Bad Behavior for SMF mod

[djkimmel]

Also, minor, whenever I click on the About link in Bad Behavior I get the following error:

Code Select Expand

http://www.greatlakesbass.com/forum/index.php?action=badbehavior;sa=bbabout;sesc
Apply Filter: Only show the errors with the same message
8: Undefined index: badbehavior_httpblnote
File: /home/accountname/public_html/forum/Themes/default/BadBehavior_Admin.template.php (badbehavior_about sub template - eval?)
Line: 144

I was getting this before I reinstalled Bad Behavior the 2nd time too. Thanks.

[butchs]

I just went to your site and ran "Bad Behavior Test" and it seems to be working.

Not sure what is going on with the DB errors.  From past experience it was usually a bad install.  Could be left over cache from the old install or it could be that files are in the incorrect locations.  Maybe you have SMF 2.0 files mixed with 1.1.x files?  Since you have a custom theme I would check what is installed where.

If not please provide more info.  I run 2.x live so I can only test 1.1.x locally.  EDIT:  Went back to the test forum, upgraded it to 1.1.14 and forced a log entry, I get no DB error with Apache 2.0.63 ,MySQL 5.1.44 & PHP 5.3.2.

The attached should fix badbehavior_httpblnote for 1.1.x.  Thank you.  It will be added to a future revision when I collect more.

[butchs]

I will revisit this post:

Same, here line BadBehavior-SMF.php problem.

Code Select Expand

function bb2_db_query($query) {
global $db_prefix; <-- Error here

if ((!isset($query)) || (empty($query))) return false;
$link = db_query($query, __FILE__, __LINE__);
if (!isset($link) || empty($link)) return false;
if ($link === true) {
$affected_rows = bb2_db_affected_rows();
if ($affected_rows >= 1) {
return true;
} else { return false; } 
} else {
$number_of_rows = mysql_num_rows($link);
if ($number_of_rows == '0') {
return false;
} }
$qresult = bb2_db_rows($link);
return $qresult;
}

From what I see you are running SMF 1.1.x, the global "$db_prefix" is required to locate your database.  It is defined in your "Settings.php" located in the smf root directory.  Please run "repair_settings.php" to confirm that it is set correctly or inspect the "Settings.php" file directly.

The "$db_prefix is used in the "BadBehavior-mysql.php" for the "bb2_insert" function.  SMF 1.1.x requires it to be in the format of "{$db_prefix}xxx".  This is not required for SMF 2.0.x so if you will get errors with the wrong "xxxr-mysql.php"  file.   Custom theme installers need to be careful.

If you have a SSI front end then you need to add the xml changes in both the the "index.php ' & "SSI.php" files.

[djkimmel]

The new file fixed that minor issue for the About link badbehavior_httpblnote for 1.1.x - thanks!

Bad Behavior seems to be working as it should. If you mean non-Bad Behavior files I don't think I could have SMF 2.0 files on there since I've never used any 2.0 install/update on that account. I do see that the version 2.0 Bad Behavior files were installed in /public_html/forum/Sources/bad-behavior and /public_html/forum/Sources/bad-behavior/bad-behavior. Is that okay?

My theme is an edit I did of the default theme myself a long time ago. I'll check files some more today or tomorrow and see if everything seems to be where it is supposed to. I don't normally have any strange errors or problems installing things. I haven't seen indications in the past that files weren't where they were supposed to be. Guess I can check the install manually in detail to see if all the Bad Behavior changes were made as they should be. I manually edited my index.template.php file in my theme with the two changes.

The leftover cache possibility would be nice because then I expect it will go away. That would be nice. So far, still getting the error in my log whenever someone is denied.

On my theme I have an index.php, index.template.php and style.css, and an images folder in the glbtheme2 folder under Themes. Everything else is in the default folder. That was what happened when I ran the process 'Create a copy of Default named:' in SMF way back.

[butchs]

If you are getting "Denied Entries" in the mod log then it is working.  Something else may be the issue???

Try this:
Check your "Settings.php" as mentioned in reply 262.  Check the other issues too.

Another thing will be to install "DisableTemplateEval" and disable it.  Then send me some of the errors you are getting from the SMF Error log (a/k/a Forum Error Log).

You can manually force them by logging out and changing your UA to "Bad Behavior Test".

[butchs]

Bad Behavior seems to be working as it should. If you mean non-Bad Behavior files I don't think I could have SMF 2.0 files on there since I've never used any 2.0 install/update on that account. I do see that the version 2.0 Bad Behavior files were installed in /public_html/forum/Sources/bad-behavior and /public_html/forum/Sources/bad-behavior/bad-behavior. Is that okay?

Not sure if I understand.  You need to look at "package-info.xml".  If you uncompress the mod zip file,  BB files in "Sources" and "Themes" folders are for 1.1.x.  Most of the the 2.0 files are in the root folder.  The common files are the language files.

This is a mute point if you used package manager as it installs the correct version.

[butchs]

I have the database tables and the errors are getting logged in log_badbehavior. I checked everything that I found in earlier posts in this thread. I already had httpBL and Stop Spammer installed.

log_badbehavior is not collecting errors, it is keeping a log of the blocked visitors.  If the log is maintained the DB errors you see are most likely from something else.  It is impossible for "log_badbehavior" not to be found and write to the DB at the same time.  If there was a BB DB error it would not write to the log at all...   The procedure I outlined above may assist you in locating the real source.

SMF errors are kept in the Forum Error Log.


httpBL is redundant when using this mod.  This mod does everything that mod does plus a whole lot more.  Plus this mod is much less complicated when it comes to Project Honey Pot.

[djkimmel]

I used the Package Manager. Not exactly sure how to read what the package-info.xml files does. It appears you are saying that the files in /forum/Sources/bad-behavior/bad-behavior are for version 1.1.14.

By errors I did mean it is logging the blocked visitors. Since it is writing to the log in the database I thought it odd that it would report 'Database Error: No database selected' even though it is writing to the database. The IP addresses in my errors log where this message is being reported match the IP addresses being denied by Bad Behavior along with the times they are recorded in log_badbehavior.

I am getting denied entries. 6 more since 8pm EST. I'll try the eval and settings stuff and see what I come up with.

[djkimmel]

Okay. I went through the database and looked at things closely since I'm not getting this error with every denied IP address. Only some of them. I see a pattern. I have Prismotube installed under a different subdirectory - greatlakesbass.com/vid/ - than the forum and for some reason Bad Behavior is also checking requests for /vid/ video pages. Not sure how or why this is happening since they are outside of the forum path?

So when an IP address is denied by Bad Behavior along the greatlakesbass.com/vid/ path instead of the greatlakesbass.com/forum/ path, I usually get the 'Database Error: No database selected' error on the forum. I have other PHP programs running on greatlakesbass.com but the forum and the video sections are my highest traffic areas.

I notice Bad Behavior is also checking requests against greatlakesbass.com at the root level too. I thought it would only check traffic to the forum? No indication so far that it is also checking traffic against my blog software. Is it possible it is checking against the root and the video section because I call SSI.php on them?

[butchs]

This is my last post for today.  Gotta go to bed...   

I used the Package Manager. Not exactly sure how to read what the package-info.xml files does. It appears you are saying that the files in /forum/Sources/bad-behavior/bad-behavior are for version 1.1.14.

Yes.  I believe you have installed it correctly.

By errors I did mean it is logging the blocked visitors. Since it is writing to the log in the database I thought it odd that it would report 'Database Error: No database selected' even though it is writing to the database.

True.  If the log is maintained the mod is working.

The IP addresses in my errors log where this message is being reported match the IP addresses being denied by Bad Behavior along with the times they are recorded in log_badbehavior.

Okay. I went through the database and looked at things closely since I'm not getting this error with every denied IP address.

When I visited your site with a "Bad Behavior Test" UA there should have been a "log_badbehavior" entry and nothing in the error log for my ip (please do not post my ip).  If this is the case you are being attacked. 

Could it be that you are are being hit by bots that are trying to access your forum DB?  The errors you see in the errors log could be the bots trying to write to your forum without permission.  I would move over the httpBL information to BB and disable mod httpBL so BB will block both.  No need for redundant mods.  Besides this way you can take full advantage of the cache feature and block other attempts.

Check the time stamps.  Bots hit rapidly but the time stamps should match if it was really a mod error.  If not, cache will catch the bots even longer.

I would add some cache to the BB mod 8-15 seconds so it will block other access attempts from the same IP address the duration of the cache until the bot tide blows bye.

Bots try many different things.  Some times they are caught by BB some times by the project honey pot feature.  Other times they get a free pass.  But with cache they get blocked a little longer.  Cache also reduces the wear and tear on your forum.

Only some of them. I see a pattern. I have Prismotube installed under a different subdirectory - greatlakesbass.com/vid/ - than the forum and for some reason Bad Behavior is also checking requests for /vid/ video pages. Not sure how or why this is happening since they are outside of the forum path?

Me either?  Unless it has the same path as the forum.  Maybe Prismotube has its own copy of BB?

So when an IP address is denied by Bad Behavior along the greatlakesbass.com/vid/ path instead of the greatlakesbass.com/forum/ path, I usually get the 'Database Error: No database selected' error on the forum. I have other PHP programs running on greatlakesbass.com but the forum and the video sections are my highest traffic areas.

The path for the forum db is set in "Settings.php" via the "Database Info" section.

I notice Bad Behavior is also checking requests against greatlakesbass.com at the root level too. I thought it would only check traffic to the forum? No indication so far that it is also checking traffic against my blog software. Is it possible it is checking against the root and the video section because I call SSI.php on them?

Could be.  But the path to the db will not change.  Maybe bots are trying to access your forum db when they are at the forum like I said before.  If it is logged in "log_badbehavior" then the db is working.  This is why I am perplexed and have the suspicion that it is a bot attack.

[djkimmel]

Thanks for your help. Well I wish I could figure it out a little better. My forum path is greatlakesbass.com/forum in Settings.php. I have to believe it is the SSI.php connection since that is the common denominator between my home page, the forum and Prismotube. Prismotube does not have a Bad Behavior function of its own. I now see Bad Behavior ran against another path outside the forum that also has an index.php file that uses SSI.php.

I realize the path of Bad Behavior doesn't change but there is some kind of path problem when Bad Behavior runs against my Prismotube files on greatlakesbass.com/vid/ and other non-forum paths.

I increased the cache time from 8 to 15. I turned off the httpBL mod since I have the settings in Bad Behavior. I'll see what happens with that.

Out of the 1440 records already in the Bad Behavior log, I have no idea which one is your entry anyway so your IP address is safe.

Next time your awake and read this, what would be the ramifications of removing the Bad Behavior code from SSI.php? Would that stop Bad Behavior from running against all the non-forum pages? Not sure if I want to do this but I am getting a lot of the no database selected errors.

[butchs]

I like the idea of SSI helping the mod protect your whole site.  SMF never fails to amaze me.  I would advise not to touch it...

Out of sight, out of mind?  If you disable the mod by tampering with SSI the bots will not stop.  Even if you do not see them they will still be attacking your site.  They will never go away unless you use the mod.

Why blame the mod for protecting your site?  The errors are not from the mod because the mod is logging the violations.  Bots are causing the errors in your forum error log.  The mod is blocking the bots.  Some times bots step up their assault when threatened.  Just because the IP's match it does not mean the mod is at fault.  Your problem is and always was the bots.  Let the mod do it's job and in a few weeks things will slow down and they will go elsewhere.

You have less than 300 blocked.  The other 1,100 are permitted.  Look in the denied log for the ones that were blocked.

[Kurogane]

I will revisit this post:

Same, here line BadBehavior-SMF.php problem.

Code Select Expand

function bb2_db_query($query) {
global $db_prefix; <-- Error here

if ((!isset($query)) || (empty($query))) return false;
$link = db_query($query, __FILE__, __LINE__);
if (!isset($link) || empty($link)) return false;
if ($link === true) {
$affected_rows = bb2_db_affected_rows();
if ($affected_rows >= 1) {
return true;
} else { return false; } 
} else {
$number_of_rows = mysql_num_rows($link);
if ($number_of_rows == '0') {
return false;
} }
$qresult = bb2_db_rows($link);
return $qresult;
}

From what I see you are running SMF 1.1.x, the global "$db_prefix" is required to locate your database.  It is defined in your "Settings.php" located in the smf root directory.  Please run "repair_settings.php" to confirm that it is set correctly or inspect the "Settings.php" file directly.

The "$db_prefix is used in the "BadBehavior-mysql.php" for the "bb2_insert" function.  SMF 1.1.x requires it to be in the format of "{$db_prefix}log_badbehavior".  This is not required for SMF 2.0.x so if you will get errors with the wrong "BadBehavior-mysql.php"  file.   Custom theme installers need to be careful.

If you have a SSI front end then you need to add the xml changes in both the the "index.php ' & "SSI.php" files.

Yeah i'm using SMF 1.1.13  and i ran"repair_settings.php" all fine here.

For the moment i upgrade smf 2.0 and i still modifying some things for the migration when i done this i'll try again with smf 2.0

I'm still getting this error whenever an IP is DENIED. I have the database tables and the errors are getting logged in log_badbehavior.

This is the exact problem i have. I got this error when all the IPs are DENIED, i'm not really sure if the errors i getting logged in log_badbehavior are the actual or updated but it saves the registry, that's for sure.

[butchs]

Again, if the mod is maintaining a log then the mod is working.  log_badbehavior  is not an error log.  It tracks the denied and suspicious permitted visitors.

Sounds like bots are causing the errors by taking advantage of a flaw in SMF 1.1.x.  No matter what version of SMF you have bots will try to place errors in your forum error log.  They are trying to retaliate because you are blocking them.  That is what they do!

Please do not blame the mod for doing it's job.  Set up the mod correctly and the bots will eventually slow down and give up.

[Kurogane]

I'm not blame you for doing it's jobs, In my case I can put hands on fire they are not a bots they are legit users only the IP their using is reported for comment spammer or malicious IPs (Dynamic IP problem) i know this because i investigate the IP reported and the users using the IP and are known users.

[djkimmel]

Oh I appreciate the help. Just wondered what would happen if I edited SSI.php. I like information and learning. I'll leave it as is because the bots are relentless. Same as the number of IP addresses constantly attempting to log into my server. Endless and relentless. I appreciate the protection. After editing the permissions I have not seen any indication of real members being blocked or affected by Bad Behavior. I had a few affected by httpBL mod but I shut that off at your suggestion.

I had only one signup so far today that was stopped by Stop Spammer. I used to get 12 to 18 like that a day. It is amazing to me the effort spammers will go to to get around all the walls we throw up in front of them.

Thanks for your help and information.

[butchs]

Kurogane if "Search Engine DNS" is checked uncheck it.

You can put your members on a whitelist.  Make a Membergroups for them and check "Bad Behavior Whitelist Group" in the Permissions.  This will only work if their ip does not change from the last one they used on your site when they are logged out.  If their ip does changes after they log out they will not be white listed.  If they do not log out then they are ok.  Another option is to add the ip range in "whitelist.ini" in your "sources/bad-behavior" folder.

djkimmel you are welcome.  Not sure what will happen but I know it will not work on a SSI site with the ssi stuff turned off.  I suggest letting things go for a week.  What I have seen is that when BB starts blocking bots the bots hit the site hard.  They get blocked and after a week or two they take you off the list and visit less frequently.

[butchs]

Maybe placing your most active membergroups in the "Bad Behavior Whitelist" is not a bad idea?  All member groups with 50+ posts get automatically white listed.

I had only one signup so far today that was stopped by Stop Spammer. I used to get 12 to 18 like that a day. It is amazing to me the effort spammers will go to to get around all the walls we throw up in front of them.

I was shocked when I discovered how many attempts the bots were making on my site a day.  No more...    

[djkimmel]

I did whitelist all my members. I haven't had a spammer get all the way on past Stop Spammer in a while so I should be okay. I'll change permissions to exclude members with less than 10 posts from the whitelist is things change.

It will be good to see the bots traffic down on my site. I'm starting up other websites and I want to be able to have tools to minimize their impact on those sites too. Thanks again.

[tabletsdroid]

since I installed smf 2.0 gold, bad behavior has stopped working completely. Tried uninstalling, deleting and installing the new version - still not working at all.