Go Back   vb.org Archive > vBulletin Modifications > vBulletin 3.8 Modifications > vBulletin 3.8 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
vB Bad Behavior Details »»
vB Bad Behavior
Version: 1.0.13, by Eric Eric is offline
Developer Last Online: Jun 2023 Show Printable Version Email this Page

Category: Integration with vBulletin - Version: 3.8.x Rating:
Released: 04-04-2011 Last Update: 04-22-2013 Installs: 91
Supported DB Changes Uses Plugins
Re-useable Code Additional Files Translations  

/**
* vB Bad Behavior is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*/


What is vB Bad Behavior?
This is an integration of the Bad Behavior software with vBulletin.

What is Bad Behavior?
Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it. Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site's load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.

Visit http://bad-behavior.ioerror.us/ for more.

Features
For more information on the features of Bad Behavior (and subsequently this mod) please go to Bad Behavior's site:

http://bad-behavior.ioerror.us/documentation/benefits/

For features related to the mod itself, please take a look at the screenshots.

This mod should work with the entire 3.x series (well, beginning with 3.5), but it's only been tested on 3.8.x. I'm not sure if this works on vB 4.x yet, as I've not tested it - but if you try it out, let me know!

Installation
1. Extract the contents of the zip file.
2. Upload the contents of the `upload` folder to your forum root.
3. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
4. Import the product using the `product-vb_badbehavior.xml` file.
5. Configure the mod in AdminCP -> vBulletin Options -> vBulletin Options -> vB Bad Behavior Options

Upgrading

vB Bad Behavior
In many cases, all you'll need to do to upgrade is follow the installation instructions above.

The only difference, will be you'll need to allow the files to overwrite. Also, when re-importing the product file, you'll need to set "Allow Overwrite" to "Yes".

Bad Behavior
Bad Behavior's files are at `/includes/bad-behavior/`. If you wish to update manually go to:

http://bad-behavior.ioerror.us/download/

And download the latest development version. Extract the zip, and upload the contents of `bad-behavior` to `/includes/bad-behavior/` allowing the files to overwrite.

Versions
The current version of Bad Behavior this mod is using is: v2.2.14
The current version of Bad Behavior (development) is: v2.2.14

Changelog
Version 1.0.13, 04/23/2013
  • Bad Behavior upgraded to 2.2.14

Version 1.0.12, 12/21/2012 -- Released: 02/05/2013
  • Bad Behavior upgraded to 2.2.13
  • Added some more ranges to whitelist.ini

Version 1.0.10, 09/09/2012
  • Bad Behavior upgraded to 2.2.10

Version 1.0.9, 06/17/2012
  • Bad Behavior upgraded to 2.2.7

Version 1.0.8, 06/12/2012
  • Bad Behavior upgraded to 2.2.6
  • New Setting: EU Cookie

Version 1.0.7, 05/04/2012
  • Bad Behavior upgraded to 2.2.3
  • Cron/Scheduled Task for automatic log pruning added.

Version 1.0.6, 01/04/2012
  • Bad Behavior upgraded to 2.1.15

Version 1.0.5, 05/26/2011
  • Added option for bypassing users/members.
  • If the visitor is a user, and is in usergroup 5, 6, or 7 (admin/mod/super mod) - Bad Behavior is bypassed.
  • Modified bad-behavior core to check for Google Web Preview
    • file edited: /includes/bad-behavior/core.inc.php
  • Added a link beside the IP address in the log for WhoIs.

Version 1.0.4, 04/28/2011
  • Bad Behavior upgraded to 2.1.13 (fixes search engine block issues)
  • Added Paypal/Paypal IPN IP address to the whitelist.
  • Added payment gateway file names to the whitelist.

Version 1.0.3, 04/21/2011
  • Fix #1: Pruning log doesn't work.
  • Fix #3: POST more than two days after GET (added support for BB's javascript)
  • Fix #5: Cannot modify header information error (suppressed error in BB's function)
  • Implemented #6: Filter per key (new admincp option to list keys not to be shown in log)
  • Implemented #9: Show link to member profile (if userid is found in headers, link to profile)

Version 1.0.2, 04/10/2011
  • Updated /includes/functions_vb_badbehavior.php to:
    • disable Reverse Proxy if Reverse Proxy Addresses are empty
    • distinguish SQL queries using "SET", for example: SET @@session.wait_timeout = 90 - which is used by BB
    • set "offsite_forms" to false by default, as it's not really needed in vB IMHO, and it can cause problems with certain setups
    • cleaned up the bb2_read_settings() function and fixed a typo in one of the vbulletin options calls
  • Updated /includes/whitelist.ini to include the following GOOGLE ranges:
    • 74.125.0.0/16
    • 216.239.32.0/19
    • 209.85.128.0/17
    • 66.102.0.0/20
  • Updated /admincp/vb_badbehavior.php
    • Log pruning was pruning all logs, despite what was entered for number of days

Version 1.0.1, 04/06/2011
  • Bad Behavior upgraded to 2.1.12
  • Changed files:
    • /includes/bad-behavior/core.inc.php
    • /includes/bad-behavior/searchengine.inc.php
  • "Verbose" admin option now set to "No" by default.

Version 1.0.0, 04/05/2011
  • Initial release.


Screenshots
Screenshots can now be seen at: http://www.secondversion.com/images/vb/vb_badbehavior/

I was running out of room for attachments here on vB.org


Development

https://github.com/ericsizemore/vb_b...ree/master/vb3


Only those who "Mark As Installed" will receive support for this modification.

Download Now

File Type: zip vb_badbehavior-1.0.10.zip (65.1 KB, 104 views)
File Type: zip vb_badbehavior-1.0.12.zip (65.4 KB, 58 views)
File Type: zip vb_badbehavior-1.0.13.zip (65.5 KB, 159 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #132  
Old 05-07-2011, 10:05 PM
Lee G Lee G is offline
 
Join Date: Jun 2006
Location: Costa Blanca
Posts: 143
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just checked my logs and another google bot got caught

User agent
Mozilla/5.0 (en-us) AppleWebKit/525.13 (KHTML, like Gecko; Google Web Preview) Version/3.1 Safari/525.13

ip
66.249.82.129

Full ip range
66.249.64.0/19

And another google ip range for google to whitelist
64.233.160.0/19

Bot from ip 64.233.172.18 got caught
Reply With Quote
  #133  
Old 05-08-2011, 08:45 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi, i've whitelisted the users IP(s) but they are still being blocked "Post more than two days after Get" here's the header
Quote:
POST /forumz/login.php?do=login HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Cookie: bb2_screener_=1304316965+216.67.121.73; bb2_screener_=1304647462+74.124.87.161; tccsessionhash=62a00b28d319ba412c2ffd704b22a856; vbet_sessionUsed=1; __utmc=118899148; __utma=118899148.893063458.1303547625.1304569993.1 304647832.34; __utmz=118899148.1304317329.30.5.utmcsr=thecodecag e.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=118899148.usergroup-1-Unregistered%20%2F%20Not%20Logged%20In; tcclastvisit=1303548761; tcclastactivity=0; tccsessionhash=eea70a6bbfea2bdd00a4029b51c8e209; tccthread_lastview=f7b50b30415971c4d96c712d31d24b2 7503a8bc1a-1-%7Bi-208810_i-1304249678_%7D; HESK=19ea9b13f1cc8ca4ffd7e262f37d54f0; tcclastvisit=1303548761; tcclastactivity=0; tccuserlgv=2
Host: www.thecodecage.com
Referer: http://thecodecage.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
I do notice two differences in IP (one reversed), am i right? i dont understand anything of the above so im guessing but i thought there may be a problem here
Quote:
Cookie: bb2_screener_=1304316965+216.67.121.73; bb2_screener_=1304647462+74.124.87.161;
Reply With Quote
  #134  
Old 05-08-2011, 10:05 AM
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Location: Kentucky
Posts: 792
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Simon Lloyd View Post
Hi, i've whitelisted the users IP(s) but they are still being blocked "Post more than two days after Get" here's the headerI do notice two differences in IP (one reversed), am i right? i dont understand anything of the above so im guessing but i thought there may be a problem here
Two different IP's - have the user delete their cookies and see if it still happens.
Reply With Quote
  #135  
Old 05-08-2011, 10:06 AM
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Location: Kentucky
Posts: 792
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Alfa1 View Post
I see that alexa, deepnet explorer, radian6 feedfetcher and wget do get blocked, but are also listed on my spiders who visited list. Should that be?
It's possible they are picked up as spiders visited before BB is ran.
Reply With Quote
  #136  
Old 05-08-2011, 10:06 AM
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Location: Kentucky
Posts: 792
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lee G View Post
Just checked my logs and another google bot got caught

User agent
Mozilla/5.0 (en-us) AppleWebKit/525.13 (KHTML, like Gecko; Google Web Preview) Version/3.1 Safari/525.13

ip
66.249.82.129

Full ip range
66.249.64.0/19

And another google ip range for google to whitelist
64.233.160.0/19

Bot from ip 64.233.172.18 got caught
Hmm. Will add those to the default list.
Reply With Quote
  #137  
Old 05-08-2011, 10:09 AM
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Location: Kentucky
Posts: 792
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Trac
The user anonymous has been granted the permission TICKET_MODIFY.
You should be able to now.

And thanks for going into a little bit more detail on those for me

Quote:
Originally Posted by Alfa1 View Post
I do not seem to have commenting or editing functionality on trac. So here goes:

Send registered member explanation how to resolve blacklisting
Yes, an email would be more effective than a PM.

Trace IP directly from the log.
In the log hotlink the IP of the user. The link should point to a whois for the user. For example /admincp/usertools.php?do=gethost&ip=xx.xx.xx.xx
Or a better whois service like http://who.is/whois-ip/ip-address/xx.xx.xx.xx/

Alert the admin which members have been blocked by BB and why.

Such notification should be sent max once per X days and should list all blocked members since the last notification.
It would be useful to include some additional information like join date, post count and usergroup of the member. This makes it easier to see if the user is a legitimate user.
Reply With Quote
  #138  
Old 05-08-2011, 10:32 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Eric, as always, really appreciate the reply, this user is one of my more valuable ones so need to get this resolved. I have asked them to clear their cookies next time they log in, however this is happening to them from 3 different machines, this person is one of two actual members to be caught up although there are many "users awaiting confirmation" getting caught although i can't decipher how many of these are genuine or not without going through the many thousands of entries one by one and checking their IP's against Project Honeypot.

I do appreciate everything you are trying to do to resolve this.
Reply With Quote
  #139  
Old 05-08-2011, 12:01 PM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Eric View Post
It's possible they are picked up as spiders visited before BB is ran.
I use Paul M's Track Guest Visits to monitor spiders.

Quote:
Originally Posted by Eric View Post
You should be able to now.

And thanks for going into a little bit more detail on those for me
Could you give the user Alfa1 permission? I have an account at trac.

Some brainstorming:
An important factor in regards to bots being malicious or not, is if they respect robots.txt or not. If I want to block a bot, the first thing I do is disallow it in robots.txt
If after a week I still find it on my site (and therefore the bot has not respected robots.txt), then I blacklist the bot in BB.

I wonder if it would be a good idea to automatically blacklist bots that disrespect robots.txt ?


Does anyone (especially error10) know if the spiderlist.xml provided by Mosh is complete enough for the purposes of keeping an eye on malicious bots?
See: http://www.wolfshead-solutions.com/display-spiders
Reply With Quote
  #140  
Old 05-09-2011, 05:08 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi Eric, an update on the blocked users, it seems that they are getting as far as the login, they get the vb welcome message on logon, nothing at all from BB but after the welcome screen they are shown as though they have not logged on i.e username and password boxes remain blank and they remain in the "Unregistered/Not logged on" usergroup, however BB shows the results i have previously posted?
Reply With Quote
  #141  
Old 05-09-2011, 05:32 AM
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Location: Kentucky
Posts: 792
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Simon Lloyd View Post
Hi Eric, an update on the blocked users, it seems that they are getting as far as the login, they get the vb welcome message on logon, nothing at all from BB but after the welcome screen they are shown as though they have not logged on i.e username and password boxes remain blank and they remain in the "Unregistered/Not logged on" usergroup, however BB shows the results i have previously posted?
Hmm. I'll be releasing an update soon that will allow you to skip members in the BB processing. If you want to try it out (** UNTESTED AS OF YET **) http://trac.assembla.com/vb-bad-beha...adbehavior.xml
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:17 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05159 seconds
  • Memory Usage 2,370KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (10)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (2)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (3)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete