Welcome to Geeklog, Anonymous Saturday, November 30 2024 @ 05:33 am EST
Geeklog Forums
bad behavior
Flagg
Anonymous
i upgraded to the newest release last night, then installed bad behavior. i deleted the newest round of spammer/users from the users list... far as i can see, bad behavior is installed correctly... HOWEVER... new spammer-users are present within the list... how do I teach bad behavior about this spammer? I see no configuration for bad behavior... when i look at it as admin, nothing is listed and there's absolutely no configuration buttons or anything else... i just assumed, when it noted a bad IP address, it would do things automagically or give me the buttons then... as it stands, even if i knew of a bad IP, i couldn't add it to a list... am I missing something? is it broken or what?
/CF
/CF
9
9
Quote
Flagg
Anonymous
yep. made sure of it.
/CF
/CF
6
8
Quote
Flagg
Anonymous
what does bad behavior look at? the logfile or realtime when someone is visting the site? if logfile... what logfile name does it look for? is there a configuration file I need to edit?
/CF
/CF
9
9
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
It should be pointed out that Bad Behavior mainly does two things: It blocks invalid / incorrect requests and it blocks certain well-known spamming tools (and other bad bots, e.g. email harvesters).
It's perfectly possible that the bot you're seeing is new and not known to Bad Behavior yet. And as long as it sends proper HTTP requests, Bad Behavior will just let it through. That's why it's a good idea to have some other tools in place as well.
Also, the Bad Behavior plugin for Geeklog is based on Bad Behavior 1.2.4, while the current version is 2.0.6. That is a complete rewrite and I haven't had the time to look into it and make a Geeklog plugin based on that version.
If you want to block specific IP addresses, you can do that in a .htaccess or using the Ban plugin. There are also modules for Spam-X that add spammers to the Ban list or report them to Bad Behavior.
To summarize: There's no single "silver bullet" against spam. Some tools will block some spam, others will block other sorts of spam.
We have a wiki page, Dealing with Spam, with further information and links that you may want to read.
bye, Dirk
It's perfectly possible that the bot you're seeing is new and not known to Bad Behavior yet. And as long as it sends proper HTTP requests, Bad Behavior will just let it through. That's why it's a good idea to have some other tools in place as well.
Also, the Bad Behavior plugin for Geeklog is based on Bad Behavior 1.2.4, while the current version is 2.0.6. That is a complete rewrite and I haven't had the time to look into it and make a Geeklog plugin based on that version.
If you want to block specific IP addresses, you can do that in a .htaccess or using the Ban plugin. There are also modules for Spam-X that add spammers to the Ban list or report them to Bad Behavior.
To summarize: There's no single "silver bullet" against spam. Some tools will block some spam, others will block other sorts of spam.
We have a wiki page, Dealing with Spam, with further information and links that you may want to read.
bye, Dirk
9
12
Quote
Flagg
Anonymous
one other question while I have your attention...
When looking at my httpd logfile, what should I be looking for when it comes to new account creation? I've played around with it a bit and found a couple items, such as mode=new.... in order to track down the IP address that creates these new accounts, I need to know what to look for and haven't as yet found it.
i think it would be wonderful if the powers-that-be would add a line in the next geeklog release or possibly a hot-fix/hack that would add the last known IP address to access an account or the IP address that created the account to the Users page.
/CF
When looking at my httpd logfile, what should I be looking for when it comes to new account creation? I've played around with it a bit and found a couple items, such as mode=new.... in order to track down the IP address that creates these new accounts, I need to know what to look for and haven't as yet found it.
i think it would be wonderful if the powers-that-be would add a line in the next geeklog release or possibly a hot-fix/hack that would add the last known IP address to access an account or the IP address that created the account to the Users page.
/CF
8
11
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by Flagg: When looking at my httpd logfile, what should I be looking for when it comes to new account creation?
A real new user would first use the .../users.php?mode=new URL, then do a POST /users.php. Also check what else is requested from the same IP address - bots don't load images or stylesheets, for example.
You have to keep in mind, though, that you can't tell from a POST /users.php whether they signed up for a new account or logged in with that request. You would have the check the context of that request to find out.
HTH
bye, Dirk
10
8
Quote
All times are EST. The time is now 05:33 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content