Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
vB Bad Behavior Details »
vB Bad Behavior
Mod Version: 1.0.13, by Eric (Coder) Eric is offline
Developer Last Online: Jul 2019 I like it Show Printable Version Email this Page

vB Version: 3.8.x Rating: (13 votes - 5.00 average) Installs: 90
Released: 05 Apr 2011 Last Update: 23 Apr 2013 Downloads: 449
Not Supported DB Changes Uses Plugins Additional Files Re-usable Code Translations External Content  

/**
* vB Bad Behavior is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*/


What is vB Bad Behavior?
This is an integration of the Bad Behavior software with vBulletin.

What is Bad Behavior?
Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it. Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site's load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.

Visit http://bad-behavior.ioerror.us/ for more.

Features
For more information on the features of Bad Behavior (and subsequently this mod) please go to Bad Behavior's site:

http://bad-behavior.ioerror.us/documentation/benefits/

For features related to the mod itself, please take a look at the screenshots.

This mod should work with the entire 3.x series (well, beginning with 3.5), but it's only been tested on 3.8.x. I'm not sure if this works on vB 4.x yet, as I've not tested it - but if you try it out, let me know!

Installation
1. Extract the contents of the zip file.
2. Upload the contents of the `upload` folder to your forum root.
3. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
4. Import the product using the `product-vb_badbehavior.xml` file.
5. Configure the mod in AdminCP -> vBulletin Options -> vBulletin Options -> vB Bad Behavior Options

Upgrading

vB Bad Behavior
In many cases, all you'll need to do to upgrade is follow the installation instructions above.

The only difference, will be you'll need to allow the files to overwrite. Also, when re-importing the product file, you'll need to set "Allow Overwrite" to "Yes".

Bad Behavior
Bad Behavior's files are at `/includes/bad-behavior/`. If you wish to update manually go to:

http://bad-behavior.ioerror.us/download/

And download the latest development version. Extract the zip, and upload the contents of `bad-behavior` to `/includes/bad-behavior/` allowing the files to overwrite.

Versions
The current version of Bad Behavior this mod is using is: v2.2.14
The current version of Bad Behavior (development) is: v2.2.14

Changelog
Version 1.0.13, 04/23/2013
  • Bad Behavior upgraded to 2.2.14

Version 1.0.12, 12/21/2012 -- Released: 02/05/2013
  • Bad Behavior upgraded to 2.2.13
  • Added some more ranges to whitelist.ini

Version 1.0.10, 09/09/2012
  • Bad Behavior upgraded to 2.2.10

Version 1.0.9, 06/17/2012
  • Bad Behavior upgraded to 2.2.7

Version 1.0.8, 06/12/2012
  • Bad Behavior upgraded to 2.2.6
  • New Setting: EU Cookie

Version 1.0.7, 05/04/2012
  • Bad Behavior upgraded to 2.2.3
  • Cron/Scheduled Task for automatic log pruning added.

Version 1.0.6, 01/04/2012
  • Bad Behavior upgraded to 2.1.15

Version 1.0.5, 05/26/2011
  • Added option for bypassing users/members.
  • If the visitor is a user, and is in usergroup 5, 6, or 7 (admin/mod/super mod) - Bad Behavior is bypassed.
  • Modified bad-behavior core to check for Google Web Preview
    • file edited: /includes/bad-behavior/core.inc.php
  • Added a link beside the IP address in the log for WhoIs.

Version 1.0.4, 04/28/2011
  • Bad Behavior upgraded to 2.1.13 (fixes search engine block issues)
  • Added Paypal/Paypal IPN IP address to the whitelist.
  • Added payment gateway file names to the whitelist.

Version 1.0.3, 04/21/2011
  • Fix #1: Pruning log doesn't work.
  • Fix #3: POST more than two days after GET (added support for BB's javascript)
  • Fix #5: Cannot modify header information error (suppressed error in BB's function)
  • Implemented #6: Filter per key (new admincp option to list keys not to be shown in log)
  • Implemented #9: Show link to member profile (if userid is found in headers, link to profile)

Version 1.0.2, 04/10/2011
  • Updated /includes/functions_vb_badbehavior.php to:
    • disable Reverse Proxy if Reverse Proxy Addresses are empty
    • distinguish SQL queries using "SET", for example: SET @@session.wait_timeout = 90 - which is used by BB
    • set "offsite_forms" to false by default, as it's not really needed in vB IMHO, and it can cause problems with certain setups
    • cleaned up the bb2_read_settings() function and fixed a typo in one of the vbulletin options calls
  • Updated /includes/whitelist.ini to include the following GOOGLE ranges:
    • 74.125.0.0/16
    • 216.239.32.0/19
    • 209.85.128.0/17
    • 66.102.0.0/20
  • Updated /admincp/vb_badbehavior.php
    • Log pruning was pruning all logs, despite what was entered for number of days

Version 1.0.1, 04/06/2011
  • Bad Behavior upgraded to 2.1.12
  • Changed files:
    • /includes/bad-behavior/core.inc.php
    • /includes/bad-behavior/searchengine.inc.php
  • "Verbose" admin option now set to "No" by default.

Version 1.0.0, 04/05/2011
  • Initial release.


Screenshots
Screenshots can now be seen at: http://www.secondversion.com/images/vb/vb_badbehavior/

I was running out of room for attachments here on vB.org


Development

https://github.com/ericsizemore/vb_b...ree/master/vb3


Only those who "Mark As Installed" will receive support for this modification.

Download Now

Only licensed members can download files, Click Here for more information.

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Integration with vBulletin Project HoneyPot HTTP Blacklist Addon ( with Bad Behavior integration) TheSupportForum Modification Graveyard 51 09 Apr 2011 14:59
Integration with vBulletin Bad Behavior Integration SemperFideles vBulletin 4.x Add-ons 45 06 Apr 2011 02:27

  #16  
Old 06 Apr 2011, 13:36
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Does BB submit to ProjectHoneypot? If a bad bot hits my site, then will it be submitted to the database? Or do we need to install additional software to join the honeypot network?

Nominated.


The bots artabus and deepnet explorer are still registering accounts. Can I submit these bots somewhere? Or can I block them with BB?

Last edited by Alfa1; 06 Apr 2011 at 14:06.
Reply With Quote
  #17  
Old 06 Apr 2011, 15:07
Lee G Lee G is offline
 
Join Date: Jun 2006
Real name: Lee
If you go into the bad behaviour folder, look for the blacklist.inc.php file
Open it with wordpad or your prefered editor
There are two sections there for banning user agents, first part is begins with user agents
Second part is, if found anywhere user agents

Ban anywhere user agents are after this code

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Add the following to the found anywhere section


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

This mod is so easy to work with on banning or blocking bad user agents
I found this mod cured a problem I have with banning user agents via htaccess

To test if the ban works. Go to Bots vrs Browsers and check on this page
http://www.botsvsbrowsers.com/SimulateUserAgent.asp

Add the user agents anywhere in the test string and try to view your forum

Last edited by Lee G; 06 Apr 2011 at 15:15.
Reply With Quote
  #18  
Old 06 Apr 2011, 22:30
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Originally Posted by error10 View Post
Sorry to do this to you Eric, but I just pushed an important update that you'll want to put out as soon as possible.
Ah, no probs. I just got home from work, and will be heading to dinner - but I'll update the mod in the next couple hours.

Originally Posted by Lee G View Post
Nominated for mod of the month

I love using the earlier version of Bad Behaviour.
This version has just made my day on fighting scrapers and spam bots

Thanks very much for releasing this
Thanks for the nomination Lee

Originally Posted by Alfa1 View Post
Does BB submit to ProjectHoneypot? If a bad bot hits my site, then will it be submitted to the database? Or do we need to install additional software to join the honeypot network?

Nominated.


The bots artabus and deepnet explorer are still registering accounts. Can I submit these bots somewhere? Or can I block them with BB?
Thanks for the nomination as well Alfa1 As for ProjectHoneyBot - as far as I'm aware, it does not submit to the project, only checks against the black list - but I'll see what I can do about that.

And thanks to Lee for posting the code for adding those bots, that should work for you.
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
  #19  
Old 06 Apr 2011, 23:23
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Version 1.0.1, 04/06/2011
- Bad Behavior upgraded to 2.1.12
- Changed files:
o /includes/bad-behavior/core.inc.php
o /includes/bad-behavior/searchengine.inc.php
- "Verbose" admin option now set to "No" by default.


I've reached the max. number of attachments for this thread - so I'll have to move the screenshots elsewhere. I will do this soon.
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
  #20  
Old 07 Apr 2011, 00:15
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
There seems to be a problem. After running this for 18 hours I have about 8.000 log entries. I do have an active site. A quick glance shows at least 50 valid members were repeatedly blocked from logging in. So there must be many more guests that have been blocked. About 98% of my users are not logged in.
There were 30% less posts today than normal. This could be a coincidence, but we do not normally get this much deviation.

Im getting the first support tickets in. Im not sure if it is related, but I do have vbadvanced installed. One member mentioned that he was able to log in from forum home, but not from the vbadvanced portal.

I have temporarily turned BB off until this issue is resolved. Please let me know if you need any information or if I can do anything to fix it.

Last edited by Alfa1; 07 Apr 2011 at 00:24.
Reply With Quote
  #21  
Old 07 Apr 2011, 00:27
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Originally Posted by Alfa1 View Post
There seems to be a problem. After running this for 18 hours I have about 8.000 log entries. I do have an active site. A quick glance shows at least 50 valid members were repeatedly blocked from logging in. So there must be many more guests that have been blocked. About 98% of my users are not logged in.
There were 30% less posts today than normal. This could be a coincidence, but we do not normally get this much deviation.

Im getting the first support tickets in. Im not sure if it is related, but I do have vbadvanced installed. One member mentioned that he was able to log in from forum home, but not from the vbadvanced portal.

I have temporarily turned BB off until this issue is resolved. Please let me know if you need any information or if I can do anything to fix it.
In the logs, you're able to click on the "Key" to see the reason for them being blocked. So if you could let me know what it's showing as the reason, and the URL(s) they were blocked on, I'll take a look. As for vBAdvanced, it's not a product I use personally, but what version are you using?
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
  #22  
Old 07 Apr 2011, 01:07
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
About 50 members causing there instances:
HTTP Response: 403
Explanation: You do not have permission to access this server. Data may not be posted from offsite forms.
Log Message: Referer did not point to a form on this site
/forum/login.php?do=login
My website has various urls and runs both http as https.

1 member causing these instances:
HTTP Response: 403
Explanation: You do not have permission to access this server. This may be caused by a malfunctioning proxy server or browser privacy software.
Log Message: A User-Agent is required but none was provided.
These are donation / subscription payments that are blocked.
The url for this one relates to my payment module and contains variables relating to payment information.

I did not find logs relating to /index.php or other vbadvanced pages, except for malicious bots hitting it.
Im running vbadvanced 3.2
Reply With Quote
  #23  
Old 07 Apr 2011, 01:12
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Originally Posted by Alfa1 View Post
About 50 members causing there instances:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

/forum/login.php?do=login

1 member causing these instances:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

These are donation / subscription payments that are blocked.
The url for this one relates to my payment module and contains variables relating to payment information.

I did not find logs relating to /index.php or other vbadvanced pages, except for malicious bots hitting it.
Im running vbadvanced 3.2
So for the first one... vBAdvanced posting from / to /forum/login.php seems to be triggering BB as being an "offsite form". Let me look into that.

On the second one, would you mind showing me the header information? (If you'd PM it to me, and remove any type of private information).
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
  #24  
Old 07 Apr 2011, 01:25
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Ok, on the first one, given vB's form tokens, you should be able to edit /includes/functions_vb_badbehavior.php and set "offsite_forms" to true in the $bb2_settings_defaults array.
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
  #25  
Old 07 Apr 2011, 01:33
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Sent by PM.
Reply With Quote
  #26  
Old 07 Apr 2011, 09:08
Hornstar's Avatar
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Real name: Matt
I will watch this one, however I too don't want legit users blocked, so I will see how you go first alfa
Reply With Quote
  #27  
Old 07 Apr 2011, 13:12
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
After discussing the issue via PM with Alfa1, I have a few ideas for some changes that I'll implement in the next release. For now, if you use this mod, especially if using vBAdvanced or other portals that will allow a user to login from it, edit /includes/vb_badbehavior.php and set 'offsite_forms' to true in the $bb2_settings_defaults array.

I'm going to work right now, so I'll post more once I get home.
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
  #28  
Old 08 Apr 2011, 21:35
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Screenshots can now be seen at: http://www.secondversion.com/images/vb_badbehavior/

I was running out of room for attachments here on vB.org - Also, to lower the size of the download... removed the screenshots from the zip files.
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.

Last edited by Eric; 08 Apr 2011 at 21:40.
Reply With Quote
  #29  
Old 09 Apr 2011, 02:09
thenetbox thenetbox is offline
 
Join Date: Mar 2002
Things seem to work so far Thanks!

When I enter the http:BL API Key, the entire forum goes blank though. White screen, no error.
Reply With Quote
  #30  
Old 09 Apr 2011, 02:27
thenetbox thenetbox is offline
 
Join Date: Mar 2002
Is there a way to whitelist a few IP addresses or user agents?

Thanks again.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 23:57.

Layout Options | Width: Wide Color: