Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
vB Bad Behavior Details »
vB Bad Behavior
Mod Version: 1.0.13, by Eric (Coder) Eric is offline
Developer Last Online: Jul 2019 I like it Show Printable Version Email this Page

vB Version: 3.8.x Rating: (13 votes - 5.00 average) Installs: 90
Released: 05 Apr 2011 Last Update: 23 Apr 2013 Downloads: 449
Not Supported DB Changes Uses Plugins Additional Files Re-usable Code Translations External Content  

/**
* vB Bad Behavior is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*/


What is vB Bad Behavior?
This is an integration of the Bad Behavior software with vBulletin.

What is Bad Behavior?
Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it. Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site's load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.

Visit http://bad-behavior.ioerror.us/ for more.

Features
For more information on the features of Bad Behavior (and subsequently this mod) please go to Bad Behavior's site:

http://bad-behavior.ioerror.us/documentation/benefits/

For features related to the mod itself, please take a look at the screenshots.

This mod should work with the entire 3.x series (well, beginning with 3.5), but it's only been tested on 3.8.x. I'm not sure if this works on vB 4.x yet, as I've not tested it - but if you try it out, let me know!

Installation
1. Extract the contents of the zip file.
2. Upload the contents of the `upload` folder to your forum root.
3. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
4. Import the product using the `product-vb_badbehavior.xml` file.
5. Configure the mod in AdminCP -> vBulletin Options -> vBulletin Options -> vB Bad Behavior Options

Upgrading

vB Bad Behavior
In many cases, all you'll need to do to upgrade is follow the installation instructions above.

The only difference, will be you'll need to allow the files to overwrite. Also, when re-importing the product file, you'll need to set "Allow Overwrite" to "Yes".

Bad Behavior
Bad Behavior's files are at `/includes/bad-behavior/`. If you wish to update manually go to:

http://bad-behavior.ioerror.us/download/

And download the latest development version. Extract the zip, and upload the contents of `bad-behavior` to `/includes/bad-behavior/` allowing the files to overwrite.

Versions
The current version of Bad Behavior this mod is using is: v2.2.14
The current version of Bad Behavior (development) is: v2.2.14

Changelog
Version 1.0.13, 04/23/2013
  • Bad Behavior upgraded to 2.2.14

Version 1.0.12, 12/21/2012 -- Released: 02/05/2013
  • Bad Behavior upgraded to 2.2.13
  • Added some more ranges to whitelist.ini

Version 1.0.10, 09/09/2012
  • Bad Behavior upgraded to 2.2.10

Version 1.0.9, 06/17/2012
  • Bad Behavior upgraded to 2.2.7

Version 1.0.8, 06/12/2012
  • Bad Behavior upgraded to 2.2.6
  • New Setting: EU Cookie

Version 1.0.7, 05/04/2012
  • Bad Behavior upgraded to 2.2.3
  • Cron/Scheduled Task for automatic log pruning added.

Version 1.0.6, 01/04/2012
  • Bad Behavior upgraded to 2.1.15

Version 1.0.5, 05/26/2011
  • Added option for bypassing users/members.
  • If the visitor is a user, and is in usergroup 5, 6, or 7 (admin/mod/super mod) - Bad Behavior is bypassed.
  • Modified bad-behavior core to check for Google Web Preview
    • file edited: /includes/bad-behavior/core.inc.php
  • Added a link beside the IP address in the log for WhoIs.

Version 1.0.4, 04/28/2011
  • Bad Behavior upgraded to 2.1.13 (fixes search engine block issues)
  • Added Paypal/Paypal IPN IP address to the whitelist.
  • Added payment gateway file names to the whitelist.

Version 1.0.3, 04/21/2011
  • Fix #1: Pruning log doesn't work.
  • Fix #3: POST more than two days after GET (added support for BB's javascript)
  • Fix #5: Cannot modify header information error (suppressed error in BB's function)
  • Implemented #6: Filter per key (new admincp option to list keys not to be shown in log)
  • Implemented #9: Show link to member profile (if userid is found in headers, link to profile)

Version 1.0.2, 04/10/2011
  • Updated /includes/functions_vb_badbehavior.php to:
    • disable Reverse Proxy if Reverse Proxy Addresses are empty
    • distinguish SQL queries using "SET", for example: SET @@session.wait_timeout = 90 - which is used by BB
    • set "offsite_forms" to false by default, as it's not really needed in vB IMHO, and it can cause problems with certain setups
    • cleaned up the bb2_read_settings() function and fixed a typo in one of the vbulletin options calls
  • Updated /includes/whitelist.ini to include the following GOOGLE ranges:
    • 74.125.0.0/16
    • 216.239.32.0/19
    • 209.85.128.0/17
    • 66.102.0.0/20
  • Updated /admincp/vb_badbehavior.php
    • Log pruning was pruning all logs, despite what was entered for number of days

Version 1.0.1, 04/06/2011
  • Bad Behavior upgraded to 2.1.12
  • Changed files:
    • /includes/bad-behavior/core.inc.php
    • /includes/bad-behavior/searchengine.inc.php
  • "Verbose" admin option now set to "No" by default.

Version 1.0.0, 04/05/2011
  • Initial release.


Screenshots
Screenshots can now be seen at: http://www.secondversion.com/images/vb/vb_badbehavior/

I was running out of room for attachments here on vB.org


Development

https://github.com/ericsizemore/vb_b...ree/master/vb3


Only those who "Mark As Installed" will receive support for this modification.

Download Now

Only licensed members can download files, Click Here for more information.

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Integration with vBulletin Project HoneyPot HTTP Blacklist Addon ( with Bad Behavior integration) TheSupportForum Modification Graveyard 51 09 Apr 2011 14:59
Integration with vBulletin Bad Behavior Integration SemperFideles vBulletin 4.x Add-ons 45 06 Apr 2011 02:27

  #31  
Old 09 Apr 2011, 02:37
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Originally Posted by thenetbox View Post
Things seem to work so far Thanks!

When I enter the http:BL API Key, the entire forum goes blank though. White screen, no error.
Odd. I've been testing the http:BL for some time, works fine on my end. Any errors in your error log?

Originally Posted by thenetbox View Post
Is there a way to whitelist a few IP addresses or user agents?

Thanks again.
Edit /includes/whitelist.ini
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
  #32  
Old 09 Apr 2011, 13:38
Lee G Lee G is offline
 
Join Date: Jun 2006
Real name: Lee
Gone for the install today and all went very easy

Looking through my logs, google and bing seem to get stopped a lot
Im going to white list these in the top level whitelist and see if it cures the problem
Reply With Quote
  #33  
Old 09 Apr 2011, 15:29
Lee G Lee G is offline
 
Join Date: Jun 2006
Real name: Lee
It looks like there is also a complete google range missing 74.125.0.0/16

This is the message I get on most Google bot hits

f1182195

HTTP Response: 403
Explanation: An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.
Log Message: User-Agent claimed to be Googlebot, claim appears to be false.
Reply With Quote
  #34  
Old 09 Apr 2011, 17:18
Lee G Lee G is offline
 
Join Date: Jun 2006
Real name: Lee
A bit more playing around and it looks like google gets blocked when reverse proxy is enabled
Reply With Quote
  #35  
Old 09 Apr 2011, 17:20
thenetbox thenetbox is offline
 
Join Date: Mar 2002
Originally Posted by Eric View Post
Odd. I've been testing the http:BL for some time, works fine on my end. Any errors in your error log?
No. There are no errors in the errorlog when the white screen happens. Removing the API key makes everything go back to normal again.
Reply With Quote
  #36  
Old 09 Apr 2011, 20:39
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Originally Posted by thenetbox View Post
No. There are no errors in the errorlog when the white screen happens. Removing the API key makes everything go back to normal again.
What PHP version are you using?

Originally Posted by Lee G View Post
It looks like there is also a complete google range missing 74.125.0.0/16

This is the message I get on most Google bot hits

f1182195

HTTP Response: 403
Explanation: An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.
Log Message: User-Agent claimed to be Googlebot, claim appears to be false.
Hmm, odd. This appears to be with the Bad Behavior core - you can either add that range to the whitelist.ini file, or edit /includes/bad-behavior/searchengines.inc.php

I'll add this in the next release.
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
  #37  
Old 09 Apr 2011, 20:54
thenetbox thenetbox is offline
 
Join Date: Mar 2002
Originally Posted by Eric View Post
What PHP version are you using?

Thanks for following up

Using PHP Version 5.2.5
Reply With Quote
  #38  
Old 09 Apr 2011, 22:01
Lee G Lee G is offline
 
Join Date: Jun 2006
Real name: Lee
I have been through and found what option kills the google connections
When you put a tick in the "Reverse Proxy" and leave everything below it as is on install, it blocks Google with the f1182195 error and from what I could see also bing

That still occurred with all the bots ip ranges white listed

Once I found that, it has been working well
Reply With Quote
  #39  
Old 10 Apr 2011, 17:13
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Real name: Eric
Version 1.0.2, 04/10/2011
  • Updated /includes/functions_vb_badbehavior.php to:
    • disable Reverse Proxy if Reverse Proxy Addresses are empty
    • distinguish SQL queries using "SET", for example: SET @@session.wait_timeout = 90 - which is used by BB
    • set "offsite_forms" to false by default, as it's not really needed in vB IMHO, and it can cause problems with certain setups
    • cleaned up the bb2_read_settings() function and fixed a typo in one of the vbulletin options calls
  • Updated /includes/whitelist.ini to include the following GOOGLE ranges:
    • 74.125.0.0/16
    • 216.239.32.0/19
    • 209.85.128.0/17
    • 66.102.0.0/20
  • Updated /admincp/vb_badbehavior.php
    • Log pruning was pruning all logs, despite what was entered for number of days
__________________
My modifications

Please do not contact me for support via PM or E-Mail unless I've asked you to do so. Otherwise, your message will be ignored/deleted.
Reply With Quote
  #40  
Old 10 Apr 2011, 18:01
Lee G Lee G is offline
 
Join Date: Jun 2006
Real name: Lee
Nice smooth upgrade
I cant believe how much junk this stops without adding any extra user agents
Just over 3500 log entries since I have been running it

Thanks for all the work your putting into this Eric
Reply With Quote
  #41  
Old 10 Apr 2011, 23:40
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
I think the explanation of what BB is should include that BB also blocks a large number of content scrapers and malicious bots. This saves bandwidth costs and increases security.

I find these very important aspects of BB and adding this will increase the number of sites that install BB.
Reply With Quote
  #42  
Old 11 Apr 2011, 09:47
thomas thomas is offline
 
Join Date: Mar 2002
Thanks for this great mod, Eric!

Originally Posted by Eric View Post
Version 1.0.2, 04/10/2011[*]Updated /includes/whitelist.ini to include the following GOOGLE ranges:
  • 74.125.0.0/16
  • 216.239.32.0/19
  • 209.85.128.0/17
  • 66.102.0.0/20
Does the whitelist also include Google's MediaBot (for AdSense)?
Reply With Quote
  #43  
Old 11 Apr 2011, 15:36
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
I have enabled Bad Behavior again. It immediately freed up my server from an insane server load. Server load went from 38 to 0.7 almost instantly.

I do see a valid members blocked. Details:

A very large number of these:
Key: HTTP Response: 403
Explanation: You do not have permission to access this server. Before trying again, close your browser, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.
Log Message: POST more than two days after GET
User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
URI: /forum/ajax.php
Entity: security token present.
Headers: POST /forum/ajax.php HTTP/1.1
Host: www.my-forum.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://www.my-forum.com/forum/forumdisplay.php?f=398
Content-Length: 82
Cookie: bb2_screener_= [omitted by Alfa1]
DNT: 1
Pragma: no-cache
Cache-Control: no-cache
I dont understand how it is possible that a large number of valid user post more than 2 days after GET.

A large number of these:
Key: HTTP Response: 403
Explanation: An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.
Log Message: Required header 'Accept' missing

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
URI: /forum/misc.php?do=page&template=ncode_opensearch
Entity:
Headers: GET /forum/misc.php?do=page&template=ncode_opensearch HTTP/1.1
Host: www.my-forum.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bb2_screener_= [omitted by Alfa1
I find this one worrisome because its in the 2b021b1f key.
Key: HTTP Response: 403
Explanation: You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.
Log Message: IP address found on http:BL blacklist
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
URI: /forum/ajax.php
Entity: securitytoken: xxxxxxxxxxxxxxxx
do: securitytoken
ajax: 1
Headers:POST /forum/ajax.php HTTP/1.1
Host: www.my-forum.com
Content-Length: 82
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://www.my-forum.com/forum/search...archid=2679481
Cookie: bb2_screener_=xxxxxxxxxxxxx
Pragma: no-cache
Connection: keep-alive
I see these valid members are using proxies like TOR and similar.

Key:
UserAgent:
URI:
Entity:
Headers:
Feature request 1: for the log: filter per key, so that it is possible to see all entries except those with key 00000 and key 2b021b1f. Or just view all entries with a certain key. That makes it much easier to see the similarities of the entries with the same key.

Feature request 2: Alert the admin which members have been blocked by BB and why. This makes it easier to detect problems with BB and forum accounts registered by bots. I think the optimal way to notify the admin is by PM.

Feature request 3: Trace IP directly from the log.

Feature request 4: related to FR 2. If bbuserid is present in headers then show link to user profile in the log. This makes it easy to check if the blocked members was a valid user or not.

Last edited by Alfa1; 11 Apr 2011 at 19:15.
Reply With Quote
  #44  
Old 11 Apr 2011, 20:39
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Running in debug mode and checking out the queries exposes this error on forum home:
Warning: Cannot modify header information - headers already sent by (output started at /private_html/forum/global.php(355) : eval()'d code:166) in /private_html/forum/includes/bad-behavior/screener.inc.php on line 8
End call of global.php: 0.19540810585
Reply With Quote
  #45  
Old 11 Apr 2011, 20:55
Lee G Lee G is offline
 
Join Date: Jun 2006
Real name: Lee
Just been through my last 450 denies and it looks like a Yahoo bot got the cold shoulder

Bot ip 67.195.112.41

Full ip range 67.195.0.0/16
http://whois.domaintools.com/67.195.112.41

Apart from that, its been working like a dream
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 00:58.

Layout Options | Width: Wide Color: