Share

Bad Behavior2 v2.0.32 Update Available

The Bad Behavior2 plugin that is bundled with glFusion has been updated to v2.0.32 and is available for download .   All users should upgrade to resolve issues with potential blocking of a major search engine. Users of specialized web services integrated into their host platforms, for which Bad Behavior should not screen requests, should upgrade to take advantage of this new functionality.  To upgrade your version of Bad Behavior, please upload this release using the plugin auto installer located in your Plugin Admin screen.

Bad Behavior is developed and maintained by Michael Hampton.  Please consider supporting his development efforts by making a financial contribution.


What’s new?

New in this release (since 2.0.29 bundled with glFusion v1.1.6):
  • Recent reports indicate that the msnbot web crawler, used by Microsoft’s Bing search engine, no longer identifies itself as msnbot, but now uses a User-Agent string which was previously seen only with malicious requests from email harvesters and site scrapers. Microsoft has been notified of the problem, but given the glacial pace at which they fix issues with their software, a resolution is not expected soon. Due to concerns that Bad Behavior users may be losing their rankings in the Bing search engine, this malicious User-Agent string has been temporarily removed from Bad Behavior’s internal blacklist so that requests from msnbot may be processed. This will increase your exposure to spam and other malicious traffic. You may send comments regarding this to [email protected]
  • Due to ongoing issues with various web services such as OpenID and PayPal IPN behaving in strange ways which trigger Bad Behavior, a new whitelist has been added. You may now add URLs of your site to Bad Behavior’s whitelist. When a URL is added, Bad Behavior will ignore any HTTP request to that particular URL. If you need this feature, please check the bad-behavior/whitelist.inc.php file for further information. This feature was driven largely by the PayPal IPN web service, which sends POST requests with no User-Agent string, a common indicator of malicious activity. PayPal has refused to add a User-Agent string for years and has never given a reason, good or bad, for not including it. Reports from PayPal merchants who have contacted me indicate that PayPal is finally considering adding a User-Agent string to IPN requests; interested merchants should contact PayPal to express their support for this feature.
  • On some web servers, a WordPress installation sending a trackback (not a pingback) to another WordPress installation would sometimes cause Bad Behavior to block the request as a fake trackback. This issue has been fixed.
  • A condition in which the HTTP Referer: header contains invalid data now returns a 400 Bad Request error instead of a 403 Forbidden error. This is intended to make clear the fact that robots triggering this condition are not in compliance with the HTTP specification.
  • An additional spambot has been identified and blocked by its unique User-Agent string.
  • Users whose sites are accessible using IPv6 may find IPv6 users are blocked by Bad Behavior when the http:BL feature is enabled and certain versions of PHP are in use. This issue has been fixed.
  • A SQL injection attack against Windows servers running IIS has been identified and blocked.

 

3 comments

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Michael Hampton has released Bad Behavior v2.0.32 - The glFusion plugin has been updated to this version.

Edited on Tuesday, November 03 2009 @ 10:13 PM CST by Mark
[ ]
Authored by: Anonymous on Wednesday, November 11 2009 @ 11:38 AM CST Bad Behavior2 v2.0.32 Update Available

Bad Behavior is blocking all my attempts to send trackbacks. I was logged in as Admin, tried to send a trackback from one of recent articles on my site, and all I got was HTTP Error 403

 

Link in it took me to Bad Behavior site that only said me to check my computer for spyware and viruses (don't have any).

 

Bad Behavior from "Admins only" menu only gave as a reason "Web browser attempted to send a trackback"

 

I tried to look for Bad Behavior settings under "Configuration" but couldn't find any. Now i'm totally puzzled where to start looking for solution?

[ ]
Authored by: Geiss on Thursday, November 12 2009 @ 09:02 AM CST Bad Behavior2 v2.0.32 Update Available

Unfortunately, comments on release articles aren't the best place to ask support questions. I recommend you create a thread in the support forum.

 

Thx!

 

Eric

[ ]