Chris Supports:
Latest Reader Shares
- Gov. Perry Supports Congressional Efforts to Block Misguided EPA Endangerment Findings 10 March, 2010 (author unknown)
- Safety Product Fail 10 March, 2010 (author unknown)
- Physics Win 9 March, 2010 Cheezburger Network
- Microsoft and the Incredible 'Internet Usage Tax' 8 March, 2010 (author unknown)
- Microsoft and the Incredible 'Internet Usage Tax' 8 March, 2010 Katherine Noyes
Latest Linux.com News
- Windows Mobile Still Losing Share 12 March, 2010
- Tip: 5 Easy Steps to a Remote Linux Desktop 12 March, 2010
- Distribution Release: eBox Platform 1.4-1 12 March, 2010
- Security Updates for Friday 12 March, 2010
- Here Comes Linux's iPad Clones 12 March, 2010
Creative Commons 3.0
Cotterville Network
Bad Behavior
Around a month ago, in November ‘08, I discovered a Wordpress plugin called Bad Behavior. I installed this plugin as an experiment to try and block comment spam on my blog. Little did I know what it was I that I actually installed.
This plugin actually does more than just filter spam, so you do not received bad comments. Bad Behavior runs under-the-hood, with no overhead from what I can see.
What does Bad Behavior do? The Wordpress.org plugin page gives a very in-depth description of what exactly it is doing to prevent comment spammers, spambots, scrapers, and malicious SQL and Javascript attacks.
I want to share some of the log results I receive on a daily basis. Very interesting stuff.
First is a false Googlebot index attempt.
2008-12-28 21:30:44
User-Agent claimed to be Googlebot, claim appears to be false.
http:BL:
Googlebot
Host: chris.cotter.me
Connection: Keep-alive
Accept: text/html,*/*;q=0.9
From: googlebot(at)googlebot.com
User-Agent: DoCoMo/2.0 N905i(c100;TB;W24H16) (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)
Accept-Encoding: gzip,deflate
The following is a comment spammer that was found on ProjectHoneyPot.org’s blacklist and was blocked.
2008-12-25 02:22:01
IP address found on http:BL blacklist
http:BL:
Suspicious
Comment Spammer
Threat level 26
Age 3 days
Via: 1.0 KORDATA
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: chriscotter.net
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en
Connection: Keep-Alive
This is one that was not compliant with RFC2965.
2008-12-22 15:47:17
Bot not fully compliant with RFC 2965
Accept: text/xml,application/xml,application/xhtml+xml, text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept-Language: en-us,en;q=0.5
Pragma:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)
Host: chriscotter.net
Cookie: $Version=0; bb2_screener_=1229960827+64.41.145.253+10.50.30.87; $Path=/
Via: 1.1 squidhost:3128 (squid/2.6.STABLE9)
X-Forwarded-For: 10.50.30.87
Cache-Control: max-age=0
Connection: keep-alive
One more example just a missing part of the header.
2008-12-22 06:05:26
Required header ‘Accept’ missing
Connection: close
Host: chriscotter.net
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Pretty interesting. If your getting a lot of comment spam, or other bots scanning your web page(s), give Bad Behavior a try. So far, at the time of this writing I have had sixty-six (66) access attempts in the past seven days, which is down from one-hundred and forty-five (145) from a week ago. That is a success. Till next time, stay safe.