{"id":1000,"date":"2011-01-18T10:00:25","date_gmt":"2011-01-18T16:00:25","guid":{"rendered":"http:\/\/thepizzy.net\/blog\/?p=1000"},"modified":"2014-07-07T11:31:25","modified_gmt":"2014-07-07T16:31:25","slug":"wordpress-plugin-bad-behavior","status":"publish","type":"post","link":"https:\/\/thepizzy.net\/blog\/2011\/01\/wordpress-plugin-bad-behavior\/","title":{"rendered":"WordPress Plugin: Bad Behavior"},"content":{"rendered":"

Since I started using a\u00c2\u00a0WordPress\u00c2\u00a0blog back in 2005, I’ve always had the Akismet\u00c2\u00a0WordPress\u00c2\u00a0plugin<\/a> installed, and it was the sole provider of my spam protection. It has done an awesome job with an at-this-moment\u00c2\u00a099.843% accuracy rating, and has blocked\u00c2\u00a021,215 spam comments of which 6,686 of them were just in the last 6 months.<\/p>\n

About a week ago, I found an additional<\/strong> spam blocking plugin that has also been very helpful. This one is called Bad Behavior<\/a>.<\/p>\n

In my observations over the last couple months, it appears that Akismet will block a comment that doesn’t seem to have any correlation to the content of the blog post. This would be why you see posts in your Spam queue that contain no links, no really harmful URLs, and just random text or pointless statements in the body of the comment. I’m sure Akismet is much more complicated than that, though, and I would assume there is a backend database of known spamming IPs\/Hosts out there that it may also check against. However, the simplest, and likely initial method of detecting spam is via content.<\/p>\n

Not with Bad Behavior. Instead of checking the content of the spam, it looks at the stuff you can’t see – the HTTP Headers, IP, User-Agent String, etc. From their own website…<\/p>\n

Bad Behavior analyzes the HTTP headers, IP address, and other metadata regarding the request to determine if it is spammy or malicious. This approach has proved, as one user said, \u00e2\u20ac\u0153shockingly effective.\u00e2\u20ac\u009d After all, spammers write their bots on the cheap, and have little incentive to code very well. If they could code very well, they probably wouldn\u00e2\u20ac\u2122t be spammers.<\/p>\n

When Bad Behavior looks at a request, it determines if the request matches a profile of known malicious or spammy activity, and falls outside the bounds of a normal human browsing the web. If so, the request is blocked. But a way out is provided for any human beings with unusual configurations or viruses\/Trojans on their computer who may be blocked.<\/p>\n

Source: How Bad Behavior Works<\/a><\/p>\n<\/blockquote>\n

Here’s an example of some of the content it has blocked from this very blog…<\/p>\n

\"\"<\/a><\/p>\n

The image above is using a User-Agent string that includes the Windows version “Windows XP”. Anyone who has done their homework, and makes up a User-Agent string knows that Windows XP is actually Windows NT 5.x where X is the Service Pack number applied. Since Windows XP is not a valid User-Agent String (even though they went to so much trouble to include all the other information in the header), it was blocked.<\/p>\n

\"\"<\/a><\/p>\n

With this image, the plugin saw that the header was missing the “Accept” statement, telling the server receiving the request what types of files it was willing to accept as a response. Most of the attempts to bot-post that I have seen blocked in the past week or so have been this type of error.<\/p>\n

According to the Bad Behavior Benefits and Features page<\/a>, the plugin runs before any of your PHP-based software (yeah, that’s right, it is available for any PHP-coded site, not just\u00c2\u00a0WordPress\u00c2\u00a0blogs), so your server never has to respond to a bot just “harvesting data and delivering junk.” Instead the bot is given some 400-style error, and never gets a response from your site.<\/p>\n

There are more features and settings that I haven’t had a chance to play around with yet, but if I find it necessary, I’ll create an additional post or add them to this one. I recommend this plugin to go alongside any other spam protection you have in place on your form-driven website or blog.<\/p>\n","protected":false},"excerpt":{"rendered":"

Since I started using a\u00c2\u00a0WordPress\u00c2\u00a0blog back in 2005, I’ve always had the Akismet\u00c2\u00a0WordPress\u00c2\u00a0plugin installed, and it was the sole provider of my spam protection. It has done an awesome job with an at-this-moment\u00c2\u00a099.843% accuracy rating, and has blocked\u00c2\u00a021,215 spam comments of which 6,686 of them were just in the last 6 months. About a week […]<\/p>\n","protected":false},"author":1,"featured_media":1001,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[564,3,516],"tags":[789,788,792,791,790],"class_list":["post-1000","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-reviews","category-tech","category-wordpress-projects","tag-akismet","tag-bad-behavior","tag-spam-control","tag-spam-protection","tag-wordpress-plugins"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/thepizzy.net\/blog\/wp-content\/uploads\/2011\/01\/stopspam1.jpg?fit=225%2C192&ssl=1","jetpack_likes_enabled":false,"jetpack_shortlink":"https:\/\/wp.me\/prOO4-g8","jetpack-related-posts":[{"id":1298,"url":"https:\/\/thepizzy.net\/blog\/2011\/04\/if-i-can-block-spam-email-why-not-spam-commercials\/","url_meta":{"origin":1000,"position":0},"title":"If I can block spam email, why not spam commercials?","author":"[[Neo]]","date":"April 15, 2011","format":false,"excerpt":"The viewer should be able to mark commercials as SPAM, False-Advertisement, or Irrelevant to see more poignant commercials.","rel":"","context":"In "Spyware"","block_context":{"text":"Spyware","link":"https:\/\/thepizzy.net\/blog\/category\/security-tech\/spyware\/"},"img":{"alt_text":"MyCleanPC.com installs spyware and viruses","src":"https:\/\/i0.wp.com\/thepizzy.net\/blog\/wp-content\/uploads\/2011\/04\/mycleanpc-com1.jpg?fit=477%2C283&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":1579,"url":"https:\/\/thepizzy.net\/blog\/2014\/05\/wordpress-3-9-1-javascript-typeerror-a-is-undefined\/","url_meta":{"origin":1000,"position":1},"title":"WordPress 3.9.1, Javascript “TypeError: a is undefined”","author":"[[Neo]]","date":"May 17, 2014","format":false,"excerpt":"How to fix WordPress Media Gallery display issue and javascript \"TypeError: a is undefined\" error","rel":"","context":"In "Tech Fixes"","block_context":{"text":"Tech Fixes","link":"https:\/\/thepizzy.net\/blog\/category\/tech\/tech-fixes\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/thepizzy.net\/blog\/wp-content\/uploads\/2014\/05\/wordpress-logo-stacked-rgb1.png?fit=499%2C310&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":194,"url":"https:\/\/thepizzy.net\/blog\/2009\/02\/project-upstream-and-the-salmon-spam-bots\/","url_meta":{"origin":1000,"position":2},"title":"Project Upstream and the *salmon “spam bots”","author":"[[Neo]]","date":"February 12, 2009","format":false,"excerpt":"Well, last night was about the 7th time I'd been messaged by a salmon-themed screenname. The first time I was messaged, I asked if they were a bot, and got a response. However, since I have used the TrillAlice plugin before for Trillian, I knew that just because it responded\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/thepizzy.net\/blog\/category\/tech\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/thepizzy.net\/blog\/wp-content\/uploads\/2009\/02\/Mega-Man-2-Giant-Robot-Fish-620x-300x251.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":1288,"url":"https:\/\/thepizzy.net\/blog\/2011\/04\/how-cable-companies-could-make-commercials-more-useful\/","url_meta":{"origin":1000,"position":3},"title":"How Cable Companies could make Commercials more useful","author":"[[Neo]]","date":"April 14, 2011","format":false,"excerpt":"Why not let the viewer schedule a reminder\/recording for a show advertised 3-4 weeks in advance of it airing on digital cable?","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/thepizzy.net\/blog\/category\/tech\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/thepizzy.net\/blog\/wp-content\/uploads\/2011\/04\/tvremote4web1.jpg?fit=1200%2C825&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/thepizzy.net\/blog\/wp-content\/uploads\/2011\/04\/tvremote4web1.jpg?fit=1200%2C825&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/thepizzy.net\/blog\/wp-content\/uploads\/2011\/04\/tvremote4web1.jpg?fit=1200%2C825&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/thepizzy.net\/blog\/wp-content\/uploads\/2011\/04\/tvremote4web1.jpg?fit=1200%2C825&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/thepizzy.net\/blog\/wp-content\/uploads\/2011\/04\/tvremote4web1.jpg?fit=1200%2C825&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":77,"url":"https:\/\/thepizzy.net\/blog\/2007\/04\/shozu-and-picasa-web-albums\/","url_meta":{"origin":1000,"position":4},"title":"ShoZu and Picasa Web Albums","author":"[[Neo]]","date":"April 7, 2007","format":false,"excerpt":"So, I downloaded ShoZu for my cell phone to upload pics to the intarwebs...and I'm not excited about it. I put it on the phone to upload pics to Picasa Web Albums, and I think that works fine...but it's the crap that it tacks on to the end of the\u2026","rel":"","context":"In "Programming"","block_context":{"text":"Programming","link":"https:\/\/thepizzy.net\/blog\/category\/tech\/programming\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":184,"url":"https:\/\/thepizzy.net\/blog\/2009\/01\/integrating-google-connect\/","url_meta":{"origin":1000,"position":5},"title":"Integrating Google Connect","author":"[[Neo]]","date":"January 25, 2009","format":false,"excerpt":"I've been part of the Google Connect beta since shortly after it came out - but it wasn't until recently that I actually implemented it on my blog and the parent site, www.thepizzy.net. So, if you read this (and I know there has to be at least 4 other people\u2026","rel":"","context":"In "Programming"","block_context":{"text":"Programming","link":"https:\/\/thepizzy.net\/blog\/category\/tech\/programming\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.google.com\/images\/logos\/ps_logo2.png?resize=350%2C200","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/thepizzy.net\/blog\/wp-json\/wp\/v2\/posts\/1000","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thepizzy.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thepizzy.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thepizzy.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thepizzy.net\/blog\/wp-json\/wp\/v2\/comments?post=1000"}],"version-history":[{"count":8,"href":"https:\/\/thepizzy.net\/blog\/wp-json\/wp\/v2\/posts\/1000\/revisions"}],"predecessor-version":[{"id":1867,"href":"https:\/\/thepizzy.net\/blog\/wp-json\/wp\/v2\/posts\/1000\/revisions\/1867"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thepizzy.net\/blog\/wp-json\/wp\/v2\/media\/1001"}],"wp:attachment":[{"href":"https:\/\/thepizzy.net\/blog\/wp-json\/wp\/v2\/media?parent=1000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thepizzy.net\/blog\/wp-json\/wp\/v2\/categories?post=1000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thepizzy.net\/blog\/wp-json\/wp\/v2\/tags?post=1000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}