Go Back   vb.org Archive > vBulletin Modifications > vBulletin 3.8 Modifications > vBulletin 3.8 Add-ons

Reply
 
Thread Tools
vB Bad Behavior Details »»
vB Bad Behavior
Version: 1.0.13, by Eric Eric is offline
Developer Last Online: Jun 2023 Show Printable Version Email this Page

Category: Integration with vBulletin - Version: 3.8.x Rating:
Released: 04-04-2011 Last Update: 04-22-2013 Installs: 91
Supported DB Changes Uses Plugins
Re-useable Code Additional Files Translations  

/**
* vB Bad Behavior is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*/


What is vB Bad Behavior?
This is an integration of the Bad Behavior software with vBulletin.

What is Bad Behavior?
Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it. Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site's load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.

Visit http://bad-behavior.ioerror.us/ for more.

Features
For more information on the features of Bad Behavior (and subsequently this mod) please go to Bad Behavior's site:

http://bad-behavior.ioerror.us/documentation/benefits/

For features related to the mod itself, please take a look at the screenshots.

This mod should work with the entire 3.x series (well, beginning with 3.5), but it's only been tested on 3.8.x. I'm not sure if this works on vB 4.x yet, as I've not tested it - but if you try it out, let me know!

Installation
1. Extract the contents of the zip file.
2. Upload the contents of the `upload` folder to your forum root.
3. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
4. Import the product using the `product-vb_badbehavior.xml` file.
5. Configure the mod in AdminCP -> vBulletin Options -> vBulletin Options -> vB Bad Behavior Options

Upgrading

vB Bad Behavior
In many cases, all you'll need to do to upgrade is follow the installation instructions above.

The only difference, will be you'll need to allow the files to overwrite. Also, when re-importing the product file, you'll need to set "Allow Overwrite" to "Yes".

Bad Behavior
Bad Behavior's files are at `/includes/bad-behavior/`. If you wish to update manually go to:

http://bad-behavior.ioerror.us/download/

And download the latest development version. Extract the zip, and upload the contents of `bad-behavior` to `/includes/bad-behavior/` allowing the files to overwrite.

Versions
The current version of Bad Behavior this mod is using is: v2.2.14
The current version of Bad Behavior (development) is: v2.2.14

Changelog
Version 1.0.13, 04/23/2013
  • Bad Behavior upgraded to 2.2.14

Version 1.0.12, 12/21/2012 -- Released: 02/05/2013
  • Bad Behavior upgraded to 2.2.13
  • Added some more ranges to whitelist.ini

Version 1.0.10, 09/09/2012
  • Bad Behavior upgraded to 2.2.10

Version 1.0.9, 06/17/2012
  • Bad Behavior upgraded to 2.2.7

Version 1.0.8, 06/12/2012
  • Bad Behavior upgraded to 2.2.6
  • New Setting: EU Cookie

Version 1.0.7, 05/04/2012
  • Bad Behavior upgraded to 2.2.3
  • Cron/Scheduled Task for automatic log pruning added.

Version 1.0.6, 01/04/2012
  • Bad Behavior upgraded to 2.1.15

Version 1.0.5, 05/26/2011
  • Added option for bypassing users/members.
  • If the visitor is a user, and is in usergroup 5, 6, or 7 (admin/mod/super mod) - Bad Behavior is bypassed.
  • Modified bad-behavior core to check for Google Web Preview
    • file edited: /includes/bad-behavior/core.inc.php
  • Added a link beside the IP address in the log for WhoIs.

Version 1.0.4, 04/28/2011
  • Bad Behavior upgraded to 2.1.13 (fixes search engine block issues)
  • Added Paypal/Paypal IPN IP address to the whitelist.
  • Added payment gateway file names to the whitelist.

Version 1.0.3, 04/21/2011
  • Fix #1: Pruning log doesn't work.
  • Fix #3: POST more than two days after GET (added support for BB's javascript)
  • Fix #5: Cannot modify header information error (suppressed error in BB's function)
  • Implemented #6: Filter per key (new admincp option to list keys not to be shown in log)
  • Implemented #9: Show link to member profile (if userid is found in headers, link to profile)

Version 1.0.2, 04/10/2011
  • Updated /includes/functions_vb_badbehavior.php to:
    • disable Reverse Proxy if Reverse Proxy Addresses are empty
    • distinguish SQL queries using "SET", for example: SET @@session.wait_timeout = 90 - which is used by BB
    • set "offsite_forms" to false by default, as it's not really needed in vB IMHO, and it can cause problems with certain setups
    • cleaned up the bb2_read_settings() function and fixed a typo in one of the vbulletin options calls
  • Updated /includes/whitelist.ini to include the following GOOGLE ranges:
    • 74.125.0.0/16
    • 216.239.32.0/19
    • 209.85.128.0/17
    • 66.102.0.0/20
  • Updated /admincp/vb_badbehavior.php
    • Log pruning was pruning all logs, despite what was entered for number of days

Version 1.0.1, 04/06/2011
  • Bad Behavior upgraded to 2.1.12
  • Changed files:
    • /includes/bad-behavior/core.inc.php
    • /includes/bad-behavior/searchengine.inc.php
  • "Verbose" admin option now set to "No" by default.

Version 1.0.0, 04/05/2011
  • Initial release.


Screenshots
Screenshots can now be seen at: http://www.secondversion.com/images/vb/vb_badbehavior/

I was running out of room for attachments here on vB.org


Development

https://github.com/ericsizemore/vb_b...ree/master/vb3


Only those who "Mark As Installed" will receive support for this modification.

Download Now

File Type: zip vb_badbehavior-1.0.10.zip (65.1 KB, 104 views)
File Type: zip vb_badbehavior-1.0.12.zip (65.4 KB, 58 views)
File Type: zip vb_badbehavior-1.0.13.zip (65.5 KB, 159 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #102  
Old 05-03-2011, 06:28 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi Guy's, this mod is great but has me a little worried, i had an email today from a user who could not gain access, i checked and his ip isn't noted at honeypot, could someone help/explain so i am SURE that no real users are getting caught in future? details below:
HEADER
Quote:
GET / HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/x-shockwave-flash, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */*
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Connection: keep-alive
Cookie: tccsessionhash=3fa5a7621ebcf4e360470468df3ff627; vbet_sessionUsed=1; tcclastvisit=1304375553; tcclastactivity=0; PHPSESSID=6beff1fb7aa112e8fa284b69284d36c6; BVGDU=http%3A//www.hyperpromote.com/tags/showdsnrsec1.html%3Fbvlocationcode%3D666098; BVGDT=21600; pBVPU=yes
Host: www.thecodecage.com
Referer: http://www.excel-it.com/index.html
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.5.30428; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; MS-RTC LM 8; .NET4.0C; .NET4.0E; InfoPath.3; msn OptimizedIE8;ENUS)
Via: 1.1 nap4-wsa2.boyd.net:80 (IronPort-WSA/7.1.0-307)
X-Imforwards: 20
URI is just /

PROTOCOL HTTP/1.1

METHOD GET

USERAGENT
Quote:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.5.30428; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; MS-RTC LM 8; .NET4.0C; .NET4.0E; InfoPath.3; msn OptimizedIE8;ENUS)
KEY 17f4e8c8

IP 64.79.129.xxx (IP has been checked and not logged as bad)

Also Eric, under the IP there was no mention of UserId, should it have shown a userid as he is a valid member?
Reply With Quote
  #103  
Old 05-03-2011, 06:36 AM
error10 error10 is offline
 
Join Date: Feb 2011
Posts: 30
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Simon Lloyd View Post
Hi Guy's, this mod is great but has me a little worried, i had an email today from a user who could not gain access, i checked and his ip isn't noted at honeypot, could someone help/explain so i am SURE that no real users are getting caught in future? details below:
HEADERURI is just /

PROTOCOL HTTP/1.1

METHOD GET

USERAGENT

KEY 17f4e8c8

IP 64.79.129.xxx (IP has been checked and not logged as bad)

Also Eric, under the IP there was no mention of UserId, should it have shown a userid as he is a valid member?
This person had some junk installed on their computer that put the bsalsa.com string in their user agent. The user agent string remains even after they remove the malware. If they click the fix it yourself link, it tells them how to remove it.
Reply With Quote
  #104  
Old 05-03-2011, 06:42 AM
error10 error10 is offline
 
Join Date: Feb 2011
Posts: 30
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Alfa1 View Post
Currently I see a lot of users blocked by the accept issue and must disable BB because of this. The above function would allow me to keep BB running while the issue is addressed.

IMO this ticket about the accept issue should be reopened, as you are trying to resolve the issue:
http://trac.assembla.com/vb-bad-behavior/ticket/4
The one you posted in ticket 4 doesn't look like a legitimate user. Are you absolutely 100% certain that it is?

Quote:
Originally Posted by Eric View Post
I plan on adding stopForumSpam actually.
Please don't. I do not believe Stop Forum Spam is appropriate for use in Bad Behavior, at least not until the service is changed to address my concerns.
Reply With Quote
  #105  
Old 05-03-2011, 06:50 AM
viper357's Avatar
viper357 viper357 is offline
 
Join Date: Dec 2006
Location: Worthing, UK
Posts: 563
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Eric View Post
I plan on adding stopForumSpam actually.
Quote:
Originally Posted by error10 View Post
Please don't. I do not believe Stop Forum Spam is appropriate for use in Bad Behavior, at least not until the service is changed to address my concerns.
I agree, I would much prefer the two mods to be kept separate.
Reply With Quote
  #106  
Old 05-03-2011, 07:01 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by error10 View Post
This person had some junk installed on their computer that put the bsalsa.com string in their user agent. The user agent string remains even after they remove the malware. If they click the fix it yourself link, it tells them how to remove it.
Thanks for the prompt reply but where would they find the "fix it yourself" link?
Reply With Quote
  #107  
Old 05-03-2011, 07:15 AM
error10 error10 is offline
 
Join Date: Feb 2011
Posts: 30
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Simon Lloyd View Post
Thanks for the prompt reply but where would they find the "fix it yourself" link?
Hm, something obviously got lost in translation somewhere.

Anytime some request is blocked by Bad Behavior, a custom error page is displayed which contains some basic information, a technical support key, and a "fix it yourself" link the person can click on to get detailed information about their specific issue.

For instance, if someone's blocked by Project Honey Pot they go to the Project Honey Pot page for their IP address, where they can unblock themselves.

In your specific case, they go to a page where they can download a custom registry cleaning script for this specific issue.

Anybody reporting that they were blocked by Bad Behavior should be able to provide the technical support key that was displayed. If there was no key, then they either weren't blocked by Bad Behavior, or didn't bother to read what was right in front of them.
Reply With Quote
  #108  
Old 05-03-2011, 07:52 AM
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Location: Kentucky
Posts: 792
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Simon Lloyd View Post
Hi Guy's, this mod is great but has me a little worried, i had an email today from a user who could not gain access, i checked and his ip isn't noted at honeypot, could someone help/explain so i am SURE that no real users are getting caught in future? details below:
HEADERURI is just /

PROTOCOL HTTP/1.1

METHOD GET

USERAGENT

KEY 17f4e8c8

IP 64.79.129.xxx (IP has been checked and not logged as bad)

Also Eric, under the IP there was no mention of UserId, should it have shown a userid as he is a valid member?
The Cookie did not have a userid present, so that's why it didn't show.

Quote:
Originally Posted by error10 View Post
The one you posted in ticket 4 doesn't look like a legitimate user. Are you absolutely 100% certain that it is?



Please don't. I do not believe Stop Forum Spam is appropriate for use in Bad Behavior, at least not until the service is changed to address my concerns.
Quote:
Originally Posted by viper357 View Post
I agree, I would much prefer the two mods to be kept separate.
I've had a few requests for it, I may add it then have it disabled by default. I'll think about it
Reply With Quote
  #109  
Old 05-03-2011, 08:06 AM
error10 error10 is offline
 
Join Date: Feb 2011
Posts: 30
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Eric View Post
I've had a few requests for it, I may add it then have it disabled by default. I'll think about it
If Stop Forum Spam gets their act together, then I'll add it in myself. But it's been over a year since I looked at it, and they've gone from having a manual removal form to no removal form at all. They claim it's broken; I suspect it was inundated with spam. This is the wrong direction, I think. Remember, with these blacklists I want to give legitimate people who wind up with a dirty IP address an easy way out.

I've tested a lot of blacklists over the years, and found that all of them block legitimate users from time to time simply because of aggressive IP reuse by ISPs. Since most of them are designed to stop email spam, it's OK if they have a more involved removal process, since it's generally only something the ISP will do, but for the purpose of securing a web site, removals have to be fast and easy. This is where Stop Forum Spam fails.
Reply With Quote
  #110  
Old 05-03-2011, 08:12 AM
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Location: Manchester
Posts: 3,481
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Error10, thanks very much for the detailed explanation, as i've never been blocked by badbehaviour i would not have seen it, when i click the link in the logs for the key i have never seen a link or technical key
Reply With Quote
  #111  
Old 05-03-2011, 08:14 AM
error10 error10 is offline
 
Join Date: Feb 2011
Posts: 30
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Alfa1 View Post
Currently I see a lot of users blocked by the accept issue and must disable BB because of this. The above function would allow me to keep BB running while the issue is addressed.
I haven't forgotten about you. My simple idea for taking care of this issue wasn't so simple after all. This one check blocks a significant portion of harvesters, attack tools, etc., and my first pass at this - while it would let in all of these users - would also let in much of the traffic which was spiking your server load through the roof.

If you want to take that risk, I can send you a custom patch you can upload which will disable the Accept: test.

I also think that an option should exist to allow for registered users to bypass some or all of Bad Behavior's tests. A formal API for this is on the 3.0 roadmap, though I think Eric could whip up some hackery to add this in.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:50 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05487 seconds
  • Memory Usage 2,368KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (14)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (3)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete