to false by default, as it's not really needed in vB IMHO, and it can cause problems with certain setups
  • cleaned up the bb2_read_settings() function and fixed a typo in one of the vbulletin options calls
• Updated /includes/whitelist.ini to include the following GOOGLE ranges:
  • 74.125.0.0/16
  • 216.239.32.0/19
  • 209.85.128.0/17
  • 66.102.0.0/20
• Updated /admincp/vb_badbehavior.php
  • Log pruning was pruning all logs, despite what was entered for number of days

Version 1.0.1, 04/06/2011

• Bad Behavior upgraded to 2.1.12
• Changed files:
  • /includes/bad-behavior/core.inc.php
  • /includes/bad-behavior/searchengine.inc.php
• "Verbose" admin option now set to "No" by default.

Version 1.0.0, 04/05/2011

• Initial release.

Screenshots
Screenshots can now be seen at: http://www.secondversion.com/images/vb/vb_badbehavior/

I was running out of room for attachments here on vB.org


Development

https://github.com/ericsizemore/vb_b...ree/master/vb3


Only those who "Mark As Installed" will receive support for this modification.

[Simon Lloyd]

I did for the link and it parsed ok

[Simon Lloyd]

Any ideas why this one has been blocked:

Quote:

Header
POST /forumz/login.php?do=login HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Cookie: bb2_screener_=1304316965+216.67.121.73; bb2_screener_=1304476965+74.124.89.49; tccsessionhash=ac18ec200b202084e3f43421bfd41ebd; vbet_sessionUsed=1; __utmc=118899148; __utma=118899148.893063458.1303547625.1304477337.1 304569993.33; __utmz=118899148.1304317329.30.5.utmcsr=thecodecag e.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=118899148.usergroup-1-Unregistered%20%2F%20Not%20Logged%20In; tcclastvisit=1303548761; tcclastactivity=0; __utmb=118899148.2.10.1304569993; tccsessionhash=a0bc27efc24ca21550367fd6d71b19c8; tccthread_lastview=f7b50b30415971c4d96c712d31d24b2 7503a8bc1a-1-%7Bi-208810_i-1304249678_%7D; HESK=19ea9b13f1cc8ca4ffd7e262f37d54f0; tcclastvisit=1303548761; tcclastactivity=0; tccuserlgv=2
Host: www.thecodecage.com
Referer: http://thecodecage.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
KEY
b40c8ddc
User Agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
METHOD
POST
URI
forumz/login.php?do=login
ENTITY
vb_login_username: XxXxX
vb_login_password:
s:
securitytoken: guest
do: login
vb_login_md5password: 7327xxxxxxxxxxxxxxxxxxxxxxxxxxxb90
vb_login_md5password_utf: 7327xxxxxxxxxxxxxxxxxxxxxxxxxb90
ajax: 0

It's a genuine user who has tried from 2 different IP's but still gets blocked.

[Eric]

Quote:

Originally Posted by Simon Lloyd

Any ideas why this one has been blocked:It's a genuine user who has tried from 2 different IP's but still gets blocked.

That appears to be the POST/GET error. Can you verify that the mod is injecting the javascript from BB into your header? If I'm not mistaken, that not being present can help lead to this error.

[Eric]

Alfa, could you go into more detail on this please? http://trac.assembla.com/vb-bad-behavior/ticket/8

EDIT: and http://trac.assembla.com/vb-bad-beha...t/12#comment:1

[Alfa1]

I do not seem to have commenting or editing functionality on trac. So here goes:

Send registered member explanation how to resolve blacklisting
Yes, an email would be more effective than a PM.

Trace IP directly from the log.
In the log hotlink the IP of the user. The link should point to a whois for the user. For example /admincp/usertools.php?do=gethost&ip=xx.xx.xx.xx
Or a better whois service like http://who.is/whois-ip/ip-address/xx.xx.xx.xx/

Alert the admin which members have been blocked by BB and why.

Quote:

Originally Posted by Eric

For sites with a lot of traffic, sending a notification such as this by PM may be overkill - then again, not sure what other option would be available.

Such notification should be sent max once per X days and should list all blocked members since the last notification.
It would be useful to include some additional information like join date, post count and usergroup of the member. This makes it easier to see if the user is a legitimate user.

[Alfa1]

I am having no success with adding these bots to my blacklist:
Alexa
Artabus
BoardPulse
Deepnet Explorer
Radian6 FeedFetcher
Wget

Cna someone tell me what exactly I need to add to my blacklist.inc?

I see that adding 'Alexa' to my blacklist also blocks users with the alexa toolbar. It seems to me that if I want to allow users with the alexa toolbar installed, I will not be able to block the alexa crawler?

[tpearl5]

In less than a day my log is already over 5,000 entries! A lot of them are "Required header 'Accept' missing". I've had one member report seeing strange errors, but I can't pinpoint the user in the logs.

I think an IP search for the logs may be a useful addition.

[Alfa1]

Quote:

Originally Posted by Alfa1

I am having no success with adding these bots to my blacklist:
Alexa
Artabus
BoardPulse
Deepnet Explorer
Radian6 FeedFetcher
Wget

Cna someone tell me what exactly I need to add to my blacklist.inc?

I see that adding 'Alexa' to my blacklist also blocks users with the alexa toolbar. It seems to me that if I want to allow users with the alexa toolbar installed, I will not be able to block the alexa crawler?

I see that alexa, deepnet explorer, radian6 feedfetcher and wget do get blocked, but are also listed on my spiders who visited list. Should that be?

[Simon Lloyd]

Quote:

Originally Posted by Eric

That appears to be the POST/GET error. Can you verify that the mod is injecting the javascript from BB into your header? If I'm not mistaken, that not being present can help lead to this error.

Eric i'd love to confirm this .....could you tell me how?

[Simon Lloyd]

ahh, just going to www.thecodecage.com/forumz and right click view source shows

Quote:

<script type="text/javascript">
<!--
function bb2_addLoadEvent(func) {
var oldonload = window.onload;
if (typeof window.onload != 'function') {
window.onload = func;
} else {
window.onload = function() {
oldonload();
func();
}
}
}

bb2_addLoadEvent(function() {
for ( i=0; i < document.forms.length; i++ ) {
if (document.forms[i].method == 'post') {
var myElement = document.createElement('input');
myElement.setAttribute('type', 'hidden');
myElement.name = 'bb2_screener_';
myElement.value = '1304785371 2.127.13.238';
document.forms[i].appendChild(myElement);
}
}
});
// --></script>

is this what you meant?