Integration with vBulletin - vB Bad Behavior

/**
* vB Bad Behavior is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*/

What is vB Bad Behavior?
This is an integration of the Bad Behavior software with vBulletin.

What is Bad Behavior?
Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it. Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site's load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.

Visit http://bad-behavior.ioerror.us/ for more.

Features
For more information on the features of Bad Behavior (and subsequently this mod) please go to Bad Behavior's site:

http://bad-behavior.ioerror.us/documentation/benefits/

For features related to the mod itself, please take a look at the screenshots.

This mod should work with the entire 3.x series (well, beginning with 3.5), but it's only been tested on 3.8.x. I'm not sure if this works on vB 4.x yet, as I've not tested it - but if you try it out, let me know!

Installation
1. Extract the contents of the zip file.
2. Upload the contents of the `upload` folder to your forum root.
3. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
4. Import the product using the `product-vb_badbehavior.xml` file.
5. Configure the mod in AdminCP -> vBulletin Options -> vBulletin Options -> vB Bad Behavior Options

Upgrading

vB Bad Behavior
In many cases, all you'll need to do to upgrade is follow the installation instructions above.

The only difference, will be you'll need to allow the files to overwrite. Also, when re-importing the product file, you'll need to set "Allow Overwrite" to "Yes".

Bad Behavior
Bad Behavior's files are at `/includes/bad-behavior/`. If you wish to update manually go to:

http://bad-behavior.ioerror.us/download/

And download the latest development version. Extract the zip, and upload the contents of `bad-behavior` to `/includes/bad-behavior/` allowing the files to overwrite.

Versions
The current version of Bad Behavior this mod is using is: v2.2.14
The current version of Bad Behavior (development) is: v2.2.14

Changelog
Version 1.0.13, 04/23/2013

• Bad Behavior upgraded to 2.2.14

Version 1.0.12, 12/21/2012 -- Released: 02/05/2013

• Bad Behavior upgraded to 2.2.13
• Added some more ranges to whitelist.ini

Version 1.0.10, 09/09/2012

• Bad Behavior upgraded to 2.2.10

Version 1.0.9, 06/17/2012

• Bad Behavior upgraded to 2.2.7

Version 1.0.8, 06/12/2012

• Bad Behavior upgraded to 2.2.6
• New Setting: EU Cookie

Version 1.0.7, 05/04/2012

• Bad Behavior upgraded to 2.2.3
• Cron/Scheduled Task for automatic log pruning added.

Version 1.0.6, 01/04/2012

• Bad Behavior upgraded to 2.1.15

Version 1.0.5, 05/26/2011

• Added option for bypassing users/members.
• If the visitor is a user, and is in usergroup 5, 6, or 7 (admin/mod/super mod) - Bad Behavior is bypassed.
• Modified bad-behavior core to check for Google Web Preview
  • file edited: /includes/bad-behavior/core.inc.php
• Added a link beside the IP address in the log for WhoIs.

Version 1.0.4, 04/28/2011

• Bad Behavior upgraded to 2.1.13 (fixes search engine block issues)
• Added Paypal/Paypal IPN IP address to the whitelist.
• Added payment gateway file names to the whitelist.

Version 1.0.3, 04/21/2011

• Fix #1: Pruning log doesn't work.
• Fix #3: POST more than two days after GET (added support for BB's javascript)
• Fix #5: Cannot modify header information error (suppressed error in BB's function)
• Implemented #6: Filter per key (new admincp option to list keys not to be shown in log)
• Implemented #9: Show link to member profile (if userid is found in headers, link to profile)

Version 1.0.2, 04/10/2011

• Updated /includes/functions_vb_badbehavior.php to:
  • disable Reverse Proxy if Reverse Proxy Addresses are empty
  • distinguish SQL queries using "SET", for example: SET @@session.wait_timeout = 90 - which is used by BB
  • set "offsite_forms" to false by default, as it's not really needed in vB IMHO, and it can cause problems with certain setups
  • cleaned up the bb2_read_settings() function and fixed a typo in one of the vbulletin options calls
• Updated /includes/whitelist.ini to include the following GOOGLE ranges:
  • 74.125.0.0/16
  • 216.239.32.0/19
  • 209.85.128.0/17
  • 66.102.0.0/20
• Updated /admincp/vb_badbehavior.php
  • Log pruning was pruning all logs, despite what was entered for number of days

Version 1.0.1, 04/06/2011

• Bad Behavior upgraded to 2.1.12
• Changed files:
  • /includes/bad-behavior/core.inc.php
  • /includes/bad-behavior/searchengine.inc.php
• "Verbose" admin option now set to "No" by default.

Version 1.0.0, 04/05/2011

• Initial release.

Screenshots
Screenshots can now be seen at: http://www.secondversion.com/images/vb/vb_badbehavior/

I was running out of room for attachments here on vB.org


Development

https://github.com/ericsizemore/vb_b...ree/master/vb3


Only those who "Mark As Installed" will receive support for this modification.

[Eric]

Updated Bad Behavior core to 2.1.13, but it may be a little bit before an official release of the mod, as I plan on making further changes. For the time being:

http://trac.assembla.com/vb-bad-beha...engine.inc.php
http://trac.assembla.com/vb-bad-beha...r/core.inc.php

You can download those files, then overwrite the corresponding files in: /yourforum/includes/bad-behavior/

[Lee G]

Quote:

Originally Posted by carsafety

I've been watching this mod, planning to install it soon. Do all of these things like search engine spiders, Paypal, adsense and other legitimate scripts come whitelisted out of the box?

If not, is there a list of them somewhere with simple instructions on how to add them?

Whitelisting is easy to do.
In the download folder there is a file which is self explanatory when you open it with an editor like microsoft word pad.

The file to edit is
Includes > Whitelist

To add bad user agents is easier than editing your htaccess file.

Includes > bad-behavior > blacklist.inc.php

That file when you open again is easy to add bad user agents to.
First half is starts with, second half is anywhere in the user agent

Its very easy to work with
Out the box it works very well
I personally still block a lot of ip via htaccess
What you might find is someone will hit you twenty times or more in some cases with different user agents
Some get caught, some dont. If you look at your bb blocks in the logs, these people tend to stand out so you can add an ip block

Its a great bit of software to use in your fight against low life

[carsafety]

Quote:

Originally Posted by Lee G

Whitelisting is easy to do.
In the download folder there is a file which is self explanatory when you open it with an editor like microsoft word pad.

The file to edit is
Includes > Whitelist

Thanks!

Mostly, I'm concerned with whitelisting known entities like Google search, Adsense, Yahoo, Bing, Paypal, etc. Are these generally included int he default whitelist file? I'd have no idea what all to add to whitelist in therms of agents or IP. Obviously, I don't want to block search engines or other "friendly" scripts that should have access to my website.

[error10]

Quote:

Originally Posted by carsafety

Thanks!

Mostly, I'm concerned with whitelisting known entities like Google search, Adsense, Yahoo, Bing, Paypal, etc. Are these generally included int he default whitelist file? I'd have no idea what all to add to whitelist in therms of agents or IP. Obviously, I don't want to block search engines or other "friendly" scripts that should have access to my website.

All of these except PayPal should be in the latest update.

PayPal is an outlier because they refuse to identify themselves in their IPN notifications, so they get blocked by default. The best thing to do with this is to add a URL whitelist entry for your payment gateway URL.

[Eric]

Quote:

Originally Posted by error10

All of these except PayPal should be in the latest update.

PayPal is an outlier because they refuse to identify themselves in their IPN notifications, so they get blocked by default. The best thing to do with this is to add a URL whitelist entry for your payment gateway URL.

Speaking of... updated http://trac.assembla.com/vb-bad-beha...ist.ini?rev=36

[Alfa1]

Quote:

Originally Posted by Eric

Speaking of... updated http://trac.assembla.com/vb-bad-beha...ist.ini?rev=36

Should the /forum/ directory not be defined, so that it becomes /forum/payment_gateway.php

Quote:

Originally Posted by error10

I could also move this test to strict mode, though since it actually does block a lot of spam, I fear it would make Bad Behavior almost useless. So this is a hard problem.

Please consider to make a third mode: 'medium mode' and add this to it.
This mode would be useful for boards that do not want to block valid users, even if it lets some bots through.
I really can not afford to block 80 registered members per day and thats what happening now. Most users just use security software without knowing how to manage it. They are not adjusting their browsing behavior after the notice from BB. Most would not know where to start.

[error10]

Quote:

Originally Posted by Alfa1

Should the /forum/ directory not be defined, so that it becomes /forum/payment_gateway.php

If your payment gateway URL is http://www.example.com/forum/payment_gateway.php then you would put in /forum/payment_gateway.php .

Quote:

Originally Posted by Alfa1

Please consider to make a third mode: 'medium mode' and add this to it.
This mode would be useful for boards that do not want to block valid users, even if it lets some bots through.
I really can not afford to block 80 registered members per day and thats what happening now. Most users just use security software without knowing how to manage it. They are not adjusting their browsing behavior after the notice from BB. Most would not know where to start.

I think I have an idea of how to solve this problem without moving to strict mode. Give me a day or so.

[Eric]

Quote:

Originally Posted by error10

If your payment gateway URL is http://www.example.com/forum/payment_gateway.php then you would put in /forum/payment_gateway.php .



I think I have an idea of how to solve this problem without moving to strict mode. Give me a day or so.

Were you able to come up with something? I'll hold off on the next release if so, that way I can incorporate it first.

[Simon Lloyd]

Quote:

Originally Posted by Simon Lloyd

Ok here's some results, this one was captured, didn't show UserId and isn't registered or unconfirmed:
HEADER
POST /forumz/login.php?do=login HTTP/1.0
Accept: */*
Cookie: tccsessionhash=e575197d38d5a7c06fe82415e7688d00; tcclastvisit=1303620326; tcclastactivity=0; vbet_sessionUsed=1
Host: www.thecodecage.com
Pragma: no-cache
Proxy-Connection: Keep-Alive
Referer: http://www.thecodecage.com/register.html?agreed=true
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
ENTITY
vb_login_username: elderatot
cookieuser: 1
vb_login_password: 18gcAEp796
submit: Log in
s:
securitytoken: guest
do: login
vb_login_md5password: 8fb830d941xxxxxxxxbfe29fcc8
vb_login_md5password_utf: 8fb830d9412xxxxxxxxbfe29fcc8
ajax: 0
KEY
2b021b1f

Just in summary, i went through 1,000 (no really i did ) entries and none of them including the one above showed UserId either filled in or blank.

Hope that helps.

Hi Eric, it seems that the revised code you gave with regards to the UserId is working fine, i reported the above to you after changing the code, i have just has a genuine user caught by the mod and this time it did display UserId just fine

[Eric]

Updated...

Version 1.0.4, 04/28/2011
- Bad Behavior upgraded to 2.1.13 (fixes search engine block issues)
- Added Paypal/Paypal IPN IP address to the whitelist.
- Added payment gateway file names to the whitelist.
- Changes: http://trac.assembla.com/vb-bad-beha...%40trunk%2Fvb3