Welcome to Geeklog, Anonymous Saturday, November 30 2024 @ 05:33 am EST

Geeklog Forums

bad behavior


Flagg

Anonymous
i upgraded to the newest release last night, then installed bad behavior. i deleted the newest round of spammer/users from the users list... far as i can see, bad behavior is installed correctly... HOWEVER... new spammer-users are present within the list... how do I teach bad behavior about this spammer? I see no configuration for bad behavior... when i look at it as admin, nothing is listed and there's absolutely no configuration buttons or anything else... i just assumed, when it noted a bad IP address, it would do things automagically or give me the buttons then... as it stands, even if i knew of a bad IP, i couldn't add it to a list... am I missing something? is it broken or what?


/CF
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Did you remember to add that extra line to lib-common.php?

bye, Dirk
 Quote

Flagg

Anonymous
yep. made sure of it.



/CF
 Quote

Flagg

Anonymous
what does bad behavior look at? the logfile or realtime when someone is visting the site? if logfile... what logfile name does it look for? is there a configuration file I need to edit?



/CF
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
It should be pointed out that Bad Behavior mainly does two things: It blocks invalid / incorrect requests and it blocks certain well-known spamming tools (and other bad bots, e.g. email harvesters).

It's perfectly possible that the bot you're seeing is new and not known to Bad Behavior yet. And as long as it sends proper HTTP requests, Bad Behavior will just let it through. That's why it's a good idea to have some other tools in place as well.

Also, the Bad Behavior plugin for Geeklog is based on Bad Behavior 1.2.4, while the current version is 2.0.6. That is a complete rewrite and I haven't had the time to look into it and make a Geeklog plugin based on that version.

If you want to block specific IP addresses, you can do that in a .htaccess or using the Ban plugin. There are also modules for Spam-X that add spammers to the Ban list or report them to Bad Behavior.

To summarize: There's no single "silver bullet" against spam. Some tools will block some spam, others will block other sorts of spam.

We have a wiki page, Dealing with Spam, with further information and links that you may want to read.

bye, Dirk
 Quote

Flagg

Anonymous
one other question while I have your attention...

When looking at my httpd logfile, what should I be looking for when it comes to new account creation? I've played around with it a bit and found a couple items, such as mode=new.... in order to track down the IP address that creates these new accounts, I need to know what to look for and haven't as yet found it.

i think it would be wonderful if the powers-that-be would add a line in the next geeklog release or possibly a hot-fix/hack that would add the last known IP address to access an account or the IP address that created the account to the Users page.

/CF
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by Flagg: When looking at my httpd logfile, what should I be looking for when it comes to new account creation?

A real new user would first use the .../users.php?mode=new URL, then do a POST /users.php. Also check what else is requested from the same IP address - bots don't load images or stylesheets, for example.

You have to keep in mind, though, that you can't tell from a POST /users.php whether they signed up for a new account or logged in with that request. You would have the check the context of that request to find out.

HTH

bye, Dirk
 Quote

All times are EST. The time is now 05:33 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content