Michiel Bijland

Bad behavior released 2.0.32, Bad behavior plugin for Joomla! updated as well.

What has changed:

• Another whitelist issue has been fixed.
• A SQL injection attack against Windows servers running IIS has been identified and blocked.

Bad behavior released 2.0.31 as bug fix release, Bad behavior plugin for Joomla! updated as well.

Everybody who was using the new url whitelisting should update.

The Bad behaviour plugin for Joomla! has been updated, bringing along side with the release of Bad Behavior 2.30.

All users should upgrade to resolve issues with potential blocking of a major search engine. Users of specialized web services integrated into their host platforms, for which Bad Behavior should not screen requests, should upgrade to take advantage of this new functionality.

What’s new?

• Recent reports indicate that the msnbot web crawler, used by Microsoft’s Bing search engine, no longer identifies itself as msnbot, but now uses a User-Agent string which was previously seen only with malicious requests from email harvesters and site scrapers. Microsoft has been notified of the problem, but given the glacial pace at which they fix issues with their software, a resolution is not expected soon. Due to concerns that Bad Behavior users may be losing their rankings in the Bing search engine, this malicious User-Agent string has been temporarily removed from Bad Behavior’s internal blacklist so that requests from msnbot may be processed. This will increase your exposure to spam and other malicious traffic. You may send comments regarding this to msnbot@microsoft.com.
• Due to ongoing issues with various web services such as OpenID and PayPal IPN behaving in strange ways which trigger Bad Behavior, a new whitelist has been added. You may now add URLs of your site to Bad Behavior’s whitelist. When a URL is added, Bad Behavior will ignore any HTTP request to that particular URL. If you need this feature, please check the advance parameters of this plugin.
• A condition in which the HTTP Referer: header contains invalid data now returns a 400 Bad Request error instead of a 403 Forbidden error. This is intended to make clear the fact that robots triggering this condition are not in compliance with the HTTP specification.
• An additional spambot has been identified and blocked by its unique User-Agent string.

Pushed a small update out the door for http:bl plugin for Joomla!.

What has changed:

• Updated links on Joomla! extensions site.
• Some localization issues have been resolved.
• Updated the documentation a bit, and updated the links to extensions site, still some work to be done here.

The Bad behaviour plugin for Joomla! has been updated.

What’s new?

Users authenticating to a Bad Behavior-protected site using a third party OpenID were blocked with a message stating that: “Data may not be posted from offsite forms.” In most circumstances, your site does not want to receive a POST which originated from another site; however, OpenID requires this. A new option, offsite_forms, has been added to Bad Behavior to permit data to be posted to your site from other sites. Enabling this option will allow OpenID to work but may expose your site to spam which was previously blocked.

A few specialized web crawlers use an unusual form of the Range: HTTP header in their requests, requesting a range starting with 0. This behavior, while technically permitted by the HTTP specification, is most often seen with malicious crawlers; web browsers and major search engines do not use it. Bad Behavior will now block these requests only when strict mode is enabled.

Updated Google Verify plugin for Joomla!, after some complaints this weekend on the joomla! extension directory. It seems Google has changed the meta tag name from “verify-v1″ to “google-site-verification” for new verifications, the plugin now supports this.

Django’s common middleware is active on most Django sites, and has very nice function to block request based on their user agents. By default this will be empty and not doing much, until a offender comes a long and we add it on after thought, wouldn’t be nice to have a default list that blocks known offenders from the start.
Bad Behaviour a anti-spam script in php has a nice blacklist and has proven his capabilities more then once on this site and others, so let’s get that list into Django.

The following code should be in your settings.py file:

import re
 
regex_list = (
    '; Widows ',
    'a href=',
    'Bad Behavior Test',
    'compatible ; MSIE',
    'compatible-',
    'DTS Agent',
    'Email Extractor',
    'Gecko/25',
    'grub-client',
    'hanzoweb',
    'Indy Library',
    'larbin@unspecified',
    'Murzillo compatible',
    '\\.NET CLR 1\\)',
    'POE-Component-Client',
    'Turing Machine',
    'User-agent: ',
    'WebaltBot',
    'WISEbot',
    'WISEnutbot',
    'Windows NT 4\\.0;\\)',
    'Windows NT 5\\.0;\\)',
    'Windows NT 5\\.1;\\)',
    'Windows XP 5',
    'WordPress/4\\.01',
    '^
 
As you can see, we compile a long regular expression rather then creating 60+ entries in the DISALLOWED_USER_AGENTS, this way you can add your own regular expressions and comment, instead of adding it to the already large list.
 
Hope this will help some other Djangonauts.

Fixed a small bug, giving error in the logs.

What has changed in bad-behaviour:

• Calls to undefined function bb2_email().

More on the project page or joomla! extension site.

Updated Joomla! bad-behaviour plugin to latest release of bad-behaviour(2.0.28) and fixed 2 bugs.

What has changed in bad-behaviour:

• A particularly nasty trackback spammer advertising various drugs was blocked in the 2.0.27 release. An error in the logic may have caused legitimate trackbacks to be blocked. This error has been corrected.
• A PHP warning which appeared in the IPv6 handling code has been corrected.

What has changed in the plugin:

• correct way of checking guest group id
• removed a var_dump() call

More on the project page or joomla! extension site.

Bad Behaviour saved this blog many times from spam and that protection should be available to Joomla! 1.5 as well. There is already a mambot out there but I wanted no legacy coding or database dependency for this plugin. So I have modified Bad Behaviour a little to work without a database and with some checks removed (cookie and black hole).

Cookie check will be brought back in on the next release but using the Joomla! framework so are some modification to make up for logging and black hole lose, but that is still a bit of a secret…

You can however find hints on project page: plg_badbehaviour