Bad Behavior for SMF mod

[butchs]

Code Select Expand

$headers = bb2_db_escape($headers);

ooo SMF 1.1.x... 

Try changing it to:

Code Select Expand

$http_headers = bb2_db_escape($http_headers);


My bad.   

[chrishicks]

Thanks butchs, that edit fixed it.

[radu81]

Hello and thanks for this great mod.
I installed in my forum and got a lot of attempts blocked. Ichecked those IP and are really spammers. My problem is that even testing from anothe pc with Firefox and the User Agent exension I always see
<!-- Bad Behavior 2.2.14 run time: 0.000 ms -->
Is that normal? Could someone do a test on my site? www.sharkracingclub.it

[TheListener]

Radu81

Can you give a rough idea of where to look for this?

[radu81]

TESTING:
To insure that Bad Behavior is functioning correctly you can add the sting "Bad Behavior Test" to the User Agent (UA) of a HTTP request from someone who is not in the whitelist and is not the administrator.

• Windows use FireFox with the [nofollow]"Modify Headers"[/nofollow] add-on.
• Macintosh, [nofollow]"enable the Develop menu"[/nofollow] in Safari.

If you look at the page source (just below the title) you will see the speed of this mod at work:  <!-- Bad Behavior 2.x.xx run time: 3.025 ms -->

[radu81]

It's all working now, I've entered a wrong value in the "Modify headers" addon for Firefox 

[chrishicks]

Out of curiosity what kind of numbers do some of you see in regards to blocks? I'm just about a full 7 days in and so far I've seen almost 6200 blocks. Can this be a fairly normal number? I just want to be sure I'm not blocking more than I should be and checking out 500+ IPs would be insanely time consuming.

[Kindred]

you will get a large number to start with... and then progressively fewer hits as the bots drop you off their "to hit" list

[radu81]

I'm about 1400-1500 /7days

[butchs]

I'm about 1400-1500 /7days

With that many hits I recommend using the "Cache Duration" feature.  Something like 15-45 seconds will help.  This feature will block a multiple bot strike the entire cache time setting with minimal processor effort.

Cache frees processor power for your members.

[radu81]

thank you butchs, I set the time cache to 30

[live627]

The database value you're trying to insert does not exist: request_method
Function: bb2_insert
File: /home/livecom/public_html/livemods.net/Sources/BadBehavior-mysql.php
Line: 250

This is coming from a script run by crontab.

[butchs]

The function is in the code for both versions of SMF.  "request_method" is defined in the latest version of the mod.  Check and verify the correct up-to-date latest version mod files are in the correct location as per "package-info.xml".  Be careful to include the default theme files if you have a non-standard theme.

[live627]

I am not trying to install it. I've had it working for a year now. No errors. It does its job properly (with the exception of a cron job).

[butchs]

I know.

I went through that version of the code with a fine tooth comb a few mod versions ago and updated that section of the mod.  My guess is that your host upgraded something that is now conflicting with the core author's code or a bot is doing something new...  You can try upgrading the mod software to a version with the latest updates or try complaining to the bad behavior core author.  I tried the latter months ago and he tabled it for a future version.  I am reluctant to update the core authors code any more because he gets an attitude.  Here is the thread:

Issue #12 has been updated by Michael Hampton.
Target version set to 3.0

Issue #12 has been updated by Michael Hampton.
Tracker changed from Feature to Bug
Status changed from New to In Progress
Priority changed from Normal to Low
I have a pretty good idea what this is. PHP allows form inputs to contain [] brackets thus creating an entity value which is an array when the form is processed. This isn't very often used, though, it seems, as it's the first time I've heard of it being an issue. That said, I have a pretty good idea how to fix the code.

Bug #12: array to string conversion
Author: butchas
Status: In Progress
Priority: Low
Assignee:
Category:
Target version:
I had one user complain about an "Array to string conversion" errors from a bot when preparing to store the "request_entity" information into the data base. I could not reproduce the error. The code causing the error is from "bb2_insert" in "bad-behavior-mysql.php" is "$request_entity .= bb2_db_escape("$h: $v\n");"

I applied an band-aid to stop the errors by using "if (is_array($v)) break;" to bypass the error before the code in "bb2_insert" . The data stored in $package['request_entity'] from "core.inc.php" is storing the array causing the error. Not sure if this data should be an array.

Please look into the cause of the error.

If you wish to report the error to the core author you should report the error in the Bug Tracker.   If enough people complain then maybe, he will fix the code?

If the latest version still gets a error and the Core Author still refuses to fix the code I can try to make a filter.

[radu81]

I'm about 1400-1500 /7days

With that many hits I recommend using the "Cache Duration" feature.  Something like 15-45 seconds will help.  This feature will block a multiple bot strike the entire cache time setting with minimal processor effort.

Cache frees processor power for your members.

Thanks butchs, using the cache set to 30 I'm getting about 900 blocks in the last 7 days

[Jahsun]

Thank you very much for your help. All seems well 

[agaida]

Code Select Expand

Sources/bad-behavior/bad-behavior/blacklist.inc.php:            "Gecko/25",             // revisit this in 500 years
[2013.11.05 20:28] <agaida_> User-Agent: Mozilla/5.0 (Android; Tablet; rv:25.0) Gecko/25.0 Firefox/25.0 Accept:
[2013.11.05 20:28] <agaida_> tirili

The time is now, Firefox Android use this agent - please update BadBehavior with their current code.

their new line is now:

Code Select Expand

              "Gecko/2525",                // revisit this in 500 years
in currend hxxp:bad-behavior.2.2.14.zip [nonactive]

Thanks Alf

[Arantor]

Funny, all the other FF 25 agents have Gecko/yymmdddd style, e.g. Gecko/20100101 and if you have Gecko/25, it might be suspicious like this mod blocks.

[agaida]

it blocks - and i have had a few very nice comments about that and a funny time to debuggig this