Advertisement:

Author Topic: Bad Behavior for SMF mod  (Read 334477 times)

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder

Code: [Select]
$headers = bb2_db_escape($headers);
ooo SMF 1.1.x... 

Try changing it to:
Code: [Select]
$http_headers = bb2_db_escape($http_headers);

My bad.   ???
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline chrishicks

  • Full Member
  • ***
  • Posts: 516
  • Gender: Male
    • RejectsRestStop
Thanks butchs, that edit fixed it.

Offline radu81

  • Jr. Member
  • **
  • Posts: 326
  • Gender: Male
    • Skoda Club Italia
Hello and thanks for this great mod.
I installed in my forum and got a lot of attempts blocked. Ichecked those IP and are really spammers. My problem is that even testing from anothe pc with Firefox and the User Agent exension I always see
<!-- Bad Behavior 2.2.14 run time: 0.000 ms -->
Is that normal? Could someone do a test on my site? www.sharkracingclub.it
sorry for my bad english

TheListener

  • Guest
Radu81

Can you give a rough idea of where to look for this?

Offline radu81

  • Jr. Member
  • **
  • Posts: 326
  • Gender: Male
    • Skoda Club Italia
TESTING:
To insure that Bad Behavior is functioning correctly you can add the sting "Bad Behavior Test" to the User Agent (UA) of a HTTP request from someone who is not in the whitelist and is not the administrator.

If you look at the page source (just below the title) you will see the speed of this mod at work:  <!-- Bad Behavior 2.x.xx run time: 3.025 ms -->
sorry for my bad english

Offline radu81

  • Jr. Member
  • **
  • Posts: 326
  • Gender: Male
    • Skoda Club Italia
It's all working now, I've entered a wrong value in the "Modify headers" addon for Firefox  :-[
sorry for my bad english

Offline chrishicks

  • Full Member
  • ***
  • Posts: 516
  • Gender: Male
    • RejectsRestStop
Out of curiosity what kind of numbers do some of you see in regards to blocks? I'm just about a full 7 days in and so far I've seen almost 6200 blocks. Can this be a fairly normal number? I just want to be sure I'm not blocking more than I should be and checking out 500+ IPs would be insanely time consuming.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 59,346
  • Gender: Male
    • Kindred-999 on GitHub
you will get a large number to start with... and then progressively fewer hits as the bots drop you off their "to hit" list
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline radu81

  • Jr. Member
  • **
  • Posts: 326
  • Gender: Male
    • Skoda Club Italia
I'm about 1400-1500 /7days
sorry for my bad english

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
I'm about 1400-1500 /7days

With that many hits I recommend using the "Cache Duration" feature.  Something like 15-45 seconds will help.  This feature will block a multiple bot strike the entire cache time setting with minimal processor effort.

Cache frees processor power for your members.
« Last Edit: June 30, 2013, 12:33:08 PM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline radu81

  • Jr. Member
  • **
  • Posts: 326
  • Gender: Male
    • Skoda Club Italia
thank you butchs, I set the time cache to 30
sorry for my bad english

Offline live627

  • Developer
  • SMF Hero
  • *
  • Posts: 5,750
  • Gender: Male
    • live627 on Facebook
    • live627 on GitHub
    • live627 on LinkedIn
    • @live627 on Twitter
    • livemods
The database value you're trying to insert does not exist: request_method
Function: bb2_insert
File: /home/livecom/public_html/livemods.net/Sources/BadBehavior-mysql.php
Line: 250

This is coming from a script run by crontab.

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
The function is in the code for both versions of SMF.  "request_method" is defined in the latest version of the mod.  Check and verify the correct up-to-date latest version mod files are in the correct location as per "package-info.xml".  Be careful to include the default theme files if you have a non-standard theme.
 O:)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline live627

  • Developer
  • SMF Hero
  • *
  • Posts: 5,750
  • Gender: Male
    • live627 on Facebook
    • live627 on GitHub
    • live627 on LinkedIn
    • @live627 on Twitter
    • livemods
I am not trying to install it. I've had it working for a year now. No errors. It does its job properly (with the exception of a cron job).

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,733
  • Lost 7GB bandwidth!
    • EastCoastRollingThunder
I know.

I went through that version of the code with a fine tooth comb a few mod versions ago and updated that section of the mod.  My guess is that your host upgraded something that is now conflicting with the core author's code or a bot is doing something new...  You can try upgrading the mod software to a version with the latest updates or try complaining to the bad behavior core author.  I tried the latter months ago and he tabled it for a future version.  I am reluctant to update the core authors code any more because he gets an attitude.  Here is the thread:

Quote from: Michael Hampton core author bad Behavior April 30, 2013
Issue #12 has been updated by Michael Hampton.
Target version set to 3.0

Issue #12 has been updated by Michael Hampton.
Tracker changed from Feature to Bug
Status changed from New to In Progress
Priority changed from Normal to Low
I have a pretty good idea what this is. PHP allows form inputs to contain [] brackets thus creating an entity value which is an array when the form is processed. This isn't very often used, though, it seems, as it's the first time I've heard of it being an issue. That said, I have a pretty good idea how to fix the code.

Quote from: butchas January 26, 2013
Bug #12: array to string conversion
Author: butchas
Status: In Progress
Priority: Low
Assignee:
Category:
Target version:
I had one user complain about an "Array to string conversion" errors from a bot when preparing to store the "request_entity" information into the data base. I could not reproduce the error. The code causing the error is from "bb2_insert" in "bad-behavior-mysql.php" is "$request_entity .= bb2_db_escape("$h: $v\n");"

I applied an band-aid to stop the errors by using "if (is_array($v)) break;" to bypass the error before the code in "bb2_insert" . The data stored in $package['request_entity'] from "core.inc.php" is storing the array causing the error. Not sure if this data should be an array.

Please look into the cause of the error.

If you wish to report the error to the core author you should report the error in the Bug Tracker.   If enough people complain then maybe, he will fix the code? :P

If the latest version still gets a error and the Core Author still refuses to fix the code I can try to make a filter.
« Last Edit: August 01, 2013, 07:52:36 PM by butchs »
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Offline radu81

  • Jr. Member
  • **
  • Posts: 326
  • Gender: Male
    • Skoda Club Italia
I'm about 1400-1500 /7days

With that many hits I recommend using the "Cache Duration" feature.  Something like 15-45 seconds will help.  This feature will block a multiple bot strike the entire cache time setting with minimal processor effort.

Cache frees processor power for your members.


Thanks butchs, using the cache set to 30 I'm getting about 900 blocks in the last 7 days
sorry for my bad english

Offline Jahsun

  • Semi-Newbie
  • *
  • Posts: 72
    • Big Hosting Reviews
Thank you very much for your help. All seems well  8)
Big Hosting Reviews - By Real Clients - My SMF Forum


Offline agaida

  • Newbie
  • *
  • Posts: 2
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #817 on: November 05, 2013, 03:16:10 PM »
Code: [Select]
Sources/bad-behavior/bad-behavior/blacklist.inc.php:            "Gecko/25",             // revisit this in 500 years
[2013.11.05 20:28] <agaida_> User-Agent: Mozilla/5.0 (Android; Tablet; rv:25.0) Gecko/25.0 Firefox/25.0 Accept:
[2013.11.05 20:28] <agaida_> tirili

The time is now, Firefox Android use this agent - please update BadBehavior with their current code.

their new line is now:
Code: [Select]
              "Gecko/2525",                // revisit this in 500 yearsin currend bad-behavior.2.2.14.zip

Thanks Alf


Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 72,806
    • StoryBB/StoryBB on GitHub
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #818 on: November 05, 2013, 03:40:42 PM »
Funny, all the other FF 25 agents have Gecko/yymmdddd style, e.g. Gecko/20100101 and if you have Gecko/25, it might be suspicious like this mod blocks.
Please don’t PM me for paid work, I’m not for hire, and even if I was, I doubt you could afford me.
USD$150 per hour. Typical waiting list 3 months.

Offline agaida

  • Newbie
  • *
  • Posts: 2
Re: Bad Behavior mod - The Web's premier link spam killer (Now with SMF 2 httpBL)
« Reply #819 on: November 05, 2013, 04:09:05 PM »
it blocks - and i have had a few very nice comments about that and a funny time to debuggig this  ;D