Bad Behavior for SMF mod

butchs · July 23, 2011, 05:58:06 PM

The BB Logs clear themselves after 7 days.

butchs · July 25, 2011, 06:58:45 PM

New version.

What's included?

Fixed rare error with Cloudflare Server.
Added suspicious BBC
Limited honeypots

Besides some minor bug fixes for cloudflare uses, a option to limit the honeypots on the front forum page, I will introduce a new BBC code for SMF 2.0 only (It is too difficult to implement in 1.1.x). This code will block content from suspicious visitors who are guests.

For example, if you have a meeting and want to post your email address, instead of just posting it you can enclose the content in the new BBC code. If a guest gets flagged suspicious by BB they will not be able to see the information. But a logged in user or a guest who is not suspicious will be able to see the information.

This has been the path I have been heading to for a while and is the goal of the final 1.5.x version of the mod. The integration hooks in SMF 2.0 gold finally made it possible.

MiY4Gi · July 27, 2011, 05:57:16 PM

Great stuff.

Gonna uninstall 1.5.2 then install 1.5.3. I'll let you know how it goes.

EDIT

Installed successfully. Need to give it a test ride for a few days.

.Vapor · July 27, 2011, 06:29:46 PM

Great mod...thank you very much !

MiY4Gi · July 27, 2011, 07:41:34 PM

The mod just permitted a very dangerous looking bot. For now, I banned the bot using my .htaccess file.

butchs · July 27, 2011, 08:00:26 PM

Interesting. Still waiting for info on that bot... But at least it will not be able to see anything in the suspicious BBC tags.

MiY4Gi · July 28, 2011, 02:54:35 AM

I also remember seeing that same bot in the denied list yesterday, but I can't seem to find it now. Strange.

Anyway, I recently almost got blocked by my ForumFirewall. The log said I was attempting to hack my custom theme's image folder. I fixed it by re-installing ForumFirewall onto my forum and custom theme. This may or may not be the right place to say it, but the email address I saw on the warning page looks way to confusing, and ugly for humans to interpret. Wouldn't it be possible to use Javascript to cloak the email address? Project Honey Pot seems to think so. With Javascript the email address looks just like an email address, yet bots haven't been programmed to read it (nor any other javascript).

butchs · July 28, 2011, 05:23:53 AM

Funny, I just read that yesterday. If you read that thread Java is not supported by all browsers. I need to make the mod compatible with many people or they will complain. What I do it a little more harder to beat than what they call "Advanced Munging" so I expect greater than 85% bots stopped.

MiY4Gi · July 28, 2011, 06:10:39 AM

Quote from: butchs on July 28, 2011, 05:23:53 AM
Funny, I just read that yesterday. If you read that thread Java is not supported by all browsers. I need to make the mod compatible with many people or they will complain. What I do it a little more harder to beat than what they call "Advanced Munging" so I expect greater than 85% bots stopped.

Well, you won't find a one-size-fits-all solution, but it would be nice if users could choose the size that fits them. In other words, having javascript, images, and munging as obscuring options would be nice. And, newer browsers DO support Java afaik.

Also, some forum's only attract technical users who run the latest open source browsers.

butchs · July 28, 2011, 06:20:28 PM

Every other version of BB replaces "@" and "." with a special string. As I said what the mod dees is far more advanced than what they call mugging. It is so unique that it should be more effective than a published java script. If you do not believe me then go with the java.

You have my permission to post an image or Javascript instead of my code. Open banned.inc and replace "<?php echo bb2_email_scramble(); ?>" with the code you get from the link.

butchs · July 30, 2011, 08:13:31 AM

SUSPICIOUS BBC TAG HELP - Only for SMF 2.0 Gold.

This feature is intended to provide additional security when posting an email address, phone number, personnel information and/ or a special forum event...

Attached is the BBC image created exclusively for the SMF 2.0 version of the mod. The image is available when you post or modify a message. The image will enclose the content in "suspicious" tags. All content will NOT be viewable by any visitor in the "PERMITTED ENTRIES LOG".

There is am image of the BBC location on the mod page.

There are two methods for a visitor to gain access to the "PERMITTED ENTRIES LOG" log:

Visitors deemed suspicious by the core Bad Behavior package.
If Project Honeypot is enabled, visitors who are below the minimum threat and age levels have been identified as suspicious or malicious by Project Honey Pot.

httpBL Example:
Assume the following settings are in "Bad Behavior Admin/ SETTINGS/ Project Honey Pot HTTP Blacklist":

Minimum Threat Level: 25
Maximum Age of Data: 30

The mod will check the Project Honeypot Database:

If the visitor has a threat level greater than 25 and has had bad activity in the past 30 days it will be blocked by the mod.
If the visitor has a threat level less than 25 or has not had bad activity in the past 30 days but has been flagged as suspicious by httpBL then it will be placed in the "PERMITTED ENTRIES LOG".
If the visitor is not in the httpBL database nothing will happen.

What happens when a visitor is deemed suspicious?

Visitor is NOT blocked.
If logging is enabled, the Visitor is placed in the visitor log.
If the visitors is a guest and the "suspicious" BBC tags are used the content enclosed will not be visible to the visitor.
If the visitors is logged in and the "suspicious" BBC tags are used the content enclosed will be visible to the visitor.
If the visitors is a member via SMF and the "suspicious" BBC tags are used the content enclosed will be visible to the member.

CONCLUSION:
Only guests who are suspicious will not see the content enclosed in the BBC tags.

Enjoy.

mediaworksmt · August 03, 2011, 12:52:43 PM

I'm running into an odd error when trying to install the Bad Behavior 1.5.3 package on SMF 2.0 RC3...

Uploading the Bad_Behavior_1.5.3.zip package is successful
Clicking the [ Install Mod ] link shows all 'Execute Modification' tests to be successful
I added the "SetEnv TZ America/Denver" line to the .htaccess file in our server's document root
When I click the blue "Install Now" button at the bottom, it takes me to the following URL, then the page blanks out and goes nowhere.

hxxp:my.web.site/user-forum/index.php?action=admin;area=packages;sa=install2;package=Bad_Behavior_1.5.3.zip;pid=0 [nonactive]

Nothing appears in the source code of the blank page, and when I reload, I'm presented with the following message:

An Error Has Occurred!
Your session timed out while posting. Please go back and try again.

I can install/uninstall other packages without issue, but this one seems to be giving me troubles.

Any ideas or suggestions would be very sincerely appreciated!

butchs · August 03, 2011, 05:51:37 PM

Quote from: mediaworksmt on August 03, 2011, 12:52:43 PM
Your session timed out while posting. Please go back and try again.

Guess 1: I only see that message when my cookies are off.

Guess 2: Maybe you should edit the htaccess after mod installation?

Guess 3: you have have to manually adjust the permissions for the bad behavior folder.

TheListener · August 03, 2011, 08:20:51 PM

Butchs

I use a broadband usb dongle (flashkey) where everytime I log onto the internet a new number is used.

Would my logging into the forum be affected by the mod?

mediaworksmt · August 04, 2011, 10:55:22 AM

butchs,

Thanks for your reply - After trying all of your suggestions, including a number of different variations of permissions, I finally noticed that an error_log file was being produced when I try to enable the package. Here's the information from it:

Code Select

PHP Fatal error:  Call to undefined function  add_integration_function() in /public_html/user-forum/Packages/temp/install_db.php on line 66

Any further suggestions? I again really, REALLY appreciate your help - Thanks again!

edit: Looks like I may have found my answer in another thread - It seems add_integration_function() doesn't exist in 2.0 RC3, but was added in 2.0 RC4. Going to try upgrading to the latest SMF version and will let you know how things turn out.

edit2: Successfully upgraded to 2.0 RC5, and the "Bad Behavior" package now works like a charm! :-)

butchs · August 04, 2011, 08:00:51 PM

Yea, sounds probable, I keep writing it for the latest versions.

butchs · August 04, 2011, 08:03:01 PM

Quote from: Brack1 on August 03, 2011, 08:20:51 PM
Butchs

I use a broadband usb dongle (flashkey) where everytime I log onto the internet a new number is used.

Would my logging into the forum be affected by the mod?

I do not know. Try accessing into the Bad behavior home site as a test.
If you can get on there you are okie dokie.

Sudhakar Arjunan · August 11, 2011, 03:51:06 AM

Nice mod.

Works perfectly without any issues.

infoseeker · August 11, 2011, 04:13:49 AM

Help me bro.
I activated honeypot.

In the fourth step of installation i got somelinks from projecthoneypot and they recommend me to include the link in my honeypot page.

I dont know where to include or adding those links in my smf forum.

Plz tell me where can i add these links.

<a href="hxxp:mydomain.com/myhoneypot.php [nonactive]"></a>

<a href="hxxp:mydomain.com/myhoneypot.php [nonactive]"><img src="wildlife.gif" height="1" width="1" border="0"></a>

<a href="hxxp:mydomain.com/myhoneypot.php [nonactive]" style="display: none;">wildlife</a>

Etc...

Help me. Where can i add or include these links.

Thanking you all.

butchs · August 11, 2011, 05:37:57 AM

Just add "hxxp:mydomain.com/myhoneypot.php" to "Honeypot Link" and "wildlife" to "Honeypot Link word" in the mods admin page. The mod will do the rest for you.

News:

Bad Behavior for SMF mod

TheListener