vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=261498

vB Bad Behavior (vB4)
by Eric
05 Apr 2011 23:21

4 Attachment(s)
/**
* vB Bad Behavior is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at your option) any
* later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*/


What is vB Bad Behavior?
This is an integration of the Bad Behavior software with vBulletin.

What is Bad Behavior?
Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it. Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site's load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.

Visit http://bad-behavior.ioerror.us/ for more.

Features
For more information on the features of Bad Behavior (and subsequently this mod) please go to Bad Behavior's site:

http://bad-behavior.ioerror.us/documentation/benefits/

For features related to the mod itself, please take a look at the screenshots.

This mod should work with vB 4.x, it was tested on 4.1.2/4.1.3. Screenshots are from vB 3.x, but it should still look relatively the same with vB4.

Installation
1. Extract the contents of the zip file.
2. Upload the contents of the `upload` folder to your forum root.
3. Enter your AdminCP and go to Plugins & Products > Manage Products > [Add/Import Product]
4. Import the product using the `product-vb_badbehavior.xml` file.
5. Configure the mod in AdminCP -> Settings -> Options -> vB Bad Behavior Options

Upgrading

vB Bad Behavior
In many cases, all you'll need to do to upgrade is follow the installation instructions above.

The only difference, will be you'll need to allow the files to overwrite. Also, when re-importing the product file, you'll need to set "Allow Overwrite" to "Yes".

Bad Behavior
Bad Behavior's files are at `/includes/bad-behavior/`. If you wish to update manually go to:

http://bad-behavior.ioerror.us/download/

And download the latest development version. Extract the zip, and upload the contents of `bad-behavior` to `/includes/bad-behavior/` allowing the files to overwrite.

Versions
The current version of Bad Behavior this mod is using is: v2.2.16
The current version of Bad Behavior (development) is: v2.2.16

Changelog
Version 1.0.14, 09/22/2015
  • Bad Behavior upgraded to 2.2.16

Version 1.0.13, 04/23/2013
  • Bad Behavior upgraded to 2.2.14

Version 1.0.12, 12/21/2012 -- Released: 02/05/2013
  • Bad Behavior upgraded to 2.2.13
  • Added some more ranges to whitelist.ini

Version 1.0.10, 09/09/2012
  • Bad Behavior upgraded to 2.2.10

Version 1.0.9, 06/17/2012
  • Bad Behavior upgraded to 2.2.7

Version 1.0.8, 06/12/2012
  • Bad Behavior upgraded to 2.2.6
  • New Setting: EU Cookie

Version 1.0.7, 05/04/2012
  • Bad Behavior upgraded to 2.2.3
  • Cron/Scheduled Task for automatic log pruning added.

Version 1.0.6, 01/04/2012
  • Bad Behavior upgraded to 2.1.15

Version 1.0.5, 05/26/2011
  • Added option for bypassing users/members.
  • If the visitor is a user, and is in usergroup 5, 6, or 7 (admin/mod/super mod) - Bad Behavior is bypassed.
  • Modified bad-behavior core to check for Google Web Preview
    • file edited: /includes/bad-behavior/core.inc.php
  • Added a link beside the IP address in the log for WhoIs.

Version 1.0.4, 04/28/2011
  • Bad Behavior upgraded to 2.1.13 (fixes search engine block issues)
  • Added Paypal/Paypal IPN IP address to the whitelist.
  • Added payment gateway file names to the whitelist.

Version 1.0.3, 04/21/2011
  • Fix #1: Pruning log doesn't work.
  • Fix #3: POST more than two days after GET (added support for BB's javascript)
  • Fix #5: Cannot modify header information error (suppressed error in BB's function)
  • Implemented #6: Filter per key (new admincp option to list keys not to be shown in log)
  • Implemented #9: Show link to member profile (if userid is found in headers, link to profile)

Version 1.0.2, 04/10/2011
  • Updated /includes/functions_vb_badbehavior.php to:
    • disable Reverse Proxy if Reverse Proxy Addresses are empty
    • distinguish SQL queries using "SET", for example: SET @@session.wait_timeout = 90 - which is used by BB
    • set "offsite_forms" to false by default, as it's not really needed in vB IMHO, and it can cause problems with certain setups
    • cleaned up the bb2_read_settings() function and fixed a typo in one of the vbulletin options calls
  • Updated /includes/whitelist.ini to include the following GOOGLE ranges:
    • 74.125.0.0/16
    • 216.239.32.0/19
    • 209.85.128.0/17
    • 66.102.0.0/20
  • Updated /admincp/vb_badbehavior.php
    • Log pruning was pruning all logs, despite what was entered for number of days

Version 1.0.1, 04/06/2011
  • Bad Behavior upgraded to 2.1.12
  • Changed files:
    • /includes/bad-behavior/core.inc.php
    • /includes/bad-behavior/searchengine.inc.php
  • "Verbose" admin option now set to "No" by default.

Version 1.0.0, 04/05/2011
  • Initial release.


Screenshots
Screenshots can now be seen at: http://www.secondversion.com/images/vb/vb_badbehavior/

I was running out of room for attachments here on vB.org


Development

https://github.com/ericsizemore/vb_b...ree/master/vb4


Only those who "Mark As Installed" will receive support for this modification.

Eric 05 Apr 2011 23:22

Reserved for future use.

Eric 06 Apr 2011 21:31

An update will be coming soon, since a new version of Bad Behavior was released.

Eric 06 Apr 2011 22:25

Version 1.0.1, 04/06/2011
- Bad Behavior upgraded to 2.1.12
- Changed files:
o /includes/bad-behavior/core.inc.php
o /includes/bad-behavior/searchengine.inc.php
- "Verbose" admin option now set to "No" by default.


I've reached the max. number of attachments for this thread - so I'll have to move the screenshots elsewhere. I will do this soon.

Mark.B 07 Apr 2011 00:04

Thanks for this, I'm going to have a play with it at the weekend.

baghdad4ever 07 Apr 2011 10:12

installed

plz can you tell me

i had high load in my server, can i get some benefit from this?

Gemma 07 Apr 2011 10:36

Thanks for this :)

BadgerDog 07 Apr 2011 12:35

Installed with thanks for testing on 4.04pl1 of vBulletin ... :)

Regards,
Doug

Eric 08 Apr 2011 20:33

Screenshots can now be seen at: http://www.secondversion.com/images/vb_badbehavior/

I was running out of room for attachments here on vB.org - Also, to lower the size of the download... removed the screenshots from the zip files.

Eric 09 Apr 2011 19:41

Quote:

Originally Posted by baghdad4ever (Post 2181901)
installed

plz can you tell me

i had high load in my server, can i get some benefit from this?

Yes, you could. Malicious bots can result in part of that load, if not most of it - with Bad Behavior blocking them, most folks do see a decrease in load.

Eric 10 Apr 2011 16:15

Version 1.0.2, 04/10/2011
  • Updated /includes/functions_vb_badbehavior.php to:
    • disable Reverse Proxy if Reverse Proxy Addresses are empty
    • distinguish SQL queries using "SET", for example: SET @@session.wait_timeout = 90 - which is used by BB
    • set "offsite_forms" to false by default, as it's not really needed in vB IMHO, and it can cause problems with certain setups
    • cleaned up the bb2_read_settings() function and fixed a typo in one of the vbulletin options calls
  • Updated /includes/whitelist.ini to include the following GOOGLE ranges:
    • 74.125.0.0/16
    • 216.239.32.0/19
    • 209.85.128.0/17
    • 66.102.0.0/20
  • Updated /admincp/vb_badbehavior.php
    • Log pruning was pruning all logs, despite what was entered for number of days

BadgerDog 10 Apr 2011 17:29

Thanks for the update ... :up:

This mod seems to block a LOT of things .... :eek:

Some of them seem pretty nasty. For example ..

When I click on an item in the log under the key "dfd9b1ad", it says on a pop screen ...

Quote:

HTTP Response: 403
Explanation: You do not have permission to access this server.
Log Message: Request contained a malicious JavaScript or SQL injection attack
I assume this something trying to do something bad to our site?

Also, I've been to project honeypot site and I can't find anywhere to register for an API key?

Regards,
Doug

Carnage 10 Apr 2011 20:54

looking good so far, its already flagged up a couple of accounts which we had previously banned for being spam bots. If it performs as well on previously unseen spammers, this could be a motm.

Gemma 10 Apr 2011 21:18

Quote:

Originally Posted by BadgerDog (Post 2183045)
Also, I've been to project honeypot site and I can't find anywhere to register for an API key?
Regards,
Doug

http://www.projecthoneypot.org/httpbl_configure.php

BadgerDog 10 Apr 2011 21:42

Quote:

Originally Posted by Gemma (Post 2183122)

Thank you ... appreciate that ... :up:

Regards,
Doug


All times are GMT. The time now is 06:56.

Powered by vBulletin® Version 3.8.12
Copyright ©2000 - 2018, vBulletin Solutions Inc.
Copyright ©2001 - , vbulletin.org. All rights reserved.