Bad, Bad Spambots

The Bad Behavior plugin for WordPress is an altogether novel way of blocking spambots. In the past, plugins have only looked at factors like the content of the spam submission, the IP of the sender. But what if the content doesn’t contain any “spammy” words and the IP isn’t on any blacklists? What if the bot fetches the entry page before leaving a comment, and scrapes the form for any “hidden values” you may have set? At that point, you have very little to go on.

The problem is that you are not considering enough factors.

Bad Behavior works its magic at “the door,” before spam bots can even try to post a comment or a trackback. It works by looking at the user agent (not a novel approach, but useful, nonetheless) as well as by looking at the HTTP headers. As it turns out, spam bots do a really poor job of hiding their identity in the HTTP headers. They do stupid stuff like changing their user agent to an Internet Explorer agent, but neglecting to send the headers that IE sends.

Bad Behavior was designed and built by watching actual spambots which harvested email addresses, posted comment spam, and used fake referrers. By logging their entire HTTP requests and comparing them to HTTP requests of legitimate users, it is possible to detect most spambots.

IO ERROR: Bad Behavior

So how well does it work? Let’s just say that Spam Karma 2 is getting very, very bored. Take a look at the footer on my site and see how many access attempts it has thwarted. And the great thing is that Bad Behavior works much more quickly than Spam Karma, taking literally 1 to 3 hundredths of a second.

If you have a WordPress 1.5.x blog, look no further than Bad Behavior + Spam Karma 2.

15 thoughts on “Bad, Bad Spambots

  1. Mark Post author

    Here you go:

    function bb_block_count($echo=1) {
    	global $wpdb;
    	$bb_count = $wpdb->get_var("SELECT COUNT(`id`) FROM `bad_behavior_log` WHERE `http_response` = '403'");
    	if ($echo) {
    		echo $bb_count;
    		return;
    	} else {
    		return $bb_count;	
    	}
    }

    Stick that in an existing plugin… I have a misc.php plugin I use for random stuff like that. Use it like this to echo: <?php bb_block_count(); ?>

    Edit: Try copying it again if it didn’t work before

  2. JoeBruin88

    I created the misc.php file and put it in my plugins directory. Then I get this output error:

    Fatal error: Call to undefined function: bb_block_count() in /home/whatsbruin/www/www/wordpress/wp-content/themes/whatsbruin-standard/footer.php on line 21

  3. IO ERROR

    You can also use the /my-hacks.php file (but enable it in your WP Options » Miscellaneous page); that’s what it is for — little miscellaneous hacks which are too small or varied for a plugin. They also run faster in /my-hacks.php as well.

  4. Pingback: Metaphysically Wrinkle Free » Death of Comment Spam

  5. Pingback: Wordpress Plugin Competition Blog » Bad Behavior Stats

  6. Pingback: WordPress Elixir

  7. Pingback: WordPress Plugins Database

  8. Pingback: Footsteps in the Mirror » Powered Plugins

  9. Pingback: Bad Behavior Stats « Extend › Plugins

  10. Pingback: Bad Behavior Stats Plugin | WordPress Plugins Database - WordPressPluginsDatabase.com

Comments are closed.