How exactly does Bad Behavior plugin work?

2 Views

Can someone explain to me please how exactly Bad Behavior works?
On their official site, they say that it uses HTTP headers, IP, and meta fingerprinting – but I would like some specifics on its mechanisms, not a simple description.

To be more precise – how does it profile malicious activity (what kind of activity triggers “falls outside the bounds of a normal human browsing the web”), what does it look for in HTTP headers and metadata?

Read More

Anyone?
thanks! =)

PS for mods – please could you add ‘bad-behavior’ tag? thanks

Post Views: 2

Related posts

Leave a Reply

3 comments

  1. Bad Behavior does two things:

    1. It checks the HTTP request and sees if it is as per the standard or not. Usually spammers don’t write their scripts so well as to be fully compliant with the HTTP standard. Bad Behavior can make out poorly scripted HTTP requests from properly scripted ones (which would be sent by genuine visitors using well-designed Web browsers, etc.), and then blocks the improper HTTP requests.

    2. It checks the IP address of the machine that sent the HTTP request against a database of known spammer IPs. If the IP address matches one in the database, Bad Behavior will block the request before it gets to the WordPress engine, thereby conserving your CPU and bandwidth. The spammer that sent the HTTP request will get nothing in the response. This is not done by default – to enable this functionality, you need to be a member of Project HoneyPot, as you rightly mentioned. When you sign up for this Project, you will get a “key” that you need to enter in the plugin settings page to enable this functionality.

    Hope this helps.

    Regards

    Vijay Padiyar

  2. In short most spammers, or really 100% of spammers, are automated bots that are generally poorly written and cheap. Most spammers use a handful of these ‘bots’ in terms of market share, so it makes them very easy to identify. If you create a custom bot your chances of being caught with bbq decrease greatly.

    The details can be read here http://bad-behavior.ioerror.us/about/

  3. What exactly are you hoping for as an answer beyond what’s written in the docs?

    Read the plugin’s source code: it uses, as the docs explain, http headers, IP, and meta stuff, and dumps things that are incomplete, inconsistent, or otherwise don’t look right. There’s positively nothing to add without giving you a line by line commentary of the source code — an exercise which I’ll leave to you.