Since the original author has abandoned this, and since I still use it, I’ve decided to pick it up and work on it for the latest versions of PHP and WordPress.
I’ve added that compatibility and some security updates as recommended by the WordPress Coding Standards v3. It’s still a little buggy in some areas. There’s a lot going on with this plugin I’m still learning. For my fellow coders, any and all contributions to the project would be awesome.
https://github.com/svl-studios/bad-behavior
Thanks, folks!
]]>What plugin is recommended as an alternative for the Bad Behavior plugin?
]]>Looks like this has not only been abandoned, but now removed. Too bad.
]]>This plugin hasn’t been updated in over a year and it doesn’t look like anyone is responding to support requests.
Is Bad Behavior abandoned? Hope not, but it would be nice to know.
]]>Hi Michael
I’ve a specific request. But probably I’m not the only one with this problem.
I use a website to store my passwords and log in through this website. But all login attemps are blocked by Bad Behaviour. That’s good. But would it be possible to add a referer to the white list, because the ip address may change over time.
I did it my way, but quick and dirty. I added the following to the whitelist.inc.php:
if ($package['headers_mixed']['Origin'] === 'https://passwordmanager.my-url.com') {
return true;
}Probably it could be helpful to anybody else.
It could be improved by checking the destination address (/wp-login.php) or some different tests.
Many thanks.
Marc
Is a Bad Behavior update coming up of for WP 5.4?
]]>I am seeing this in firefox for all my sites using bad behavior. Only firefox.
Error 400
We’re sorry, but we could not fulfill your request for / on this server.
An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.
Your technical support key is: 4911-2286-582e-c5e4
You can use this key to fix this problem yourself.
]]>Was reported to me that one of our sites was down. It appeared fine in Chrome but Firefox threw a 400 error. As soon as plugin was disabled, the site loaded normally.
]]>Was just doing a quick PHP7.2 upgrade check and discovered this:
FILE: …/wp-content/plugins/bad-behavior/bad-behavior/blacklist.inc.php
——————————————————————————————————————————————————————-
FOUND 1 ERROR AFFECTING 1 LINE
——————————————————————————————————————————————————————-
145 | ERROR | The behaviour of hexadecimal numeric strings was inconsistent prior to PHP 7 and support has been removed in PHP 7. Found: “0x31303235343830303536”
——————————————————————————————————————————————————————-
Any chance you can make the plugin compatible with the latest versions of PHP? Thanks so much!
]]>Hello,
I found that your plugin generate the new admin URl, and this can be found easily with Ctrl + U.
The script is:
<script>
var wpdm_site_url = 'https://mysite.pt/';
var wpdm_home_url = 'https://mysite.pt/';
var ajax_url = 'https://mysite.pt/new_url/admin-ajax.php';
var wpdm_ajax_url = 'https://mysite.pt/new_url/admin-ajax.php';
var wpdm_ajax_popup = '0';
</script>Is this something that should be whitelisted, or should it be updated in BB?
FILE: /home1/XXXXXXXXXX/public_html/wp-content/plugins/bad-behavior/bad-behavior/blacklist.inc.php
——————————————————————————————————————————————————————-
FOUND 1 ERROR AFFECTING 1 LINE
——————————————————————————————————————————————————————-
145 | ERROR | The behaviour of hexadecimal numeric strings was inconsistent prior to PHP 7 and support has been removed in PHP 7. Found: “0x31303235343830303536”
——————————————————————————————————————————————————————-
Notice: Undefined variable: cookie_value in wp-content/plugins/bad-behavior/bad-behavior/screener.inc.php on line 14
The $cookie_value variable is the problem:
function bb2_screener_cookie($settings, $package, $cookie_name, $cookie_value)
{
// Delete existing cookie, if any
setcookie($cookie_name, $cookie_value, 1, bb2_relative_path());
}
function bb2_screener($settings, $package)
{
bb2_screener_cookie($settings, $package, BB2_COOKIE, $cookie_value);
}
When I update the plugin I get the following error:
Update Failed: Download failed. cURL error 51: SSL: no alternative certificate subject name matches target host name ‘downloads.www.remarpro.com’
]]>I am a developer and currently checking out all of the main plugins I use on a site by site basis for GDPR compliance. I understand that bad behavior logs IP addresses which are seen by GDPR as personal information that needs to be protected. Can you tell me if the IP addresses that are logged could belong to humans, or are just bad robots that are stopped from accessing the site. In particular can you elaborate on this paragraph found on your website on the About Bad Behavior page.
And it stores personally identifying information for a maximum of seven days, (it is usually not stored at all) making it compatible with virtually any corporate or government privacy requirements.
I need to create Privacy Policies that accurately describe what information is collected, why, and how it is used, where it is stored and for how long.
Thanks in advance.
Hi Support,
When i have updated wordpres version to 4.9.4 and plugin is giving 403 error when try to login with existing users on my sites.
Please do the needful and resolve this.
Thanks,
Kundan Singh Rathore
This error occurs after the customer checks out, they choose Paypal and are sent to a Paypal website to complete payment. After payment is completed they’re redirected again and it’s supposed to send them to the Order Completed page on my website. But instead they get the following 403 error message:
———————————-
Error 403
We’re sorry, but we could not fulfill your request for /checkout/order-
received/974?key=wc_order_5a00e4bbb47ff&utm_nooverride=1 on this server.
You do not have permission to access this server. Data may not be posted from offsite forms.
Your technical support key is: [a 16-digit key]
You can use this key to fix this problem yourself.
If you are unable to fix the problem yourself, please contact [my email address] and be sure to provide the technical support key shown above.
——————————————–
So since this happens after payment is made, the order still goes through successfully. I’m not losing sales to this bug, but it doesn’t look great to the customers.
I’ve tried adding URLs to the URL white list (I added “checkout/order-received/” and “paypal.com”), but I clearly don’t know how to use the white list correctly (and couldn’t find instructions).
Any help is appreciated!
]]>WP API should be accessible even with BB activated
]]>Most of functions return:
[Thu Mar 16 05:03:50.097186 2017] [:error] PHP Fatal error: Cannot redeclare bb2_insert_head() (previously declared in /.../wp-content/plugins/bad-behavior/bad-behavior-wordpress.php:130) in /.../wp-content/plugins/bad-behavior/bad-behavior-generic.php on line 132
Locally fixed with if (!function_exists('bb2_insert_stats')) {} in bad-behavior-generic.php and bad-behavior-wordpress.php, but at some point didn’t had time to finish update all instances… so uninstalled.
Plugins:
BuddyPress, W3-Total-Cache (memcache, redis)
Server: Apache 2.4 (PHP 7.0.*) (behind NGINX, with MariaDB)
Hi,
With BB activated, I get a weird script added to certain URLs on my site.
E.g. https://mydomain/?tribe-bar-date=2016-06&bb2_screener_=1465894501+169.0.146.13
Any ides/or reason as to why and can this be disabled?
]]>Hi,
what does “POST more than two days after GET” mean?
I asked a friend to write a comment on a post in my blog, and he got an error stating his PC had virus! I’m pretty sure this is not true.
In the WP admin I see his comment blocked by Bad Behaviour with “POST more than two days after GET”.
The support key is: 4d2b-7103-b40c-8ddc
Is it possible to unlock and publish the comment?
The headers and IP are correct:
POST /wp-comments-post.php HTTP/1.1
Host: blog-demo.webattack.it
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Dnt: 1
Referer: https://blog-demo.webattack.it/blog/elenco-scocciatori-telefonici/
Connection: keep-alive
Thank you for you support.
]]>I don’t think you should be able to say that this plugin works with WordPress 4.4 since WordPress 4.4 supports PHP 7 but this plugin doesn’t.
In order for it to support PHP 7 you would need to replace mysql_ functions with mysqli_ or PDO.
]]>I keep adding my IP address to the whitelist, go back and the IP address is gone. Now I see that the BL API key is also missing and I could have sworn I added one!
]]>Hi
We’ve had a few reports from users of different websites that use the Bad Behaviour plugin of being blocked and getting the 400.
The persistent error is:
Header ‘Connection’ contains invalid values
With user agent:
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12F70
After looking at headers one thing that seemed possible is that HTTP_CACHE_CONTROL is empty but I don’t know why it’s so sporadic or what I can do with these clients who can’t access their own sites.
Great plugin besides this though! ??
]]>I received multiple visits that look very much like made by a human being today, and they were all blocked for “User-Agent claimed to be MSIE, with invalid Windows version”:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 8.0; Win32; GMX); (gmx/1.1.0.21); (webde/1.1.0.22); .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; (gmx/1.0.0.8))
GMX and Web.de are German freemail providers who annoyingly offer their own branded versions of popular browsers (though IE8 sure is kind of old by now, and this is the first time I’ve seen this), and apparently they’re also changing the UA. Is there a way for me to circumvent blocking in these cases? What kind of error message would this user have received?
]]>I upgraded to the new WordPress 4.2 which includes a revamped “Press This” bookmarklet. Unfortunately, Bad Behavior blocks the use of the bookmarklet on any site other than my own. Is there a way to fix the bookmarklet or perhaps whitelist it?
]]>My site just got crashed by this plugin and was serving up a custom 403 error page with a technical support key and a link to ioerror.us (that also belongs to the author of this plugin.)
Being that there has been a lot of updates in the past 5 months with wordpress – believe this plugin can use an update as well…
Would like to use further and sure it does a great job, but this issue really got me concerned about rolling out on my other sites..
]]>Hi there,
my host strongly advises to use a caching plugin when using WordPress, their favorite being Hyper Cache. I’m currently using the non-cookie based screening in Bad Behavior, which injects a Javascript snippet containing a user’s IP address into the page instead of setting a cookie.
1. I suppose that if I were to use Hyper Cache with this setting, the Javascript code snippets would be cached as well, which of course I wouldn’t want? I suppose if you want to use caching, you have to use the cookie-based solution?
2. Is there a way to keep bots out before a cached page is delivered?
Regards
carbeck
the bad behavior log file quickly can becomes huge and can hang your wordpress admin area when viewing the log
seems there should be an easy and obvious way to manage and purge the log size, keep it at 2mb or so via settings ?
there is a setting for “Maximum Age of Data (30 is recommended)” but it is not clear what effect limiting this to 3 or 7 days would have on BB ?
thanks
sam
]]>I get the following errors showing when viewing the log. It was several lines, but when I added the BL, it got much longer. I tried reinstalling.
Thanks for any help.
]]>Here is an example of what I am seeing when this url is accessed (stripped my real domain and the post name, this is just an example with the real “user name/password” that I am assuming is part of a shell?
https://www.mydomain.com/postname/:ShelaMcCathie:Soec54xSnUcB
Header is as follows:
Referer: https://www.mydomain.com/
Accept-Encoding: gzip, deflate
Accept-Language: en
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/webp, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]
Connection: Keep-Alive
Host: www.mydomain.com
Content-Length:
Content-Type:Does this mean someone is attempting some cross scripting with Bad Behavior, or another plugin maybe, that Bad Behavior is picking up. Anyone have any tips on seeing if there is a user related to the string in the url? Thanks.
]]>