Michiel Bijland

Bad behavior released 2.0.31 as bug fix release, Bad behavior plugin for Joomla! updated as well.

Everybody who was using the new url whitelisting should update.

The Bad behaviour plugin for Joomla! has been updated, bringing along side with the release of Bad Behavior 2.30.

All users should upgrade to resolve issues with potential blocking of a major search engine. Users of specialized web services integrated into their host platforms, for which Bad Behavior should not screen requests, should upgrade to take advantage of this new functionality.

What’s new?

• Recent reports indicate that the msnbot web crawler, used by Microsoft’s Bing search engine, no longer identifies itself as msnbot, but now uses a User-Agent string which was previously seen only with malicious requests from email harvesters and site scrapers. Microsoft has been notified of the problem, but given the glacial pace at which they fix issues with their software, a resolution is not expected soon. Due to concerns that Bad Behavior users may be losing their rankings in the Bing search engine, this malicious User-Agent string has been temporarily removed from Bad Behavior’s internal blacklist so that requests from msnbot may be processed. This will increase your exposure to spam and other malicious traffic. You may send comments regarding this to msnbot@microsoft.com.
• Due to ongoing issues with various web services such as OpenID and PayPal IPN behaving in strange ways which trigger Bad Behavior, a new whitelist has been added. You may now add URLs of your site to Bad Behavior’s whitelist. When a URL is added, Bad Behavior will ignore any HTTP request to that particular URL. If you need this feature, please check the advance parameters of this plugin.
• A condition in which the HTTP Referer: header contains invalid data now returns a 400 Bad Request error instead of a 403 Forbidden error. This is intended to make clear the fact that robots triggering this condition are not in compliance with the HTTP specification.
• An additional spambot has been identified and blocked by its unique User-Agent string.

Pushed a small update out the door for http:bl plugin for Joomla!.

What has changed:

• Updated links on Joomla! extensions site.
• Some localization issues have been resolved.
• Updated the documentation a bit, and updated the links to extensions site, still some work to be done here.

The Bad behaviour plugin for Joomla! has been updated.

What’s new?

Users authenticating to a Bad Behavior-protected site using a third party OpenID were blocked with a message stating that: “Data may not be posted from offsite forms.” In most circumstances, your site does not want to receive a POST which originated from another site; however, OpenID requires this. A new option, offsite_forms, has been added to Bad Behavior to permit data to be posted to your site from other sites. Enabling this option will allow OpenID to work but may expose your site to spam which was previously blocked.

A few specialized web crawlers use an unusual form of the Range: HTTP header in their requests, requesting a range starting with 0. This behavior, while technically permitted by the HTTP specification, is most often seen with malicious crawlers; web browsers and major search engines do not use it. Bad Behavior will now block these requests only when strict mode is enabled.

Updated Google Verify plugin for Joomla!, after some complaints this weekend on the joomla! extension directory. It seems Google has changed the meta tag name from “verify-v1″ to “google-site-verification” for new verifications, the plugin now supports this.