Advertisement:

Author Topic: Bad Behavior for SMF mod  (Read 334478 times)

Offline djkimmel

  • Semi-Newbie
  • *
  • Posts: 68
    • GreatLakesBass.com
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #640 on: September 03, 2012, 02:52:26 AM »
New version.  Upgraded to 2.2.9.
  • Corrected error where the malicious activity address variable was incorrect in the core 2.2.9 release (SMF ONLY).

So basically, your SMF Bad Behavior 2.2.9 core = his 2.2.10, correct? Thanks for fixing that.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #641 on: September 03, 2012, 09:22:30 AM »
So basically, your SMF Bad Behavior 2.2.9 core = his 2.2.10, correct? Thanks for fixing that.

Yes, I am used to fixing bugs in BB core. The core's reverse proxy still does not work where the SMF version does.  This is why I test the code throughly before releasing it.

I don't use the Search Engine DNS checked option but I'm curious to see if he changed his Yahoo round trip check from crawl.yahoo.net to what they appear to use now - yst.yahoo.net. Not a big deal for me either way though it will add a little to my understanding of how your mod and his core works.

Everything listed under SMF only options is my code.  The integration with SMF, including the changes to make it compatible is my code.  As far as I can tell I am the first to migrate the whitelist to a forum DB, google safe honeyposts, cache and a BBC where suspicious visitors can not view portions of posts and etc..

The reverse DNS is my area.  I looked into it and here is what I found:
  • Yahoo! Slurp 3.0 will originate from the crawl.yahoo.net domain.  So any reverse DNS checks to ID Yahoo's crawler will still work.
  • Many search-engines host 'unofficial' bots.  Bots reverse searched to crawl.yahoo.net obey robots.txt where yst.yahoo.net tend not to obey robots test.  Many people block yst.yahoo.net, More info.

I do not catch all the changes so please let me know.  I am sure I will eventually miss something.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline djkimmel

  • Semi-Newbie
  • *
  • Posts: 68
    • GreatLakesBass.com
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #642 on: September 03, 2012, 06:15:24 PM »
More helpful information. Fishing yesterday was a lot easier than figuring out all this stuff and deciding what to do about it. Not sure I like 'unofficial' bots? Seems like the search engines would be aware of the hacker challenges and make our lives easier by being cleaner and more clear on their IP ranges, user agents and RDNS.

Guess I will have to put some thought this week into image scraping and which bots I like and don't like (Baidu and Yandex went bye bye for me a while ago - ignoring my robots.txt and not my market, plus they hang out with more bad characters). Thanks.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #643 on: September 03, 2012, 08:32:17 PM »
Thank you...  So much for a relaxing programming weekend...  Time to go back to the drudgery of my real job to pay the bills...  Check out SMFHelper for some cool additions to BB.  ;)

Another option:  Some say that if a bot obeys "robots.txt " it is a good bot.  If the bot ignores "robots.txt " it is a bad bot.  This is the basis for my Forum Firewall "Robots.txt Validation".   Though not a newbie toy, when implemented correctly, it stops them cold!
 :o
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline djkimmel

  • Semi-Newbie
  • *
  • Posts: 68
    • GreatLakesBass.com
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #644 on: September 04, 2012, 01:12:17 AM »
I signed up on SMFHelper. I've been reading on there a number of times but never signed up apparently.

I've also been looking at your Forum Firewall mod. I have no idea why I could not get Baidu to follow my robots.txt but I made changes for a couple months, waiting 5 days or so between each change. I even sent an email and filled out their form. No response. They just kept pounding away at a ridiculous rate so I blocked them. Considering all the other 'spiders' out there hitting my site and the less than savory traffic they seem to send me, I will need a better method than I have now of trying robots.txt, waiting a few days, looking at logs and then firewalling the ones who keep coming in plus all the 'spiders' who completely ignore robots.txt.

Offline djkimmel

  • Semi-Newbie
  • *
  • Posts: 68
    • GreatLakesBass.com
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #645 on: September 04, 2012, 02:52:11 AM »
I usually have 12 to 18 pages of my old "Database Error: No database selected
File: /home/djkimmel/public_html/forum/Sources/bad-behavior/BadBehavior-SMF.php
Line: 74" per day (never did get that issue figured out) not ~800 pages in one day! Something changed.

I reviewed the mod and as far as I know there was no change there.  This could be an error in your settings or a bot.  The mod uses $db_prefix.  I am interested in eliminating this error. Start by looking at your "Settings.php" in your root directory and insure that $db_prefix is correctly defined.  You may want to try repair settings.


I do use a different $db_prefix than the SMF default but it is set correctly. I ran repair settings again. The only thing missing was a setting for queryless url's. When I first installed SMF it said I couldn't use them. I didn't want to turn them on later. I will look at some previews I found online about how the bad behavior page looks to those who get it on my site using my customized theme. I changed some paths too since I have the default files in Themes/default and just images and the bare necessities in my custom theme folder.

Offline djkimmel

  • Semi-Newbie
  • *
  • Posts: 68
    • GreatLakesBass.com
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #646 on: September 04, 2012, 06:09:24 PM »
I did sign up on smfhelper.info but I'm unable to post or send a private message. I just keep getting the "The following error or errors occurred while posting this message:
The message body was left empty.
" message though I've logged in and logged out, cleared browsing data, tried different browsers. I can read stuff and look for additional information and additions anyway.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #647 on: September 05, 2012, 08:51:49 PM »
Well...  I do not know what to do since this is outside my mod.  But I gave Bigguy your message.  He thinks he fixed it.  If not please PM Bigguy here.
 O:)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline djkimmel

  • Semi-Newbie
  • *
  • Posts: 68
    • GreatLakesBass.com
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #648 on: September 06, 2012, 05:58:46 PM »
That was all I could hope for. I could have sent him a PM on here I guess but I try to avoid that since many are PM-adverse (for good reasons often, I'm sure). I will check it out. Thanks. SMF Bad Behavior 1.5.12 is working great on my forum. Hackers will have to try a little harder.

Offline tMicky

  • Jr. Member
  • **
  • Posts: 146
  • Gender: Female
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #649 on: September 07, 2012, 04:51:26 PM »
For some reason, this Firewall Mod and the Bad Behavior Mod - have an issue with:
./Themes/Glacier/index.template.php - for both mods, I got Test Failed.

I haven't had issues with other mods and this Theme.
« Last Edit: September 07, 2012, 11:27:48 PM by tMicky »

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 59,346
  • Gender: Male
    • Kindred-999 on GitHub
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #650 on: September 07, 2012, 05:52:08 PM »
glacier themes suck...  **NO** mods will install correctly into them.

So, as has been said several thousand times... you will have to manually edit those files.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline tMicky

  • Jr. Member
  • **
  • Posts: 146
  • Gender: Female
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #651 on: September 07, 2012, 06:17:03 PM »
glacier themes suck...  **NO** mods will install correctly into them.

So, as has been said several thousand times... you will have to manually edit those files.
thanks

Offline tMicky

  • Jr. Member
  • **
  • Posts: 146
  • Gender: Female
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #652 on: September 07, 2012, 06:44:40 PM »
(Find)
Code: [Select]
// Show the load time?
(Add Before)

Code: [Select]
if ($modSettings['badbehavior_display_stats']) {
if (!function_exists('bb2_insert_stats')) {
global $sourcedir;
require_once($sourcedir . '/bad-behavior/BadBehavior-SMF.php'); }

  bb2_insert_stats();
}

However, I can't find the // Show the load time? code in index.php. I have searched each word, but it's not there. The test failed said - Add Before    ./Themes/Glacier/index.template.php    Test failed

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #653 on: September 07, 2012, 09:02:53 PM »
I can not help you with individual themes.  Supporting them will simply take way too much time...  :-[

Good news though...  Here is a link to a mod parser:  SMFHelper
 :-*
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline djkimmel

  • Semi-Newbie
  • *
  • Posts: 68
    • GreatLakesBass.com
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #654 on: September 07, 2012, 09:06:37 PM »
Find were it should be in the default or core SMF theme and then find the corresponding place in the Glacier theme. If you can. That is what I would do.

Offline domscatterbrain

  • Semi-Newbie
  • *
  • Posts: 11
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #655 on: September 09, 2012, 07:07:17 PM »
Can i whitelisted an ip range with this mod?
This mod is awesome, but since i installed this mod many of my forum member complained that they receive 403 error.
For a while, i put an announcement to mail me their IPs in our forum facebook group so i can put them into Bad Behavior's whitelist.
And there is another problem, most of my member's IP are dynamic so the best thing i can think is whitelisting a certain IP range from their ISP.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #656 on: September 09, 2012, 08:15:01 PM »
WHITELIST MEMBERS HELP

Yes.  First off I recommend that you whitelist you ALL your regular members.

In SMF you can whitelist member groups only.  Unlike other security mods, this mod will use the last known ip address of a whitelisted member and not block them if they are logged in or not logged in and their ip address has not changed.  I highly recommend this procedure for all FORUMS!  Here is the procedure:
  • In SMF 2.0 GOTO "Admin Center/Members/Permissions/" (slightly different for SMF 1.1.X)
  • modify "Regular Members"
  • Under "Use basic forum functionality" select "Bad Behavior Whitelist Group" to make a member group exempt from all Bad Behavior tests.
  • Repeat for all forum member groups (do not whitelist guests)

There is am image of the permission location on the mod page.

If they are among the RARE users who logout every time and when they return their IP address changed follow this procedure AS A LAST RESORT:
  • goto Bad Behavior Admin.
  • Select "Settings/ IP Address"
  • Enter their host range in CIDR format.

The above is not required for static addresses and 99.9% of users.  I have over 250 members and only one (1) member who services a hospital with crazy security.  He is my only member who requires a CIDR whitelist.
 :D
« Last Edit: November 25, 2012, 01:52:16 PM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline Omebolle

  • Jr. Member
  • **
  • Posts: 103
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #657 on: September 10, 2012, 04:59:34 AM »
Sorry to budge in, but I have a question

Some time ago I installed Bad Behavior on my forum running on SMF 2.0 RC5.

Stopped all the spam I wanted to get rid of, great!!!. But now all of a sudden I get messages of blocked spam which are in fact legal and admitted posts on the forum. In one case a long time member, the other one a new member.

I'm not really an expert on this, anyone got an idea?

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #658 on: September 10, 2012, 06:58:21 AM »
First off, if you have not done so whitelist your members as explained in the first half of my last post.

Second I have no idea what the problem is without more details.  I know there was some anti-hacking stuff added to the core...  Please provide the Event details by clicking on the visitor in the denied entries log.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline Omebolle

  • Jr. Member
  • **
  • Posts: 103
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #659 on: September 10, 2012, 08:34:19 AM »
Thanks, did the whitelist change, let's see what happens.

Here are the event logs for the two members, they CAN post on the forum though

The new member and I see something about blackberry??
Code: [Select]
ID: 65
IP: 74.82.64.160
74-82-64-160.rdns.blackberry.net
DATE: 2012-09-09 22:34:11
METHOD: GET
URI: /test/index.php?topic=246.new;topicseen
PROTOCOL: HTTP/1.1
HEADERS: GET /test/index.php?topic=246.new;topicseen HTTP/1.1 Host: dutchy.info User-Agent: Mozilla/5.0 (BlackBerry; U; BlackBerry 9810; en-US) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.0.0.583 Mobile Safari/534.11+ Accept: text/html,application/xhtml+xml,application/xml,*/*;q=0.5 Referer: Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip,deflate Cookie: PHPSESSID=8o13i7ah30vlif9krpsu39ncc0 X-Wap-Profile: "http://www.blackberry.net/go/mobile/profiles/uaprof/9810_umts/7.0.0.rdf" Cache-Control: max-age=0 Connection: close
AGENT: Mozilla%2F5.0%20%28BlackBerry%3B%20U%3B%20BlackBerry%209810%3B%20en-US%29%20AppleWebKit%2F534.11%2B%20%28KHTML%2C%20like%20Gecko%29%20Version%2F7.0.0.583%20Mobile%20Safari%2F534.11%2B
ENTITY:
KEY: 69920ee5
DENIED REASON: Header 'Referer' present but blank
EXPLANATION: An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.
ERROR: 400

This is the Old member
Code: [Select]
: 54
IP: 195.241.190.199
195-241-190-199.ip.telfort.nl
DATE: 2012-09-03 11:57:43
METHOD: GET
URI: /test/index.php?action=dlattach;topic=193.0;attach=3951;image
PROTOCOL: HTTP/1.1
HEADERS: GET /test/index.php?action=dlattach;topic=193.0;attach=3951;image HTTP/1.1 Host: dutchy.info Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: bb2_screener_=1346666252+195.241.190.199; SMFCookie759=a%3A4%3A%7Bi%3A0%3Bs%3A2%3A%2223%22%3Bi%3A1%3Bs%3A40%3A%222d6d2405e2962083fea946cd1d37923b91d05c76%22%3Bi%3A2%3Bi%3A1532780001%3Bi%3A3%3Bi%3A0%3B%7D; PHPSESSID=evqolvstcos57dhufm313k8220
AGENT: Mozilla%2F5.0%20%28Windows%20NT%206.0%29%20AppleWebKit%2F537.1%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F21.0.1180.83%20Safari%2F537.1
ENTITY:
KEY: 17566707
DENIED REASON: Required header 'Accept' missing
EXPLANATION: An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.
ERROR: 403
« Last Edit: September 10, 2012, 01:28:32 PM by Omebolle »