Bad Behavior 2.0.11
December 6th, 2007 by Michael Hampton
All users should update to Bad Behavior 2.0.11 immediately to prevent being blocked from your own site.
Within the past two days users have found themselves blocked from their own sites while using recent versions of Bad Behavior. A third party blacklist which Bad Behavior queries recently began sending false positives for any IP address queried, causing everyone using Bad Behavior to be blocked. This issue is fixed in Bad Behavior 2.0.11.
P.S. Yes, Bad Behavior is still in development. More news coming soon.
Update: Some people have asked for more details on what exactly happened. In brief, yesterday I moved all of my sites to a new dedicated server. In the process, I decommissioned an old blacklist I was running which I thought wasn’t being used, not realizing that Bad Behavior was still set to use it. Shortly afterward, I found myself locked out of my own blog, just as you all did. So therefore, this release.
kernow Says
great thanks!!!
Dec 6th, 2007 at 2:45 am
Jay Says
Thanks for publishing an update so quickly. I didn’t know what the heck was going on and was beginning to panic.
Dec 6th, 2007 at 2:52 am
nv1962 Says
Thankee, thankee, thankee! After the initial shock of being blocked out, I did umpteen security sweeps on my end, then got this brilliant idea to look for updates here… All happy and working again!
Dec 6th, 2007 at 2:53 am
tonyinabox Says
i thought it’s only me got this problem.
Dec 6th, 2007 at 3:05 am
JImg Says
I’m so glad you posted this tonight. People were starting to pull out their hair. I suggested to them it was an RBL issue.
Thanks again.
Dec 6th, 2007 at 3:14 am
The Tim Says
So glad I found this! I was going crazy trying to figure out why BB was blocking me from moderating my own site!
Dec 6th, 2007 at 3:38 am
5L4M Says
So, now we’ve learned what it looks like to be blocked by BB.
Thanks for the fix.
Dec 6th, 2007 at 4:10 am
Matt Says
Might be a good idea to point this out on the ‘fix this problem yourself’ page though.
Dec 6th, 2007 at 4:14 am
MT.Net Says
Brilliant! Great work, Michael! Thanks for the quick update!
Mark
Dec 6th, 2007 at 4:21 am
Jon Daley Says
I am not sure what the fix was that you added for the third party blacklist issue?
I was blocked earlier today, and dnsbl.ioerror.us had me on their blacklist, with a strange ip return value, so I assume that is what you are talking about in your post. I commented out that check, and everything is good to go.
But, I figured I would download your version to see what changes you made.
I expected to see a similar sort of change, but the only change that looked relevant to me was the X-Forwarded-For addition, but that $ip isn’t being used in the code, is it?
(by the way, I am a LifeType developer, and you can remove the LifeType file that you have included. We now include bad behavior as a “regular” LifeType plugin (and it is the only plugin we ship with the core code — nice job…))
Dec 6th, 2007 at 4:24 am
Jon Daley Says
In case it isn’t clear what I was talking about, here is the dns lookup:
plog/plugins/badbehavior/bad-behavior>nslookup 208.10.140.2.dnsbl.ioerror.us
Non-authoritative answer:
208.10.140.2.dnsbl.ioerror.us canonical name = ioerror.us.
Name: ioerror.us
Address: 67.201.13.130
Dec 6th, 2007 at 4:25 am
Stephen Says
Thanks! It might be a good idea to link to this page from the error message users are getting.
http://www.ioerror.us/bb2-support-key?key={key}
Dec 6th, 2007 at 4:35 am
blocked Says
Thanks for the fix, but I can’t help but ask what will prevent this from happening again? No fun at all to have a 24 photo upload with comments be blocked mid stream, then be directed to a baffling page which informs me I should contact myself because I’m infected with viruses (click here to use this simple key! use it where?) Then be blocked from making any changes to my site. Thankfully I could get into the admin and see the Plug-ins which led me here. Disabled till further review…
Dec 6th, 2007 at 4:40 am
Michael Hampton Says
The offending blacklist has been disabled entirely in the code, so it’s not very likely to happen again.
Dec 6th, 2007 at 4:46 am
Laundro Says
Sweet! Thanks! And thanks for all your hard work!
Dec 6th, 2007 at 4:57 am
Mike Law Says
I freaked out when I got this message on my law blog! Good thing I decided to get this update!
Dec 6th, 2007 at 5:11 am
Kathleen Says
I agree with blocked. Here’s my rant on the subject if you’re interested.
http://www.buildrealestateresults.com/blog/problem-with-bad-behavior-plug-in-for-wordpress-blogs.html
Dec 6th, 2007 at 5:12 am
Bong (JB) Says
Holy guacamole! So that’s it, bad behavior gone bad.
Thanks for the fix and thank you for bad behavior.
Dec 6th, 2007 at 5:14 am
Alex Says
I just installed this update on my site and it really screwed with something. I couldn’t submit my URLs to digg anymore, is that blocked? I know it’s just digg, but it’s a bit important to us and it was giving us errors. As soon as I disabled this plugin it worked fine again… Not sure what to do about this? Is there something I should tweak myself??
Dec 6th, 2007 at 5:34 am
Patrick Says
The download link gone to 404.
Dec 6th, 2007 at 5:44 am
Widgett Walls Says
Whew, I was afraid Skynet had arrived. Thanks for the quick fix.
Dec 6th, 2007 at 5:47 am
Cheryl Says
Superb support, sir. Thank you!
Dec 6th, 2007 at 5:49 am
Israel Jobs Says
Phew! I was luckier than some people, I recognized right away that it was Bad Behavior. But I didn’t notice the 2.0.11 update, I started trolling PHPMyAdmin for my IP address and there were over 1000 entries for it in wp_bad_behavior! Is all that because of the false positives or is it normal that my IP address be there at all?
Jacob
Dec 6th, 2007 at 5:53 am
Michael Hampton Says
I rechecked the download link and it’s still working.
Dec 6th, 2007 at 6:03 am
Michael Hampton Says
Israel Jobs, you might have verbose mode turned on. If you do, then every single request your blog receives will be logged. If you don’t like this, you can always turn off verbose mode. You don’t normally need to use it (unless you’re helping me to catch a spammer which Bad Behavior doesn’t yet recognize).
Dec 6th, 2007 at 6:10 am
Sam Wise Says
A thousand thanks!
By the way, when BB *does* give reject you, there’s nothing to say who’s doing the rejecting, just a weird reject code. It took me (and likely others) a while to figure out that BB was causing this problem — in the meantime, I was wondering if somebody had stolen my password and locked me out.
Something for the future-change list?
Dec 6th, 2007 at 6:41 am
Ginna Says
From California, yet another THANK YOU for your quick fix! I’m glad I eventually stumbled here in my panic when I got locked out of my blog. I’m now logged back in — and I didn’t have to give up my Bad Behavior to get there. Now I can sleep well. You’re the best!
Dec 6th, 2007 at 6:42 am
Michael Hampton Says
Putting a large amount of explanatory text into Bad Behavior for every conceivable blocking reason would bloat it beyond the point where I would be comfortable running it myself. This is why it instead generates a code and links back to my web site where the code can be explained in more depth along with some potential solutions.
The screen you saw is intended to be intelligible to the rare legitimate person who is actually blocked and needs help resolving the problem. These people tend to not be technically savvy. Though I’ll certainly take suggestions on how the page might be better worded. Keep in mind there are space limits. Bad Behavior is supposed to be small and fast, remember?
Dec 6th, 2007 at 7:02 am
EvilScienceChick Says
oh thank god…I thought something had gone seriously, seriously wrong. well, something DID go wrong…just nothing *I* did
Dec 6th, 2007 at 7:05 am
John Says
Thanks for the speedy fix as this baffled me at first. I also use Comment Timeout, which will close comments if an IP has hit Bad Behavior 3 times in the last seven days…meaning me. I set it to 10 times in the last seven days for now and it works, so I guess I’m good and I wait a few days and change it back to 3 times again, but I thought I’d post this anyway.
Cheers!
Dec 6th, 2007 at 7:12 am
EvilScienceChick Says
OK, here’s a weird observation. When I have BB2 activated (even with the new version now), whenever I put up a new post, instead of going to the “post saved” screen after publishing, it takes me to my site with a 404-not found error. Similar things happen when people leave comments. The posts and comments still show up, however. And deactivating the plugin fixes the problem.
For now, it’s not enough for me to uninstall BB2 - it’s too valuable! But I just thought you should know of a possible bug? maybe it’s not playing nicely with another one of my plugins? very weird!
Dec 6th, 2007 at 7:19 am
pickupjojo Says
Thank you so much for the update, it works fine now.
Dec 6th, 2007 at 7:27 am
victor Says
how do i do an update if i am using joomla?
pls advise
Dec 6th, 2007 at 7:29 am
Oliver Says
Thanks a lot for the fix.
I agree with Matt (Dec 6, 4:14 am) and Stephen (4:35 am). Would you mind putting a link to this page here from the “What to do when Bad Behavior blocks you …” post?
Dec 6th, 2007 at 7:32 am
Michael Hampton Says
EvilScienceChick, you’ve got some weird problems with your site all right. I’ll send you some mail after I make a mess of your site posting comments all over the place.
Dec 6th, 2007 at 7:37 am
Oliver Says
To put more clearly what I said: you offer a great WP plugin for free and I’m obviously very grateful for that. However, a link or just a few words on the page where most people will probably start looking for help when they find themselves blocked by Bad Behavior - this would have saved me, and presumably a lot of other people, hours of googling, reading, searching their databases, trying this and that …
But above all, thanks for Bad Behavior!
Dec 6th, 2007 at 7:48 am
Michael Hampton Says
For updating Joomla you can just replace the bad-behavior directory that came with the mambot with the bad-behavior directory (in lower case) that comes with the distribution published here. At least until whoever’s maintaining the mambot gets around to updating it.
Dec 6th, 2007 at 7:49 am
Cory OBrien Says
I thought I had been hacked! Thanks so much for posting such a quick update!
Dec 6th, 2007 at 8:35 am
nchenga Says
can you add this message to the error page? took me a while to figure out what had happened.
Googling for the error message itself sent me into various different threads regarding .htaccess etc
Dec 6th, 2007 at 9:27 am
Jens Says
This reminds me of an very old quote:
“Never change a running system!” *smile*
Good thing your update was so fast online!
Dec 6th, 2007 at 9:41 am
Jack @ The Tech Teapot Says
Thanks for the prompt update…gave me quite a scare this morning.
Dec 6th, 2007 at 9:47 am
Simon Young Says
Thanks Michael
It’s amazing how quickly you issued this update, so thank you. It took me less than 15 minutes from finding out that my users had problems to land here, get the update and fix my site.
Dec 6th, 2007 at 10:38 am
rd Says
LOL !
I had to deactivate BB to get into the blog
I called my provider this morning, being scared to death thinking that our machine here at home had been compromised.
Thanks for the update !
Dec 6th, 2007 at 11:37 am
Dean Clinton Says
Hey, I downloaded Bad-Behavior, and I’d like to integrate it with Etomite.
I’ve placed the require_once call within the Etomite parser, but I can’t tell if it’s working or not.. how can I tell?
Regards,
Dean Clinton
The Etomite Project
Dec 6th, 2007 at 11:38 am
Dan Says
I’d like to echo what others said about better explanatory text. The only reason I ended up here is that I decided to google ioerror.us. The page I was sent to from the blocked notice told me nothing useful, and the only link was for me to install Google Pack–didn’t make it look like a legitimate site. Then I tried backing up the URL to the root domain, and I get a message saying that ioerror.us/ doesn’t exist–also not a good sign. Given that there’s 1) no way to use that key to fix the problem when I followed the link, and 2) that what I was taken to looked like some sort of spam itself, I’d say that a little more explanation is worth the extra space in the code.
Dec 6th, 2007 at 11:42 am
khris Says
Thank you for the quick response. It is basically what I did to get me into my joomla site, by commenting out the IP check with dnsbl.ioerror.us. This is just to avoid problems however, I’d be curious to know what caused my IP to be blacklisted.
I don’t know if this is relevant, my problem occurs when I change apache Authtype from basic to use my institution web authentication service for some private part of Joomla site. I experimented with that for a little while with and bam! got 403 blacklisted when I tried to log into Joomla!.
Dec 6th, 2007 at 12:29 pm
khris Says
Just ignore my post I didn’t read the last part of your article where you have explained the problem.
Dec 6th, 2007 at 12:40 pm
One Old Vet Says
Whew!
Dec 6th, 2007 at 12:48 pm
Morey Says
Thanks a lot for this uber-quick update.
Dec 6th, 2007 at 1:05 pm
Branko Collin Says
Got badly awoken from sweet slumbers by panicky client who thought all her websites had been hacked. Certainly looked so. Thank God for Google, just a few clicks away from this posting.
Having checked all seven sites I have access too, I noticed that the one I do not maintain only runs Akismet, not Bad Behaviour. Which brings me to this question: what are the reasons for running Bad Behaviour if you already run Akismet?
Jon Daley, I noticed the following diffs: changed version number, blacklist server commented out (”disabled in the code,” I’ll have to remember that one, so much more gravitas), a number of crawlers added (and one renamed to “WordPress”?), and two bugfixes.
Dec 6th, 2007 at 1:27 pm
RJ Says
Michael, thanks for the quick update.
Anyway, for those who may be interested. I use BB and another script that detects and bans scrapers. Using both scripts provides a level of protection that I’m not willing to do without.
Other script, Rogue-Bot-Blocking
Dec 6th, 2007 at 1:47 pm
John P. Says
Blood pressure back to normal now. Thanks!!
Dec 6th, 2007 at 1:55 pm
Corinne Edwards Says
Finally found your post after running lots of duplicate Norton scans.
So I upgraded. I am still locked out. Getting an Error 403
What’s the next step?
Please someone tell me!!!
Corinne
Dec 6th, 2007 at 2:22 pm
Louis Says
Thanks for the quick fix. A few suggestions:
There is a question in the FAQ that deals with the general issue being blocked out of one’s own blog by BadBehavior. Please update the answer to that FAQ to point here.
I encountered the problem and the first thing I checked was the FAQ but it took me a while to realize that I should upgrade to 2.0.11.
The download page also needs updating to show that 2.0.11 is the latest version. I went there and saw that that it said 2.0.10 is the latest stable version and so thought that I did not need to upgrade. I eventually decided I should check out 2.0.11 anyway even if the download page said 2.0.10 is the latest stable version.
Dec 6th, 2007 at 2:30 pm
Soccer Dad Says
Man I thought I was going nuts yesterday. Thanks for the quick update!
Dec 6th, 2007 at 2:31 pm
beth maher Says
Hrrrrmmmm…
Wordpress is telling me I can’t activate the update because it “triggers a fatal error.”
What’s going on here?
Dec 6th, 2007 at 2:42 pm
Jeff Says
Whew! Thanks!
Dec 6th, 2007 at 3:06 pm
Cyman Says
Hi,
Thanks for the good work, helps us every day!
However, how can we upgrade to this version in Joomla?
Thanks!
Dec 6th, 2007 at 3:17 pm
Vidya Says
Took the old Bad Behaviour plugin out through the backend using Filezilla and uploaded the new version…still getting the same error. Was I supposed to add it on top of the existing plugin?
Dec 6th, 2007 at 3:19 pm
JoLynn Braley Says
Thanks for being on top of this, I thought the error was coming from my site host. All is well now, thanks!!!
Dec 6th, 2007 at 3:28 pm
Jonathan Dingman Says
well good job michael…GEEEEZ, I can’t even upload images!!!!!
oh wellz………..THXXXXXX
Dec 6th, 2007 at 3:32 pm
Kathleen Says
Michael,
Bad Behavior is a great plug in. The easiest way to help out us non-techies would be to just change the 403 Error to say: “We’re sorry, but Bad Behavior could not fulfill….”
There was nothing on the 403 error page, or the page I ended up at after clicking “fix this problem yourself” that mentioned Bad Behavior. If I had at least known that it was an application kicking me out (and which one), as opposed to being hacked, I could have started to look for an answer.
Dec 6th, 2007 at 3:58 pm
Simon Says
Cool!
I was beginning to panic and really thought I had viruses on my computer, and was even going to do a full format and install on my computer. Fortunately, now I am relieved.
thanks for the effort. Keep up the good work!
Dec 6th, 2007 at 4:07 pm
Maria Says
I agree with Kathleen. I just wasted 3 hours troubleshooting this with two different ISPs, the makers of ecto, and the folks that run one of the blacklists. I had no inkling that it was a WordPress problem because I didn’t change anything in WordPress.
I love your plugin but please — oh PLEASE — don’t let this happen again!
And thanks for the fix, of course.
Dec 6th, 2007 at 4:23 pm
Maria Says
The good news is, I went a whole 24 hours without any pingback spam.
Dec 6th, 2007 at 4:24 pm
Michael Says
… and then it might be helpful to note that just overwriting the old bb-files with the new ones using an ftp client fixes the problem.
Logging in to wordpress and disabling bb is not possible anymore - remember…
Dec 6th, 2007 at 4:38 pm
Rod Says
Like a few other people here, I thought the blog had been hacked, at first (I knew there was nothing evil on my box). When I saw the message at the “you’ve been blocked” page, I tried to go to the root of the webpage, and there was nothing there. After that, I simply did a Google for [dead domain name + the word "problem"]and arrived at MH’s blog posting. Sent an e-mail to the admin., and successfully logged into the group blog first thing this morning.
I use this same general strategy any time I find a system/program file-I-don’t-know-what-it-is, and I always land at some tech page that gives me info. I need.
Anyway, to Michael Hampton: you are a gentleman and a scholar - rarely have I seen such prompt action on the part of a developer to remedy a dire problem.
Dec 6th, 2007 at 4:50 pm
Dr Web Says
Hi
I have this problem in a blog of mine, I downloaded the new version of the plugin, deleted the old one from the server, uploaded the new and when I try to access my homepage I cannot see the homepage, this causes a fatal error.
Did I something wrong? If so, what is the correct way to solve this problem, I have WP 2.1 installed.
I need this urgent.
Thanks
Dr Web
Dec 6th, 2007 at 4:54 pm
Manuel Says
Worx like a charm!
Great Plugin, great work .. there is nothing else to say!
Dec 6th, 2007 at 5:06 pm
Alex Biddle Says
Locked out then upgraded, minor(ish) blip in a great plugin!
Dec 6th, 2007 at 5:12 pm
Jason Frovich Says
PHEW
I was also starting to freak out.
I disconnect & reconnected my internet to try to get new IP address, that didn’t help.
thank God for google..
Dec 6th, 2007 at 5:15 pm
Dr Web Says
I posted a comment asking for help a few minutes ago and I come again to see if I have some response, and, my comment was deleted??? Did I something wrong?
Dec 6th, 2007 at 5:32 pm
Dr Web Says
Ahhh, ok, sorry, is awainting moderation, do not post these two last comments please.
My apologies
Dr Web
Dec 6th, 2007 at 5:34 pm
Michael Says
Thanks for the swift update and the great plug-in.
You are a scholar and a gentleman.
Dec 6th, 2007 at 5:43 pm
Leslie Says
Yow, panic! It didn’t take me long to figure out that it was Bad Behavior blocking me, but when I renamed the bad behavior plugin directory to disable it, my blog displayed a blank screen. Is this a “feature” of the lastest Wordpress 2.x release, that plugins must be disabled from the control panel before renaming the directory? Renaming a plugin directory used to be the last defense against a malfunctioning plugin.
Anyway, this new version of Bad Behavior installed without a problem and I’m back into my site. Thanks so much for the quick response.
Dec 6th, 2007 at 6:26 pm
Michael Hampton Says
Beth, and Dr Web, I have no idea why you’re getting a fatal error with Bad Behavior. Feel free to email me any more information (including a copy of the fatal error!) and I’ll try to track it down. The software as distributed contains no known errors of this type.
Dec 6th, 2007 at 6:28 pm
Roxanne Says
This could probably be “history in the making” for WordPress. Since a lot of users use this plug-in. =)
Dec 6th, 2007 at 7:02 pm
Murk Says
It was interesting to see the error page, and I concur that it should mention some ‘Bad Behaviour’ as a hint to us should anything like this happen again.
Also, it’d be good to be able to click a ‘test’ button somewhere and see what this page says (and to customise it!)
I was given an error code, but if someone had emailed me that error code I would not have known what to do with it.
Fortunately for me, I had the problem fixed within about 3 minutes as I guessed the cause straight away.
Thanks for already having updated!
Dec 6th, 2007 at 7:14 pm
ProphetJoe Says
OK, my friend’s blog uses BB and now she can’t get into the wp-admin console. How should she proceed??
PJ
Dec 6th, 2007 at 7:18 pm
Dr Web Says
Michael
The problem is solved, I uploaded the zip file and unzipped inside the plugins folder instead of unzip on my PC and upload the files individually, I don’t know if this was the cause of the fatal error, but, now, all is working perfectly.
Thanks very much for your work.
Dec 6th, 2007 at 7:22 pm
TexasFred Says
Much appreciated, I love Bad Behavior and my readers were in a panic, and I was a bit perplexed too… All is well and you are great!! Merry Christmas came early!!
Dec 6th, 2007 at 7:34 pm
Scott Ott Says
Thanks for fixing this so quickly, and making the world safe for democracy.
Scott Ott, editor
ScrappleFace.com
Dec 6th, 2007 at 7:35 pm
Dean Clinton Says
Hi, was just wondering if you could answer my question.. ta!
Dean
Dec 6th, 2007 at 7:41 pm
Roxanne Says
Umm, now I’m having this fatal error thing come up. I’ve disabled the plugin for now, but I would like to know why it is doing this?
Dec 6th, 2007 at 7:52 pm
Jen / domestika Says
I could only wish that all fixes were so clean and easy… Thanks much!
Dec 6th, 2007 at 8:07 pm
blau Says
Michael, I had no idea this plugin was still being maintained. I recommend that you keep your wp plugins page updated
http://wordpress.org/extend/plugins/bad-behavior/
and post regular status updates (mailing list, blog), even if there are no news, to let people know there still is somebody working on BB.
I ditched BB from all my blogs as it gave me troubles, before realizing this long-neglected blog could have some news.
Dec 6th, 2007 at 8:15 pm
Grant Says
Thanks for the update Matt!
Dec 6th, 2007 at 8:19 pm
John Says
Since this update, I have to echo someone elses experience here and that is digg is no longer accepting URLs from the site with bad behavior on.
Yet if I disable bad behavior it does.
There are no logs of digg attempting access, which is odd.
Could you take a look at this please? Thank you in advance.
Dec 6th, 2007 at 8:21 pm
bubazoo Says
yeah, metoo. I was like…”what the heck?” LOL
I contacted my web service provider and everything, thinking I was being blacklisted from my own VPS provider. This is just too funny. thanks man
Dec 6th, 2007 at 8:25 pm
Michael Hampton Says
blau, that’s funny, because I had no idea there was a plugin page there at wordpress.org. It doesn’t seem to provide me any obvious way to update it. So I’ll have to ask around and see what I can find out.
Dec 6th, 2007 at 8:41 pm
Michael Hampton Says
I have submitted a bug report to digg in regard to their crawler with instructions on how they can fix their crawler. In the meantime, until they fix it, you can whitelist their IP address, 64.191.203.34.
Dec 6th, 2007 at 8:48 pm
blau Says
Michael, the wp.org plugin page is going to be the main source of info for wordpress users. I know BB works great for other platforms, but the point is, just keep informing the world that you are still around. Wish you good luck, and thank you for your time!
Dec 6th, 2007 at 8:48 pm
Michael Hampton Says
I’ve added the following text to the support page for this technical support key.
Hopefully this will cut my email volume down a bit.
Dec 6th, 2007 at 8:56 pm
Daniel Says
Michael,
thanks for all your hard work.
I thought Bad Behaviour was suppose to show within our current design.
Because it was a generic white 403 error page made me think there was an error or the site had been hacked.
Maybe you could put a bold h2 below the 403 error page to says
“Bad Behaviour Detected”
I had to deactivate BB to be able to login. All better now.
Dec 6th, 2007 at 9:39 pm
Karen Says
Thanks for the quick update. I had a few people who tried to leave comments and/or contact me last night who had issues with bad behavior.
Dec 6th, 2007 at 10:42 pm
Mikael Says
It’s been an interesting time. Fortunately, I got lucky and found this page once the blog started locking me out. And I learned a lot about ftp today and how to upload things that I never knew before. Amazing what motivation an absent webmistress can bring!
However, it still ain’t working. I’m able to get back into the admin area, but the plugin won’t activate — it gives me: Fatal error: Cannot redeclare bb2_db_date() (previously declared in /hsphere/local/home/mikael/mblaisdell.com/TheHotline/wp-content/plugins/bad-behavior-wordpress.php:50) in /hsphere/local/home/mikael/mblaisdell.com/TheHotline/wp-content/plugins/old_bad_behavior/bad-behavior-wordpress.php on line 49
In my fumbling around, I created a new directory called old-bad-behavior, moved all of the old files into it including the wordpress.php, then uploaded the new stuff into the appropriate places. It looks like the old wordpress.php is still getting called. Any (easy) suggestions for how to fix?
Dec 6th, 2007 at 10:42 pm
Maski Says
I was scared as hell… thought maybe someone hacked into my blogs.. since I have one plugin rep for all the sites,.. well… good response time thanks
Dec 6th, 2007 at 10:44 pm
Mikael Says
Belay that last! Deleting the old-bad-behavior subdirectory eliminated the error.
Dec 6th, 2007 at 11:21 pm
Tudor Says
Hi, Joomla! mambot has been updated, please visit the site to get the new version.
Dec 6th, 2007 at 11:47 pm
Dawn Says
Help! I have read through all the comments and you guys all look WAY more techie than me. I’ve been blocked from my blog and have downloaded the fix, but have come to a halt as I have no idea what to do next. I have read the instructions and have no idea what they mean. Is there some info listed somewhere that details a step by step guide for non-techies like me? I’ve been pretty impressed with myself that I managed to set up a blog so all this is a bit beyond my skill level.
Dec 6th, 2007 at 11:48 pm
LuixieP Says
Someone needs to let the guy who does Netquery know — I was driving myself crazy trying to figure out what I’d done to break the program, heh.
I was able to update just the bad behavior files in Netquery, and it worked.
Dec 6th, 2007 at 11:59 pm
MJ Says
Does anyone have a fix for postnuke?
Dec 7th, 2007 at 12:04 am
LuixieP Says
*sigh* I spoke too soon. It’s working for me, but not everyone else, so…yeah, that didn’t work.
Dec 7th, 2007 at 12:09 am
Branko Collin Says
Dawn, you need an FTP program to upload the Bad Behavior files to your hosting provider. The Bad Behaviour ZIP file has some instructions on how to do this, the rest should be provided by the help pages of your provider. Have you used FTP before?
Dec 7th, 2007 at 12:30 am
Joker Says
The main reason I’d like you to do an update on wordpress.org site is because version 2.3.1 will notify of updates for plug-ins if they are updated there. Of course that only happens when you go to the plugins tab, but I use it as an easy way to know when updated plugins have been released.
Dec 7th, 2007 at 1:18 am
TLa Says
I updated the lastest version but still get blocked. I just disable the plugin in Wordpress and it works fine.
Dec 7th, 2007 at 2:05 am
Michael Hampton Says
If you still get blocked after updating, you should first check to make sure you actually updated the plugin. Everyone I’ve spoken to with this particular problem hadn’t actually uploaded the new files correctly.
The second thing is to do the normal thing you would do if there wasn’t an actual bug in the program: Click on the technical support link and follow the suggestions there.
And finally, you should send me the technical support key if you still can’t figure it out.
Dec 7th, 2007 at 2:58 am
Liki Says
Is there a possibility to allow users from certain IP addresses FULL access to the site regardless of an IP being blacklisted?
I want to allow users from a poor country who happen to surf from cybercafes- As you know, not everyone who use such place is a spammer -
Dec 7th, 2007 at 3:32 am
Michael Hampton Says
Liki, you can always add the IP address to the whitelist. But watch out, you will get spammed!
Dec 7th, 2007 at 4:05 am
Jayce Says
Thanks man.
Dec 7th, 2007 at 5:45 am
Dobovedo Says
Awesome! Please ignore the big ‘ol SQL file I sent (if it actually gets to you this time). I don’t know how many complaints you got about the problem, and then it appears there are even complaints about the solution, but I think it was a wonderfully fast fix to a wonderful plugin that is FREE. Thank you!
Dec 7th, 2007 at 6:05 am
Mark W Says
Had the issues as per everyone else when modifying my site last night, and thanks for getting the Fix up so quickly Michael, but then ended up with 12 comment spams over night - could that just be a coincidence? It’s definitely enabled!
Dec 7th, 2007 at 7:18 am
Wino Says
I deactivated BB and started up Akismet. I’ll be putting on the fix tomorrow. It’s after 3:00 a.m. here in Texas right now.
Thanks for the quick update.
Dec 7th, 2007 at 9:10 am
Keith Says
Michael, thanks so much for your swift response to this issue and for the bad behavior plug-in. Worth every penny
Dec 7th, 2007 at 10:39 am
SeoTier Says
Pheww…I was scrambling like hell when I was blocked from my own site! Thank’s for the update
Keep up the good work 
Dec 7th, 2007 at 12:39 pm
Matthias Mauch Says
Thanks for BadBehavior 2.0.11 because with 2.0.10 I can’t login in my Flatpress blog last evening. After disable Bad Behavior 2.0.10 and download the 2.0.11 all will work fine again.
Thanks a lot for this great plugin and your tips to add it in other blog software.
Dec 7th, 2007 at 4:01 pm
Ian Ozsvald Says
Thank you for the quick fix. Given your prompt behaviour and the clarity of your blog post…I was compelled to ping you $20 via PayPal. Many thanks for sorting this so quickly!
Ian.
Dec 7th, 2007 at 5:41 pm
becky Says
HI Guys and Gals, At the same time that Bad Behaviour cacked up my website, my theme got hacked and someone had put loads of pharmaceutical and gambling websites on my page.
Took a while to sort it all out but finally fixed it. I have removed the bad behaviour plugin for now and tidied up my corrupted theme. Have also obviously changed admin passwords etc.
Does anybody think the two are related? I don’t want to be throwing accusations around as that won’t get me very far and is irrelevant, I just want to understand what happened to my blog. How they managed to hack was that they somehow gamed access to my themes page.php file. Seems a bit of a coincidence to have both happen on the same day.
Has this happened to anybody else today? Like I say I don’t care about blame, I am just trying to understand what went wrong.
Dec 7th, 2007 at 9:33 pm
Ban Proxies Says
Bad Behavior Needs Behavior Modification
Dec 7th, 2007 at 9:34 pm
Michael Hampton Says
Becky, I don’t think either has anything to do with the other, though if you want to email me, I’d be interested in analyzing the security problem and seeing if a future version of Bad Behavior can block such hacking attempts.
Dec 7th, 2007 at 10:06 pm
becky Says
Thanks Michael, I have emailed you at the bad.bots address I found in your faq page, I hope I analysed it correctly
Dec 7th, 2007 at 10:12 pm
Mikael Says
It appears that the bad behavior of BB may have gone a little farther than just locking me out of my own site for a day. Now ComCast is rejecting all e-mails sent from my domain to any of their subscribers. Their automated message says that I’m on a some list of problem domains. Has anyone else seen this result?
Dec 8th, 2007 at 3:43 pm
camner Says
Well, my issue was different. I didn’t get an error message stating I was being blocked. All I got whenever trying to log in was a “Forbidden 403″ error stating that I didn’t have the right permissions to access a file. Of course, the permissions were fine!
I spent a lot of time with my web host’s tech support folks, and it was they who discovered that it was BB causing the issue.
This is not a rant or a criticism at all. I’m curious as to why I didn’t get the “official” message that would have clued me in to the fact that BB was causing trouble, instead getting a “bad permissions” error. Any ideas?
Dec 8th, 2007 at 4:52 pm
Michael Hampton Says
You still have to do the mod for wp-cache 2, but it’s wp-cache that gets modified, not Bad Behavior, so if you’ve already done the modification, you don’t have to do it again unless you update wp-cache.
Dec 9th, 2007 at 6:29 pm
GregM Says
Hi,
Ummm…actually, this first occurred on Monday 12 November 2007. I can’t tell you the exact time, but my time stamps tell me that I completed the fix for my own sites at 10:27 a.m. UK time.
I guess there was something else afoot besides the server move almost a month later on 5 December?
Anyway, it’s fixed now — the relevant line is commented out from blackhole.inc.php. Many thanks!
All the best,
Greg
Dec 10th, 2007 at 5:47 pm
Dan Says
I un-install 2.0.10 than I try to update to 2.0.11 and getting this:
ERROR: Could not find an XML setup file in the package.
Any hint ? Thanks Dan
Dec 10th, 2007 at 10:15 pm
Michael Hampton Says
Dan, I have no idea what you’re talking about.
Dec 11th, 2007 at 3:45 am
Clif Says
Tried installing the update and still being blocked from my owh site by this piece of shit software.
Dec 11th, 2007 at 6:19 am
Michael Hampton Says
Well, Clif, it would help if you had an IQ larger than that of a cockroach. Then you would be able to install the software correctly.
Dec 11th, 2007 at 7:23 am
Azrael Nightwalker Says
Thx.
Though I already added myself to the whitelist
Dec 13th, 2007 at 10:55 am
V. Says
Thanks a lot!
I had to deactivate bad-behaviour because I could not enter my blog and since then the spam received had multiply by 20!!!
Dec 15th, 2007 at 2:04 pm
Lydus Says
Wordpress tells me that the “Plugin could not be activated because it triggered a fatal error.” I’m using Wordpress 2.2.2, and it even happens when all other plugins are deactivated.
Dec 15th, 2007 at 8:52 pm
Lydus Says
Never mind about that, uploaded it all again, and it’s fixed.
Dec 15th, 2007 at 8:54 pm
FruityOaty Says
Oh, thank goodness! I deactivated last week… and I kept getting rejected on other sites, as well.
Being labeled the essence of malicious and illegal activity on my OWN SITE… hurt my feelings, LOL.
Dec 17th, 2007 at 11:58 pm
Justin Says
Wouldn’t it have been better to include a message, like: ‘If you are the owner of this website, update your plugins.’ Or whatever. I was blocked from my own site, like everyone else, and had to contact my host, etc. I was mighty annoyed when I discovered that it was something so stupid as a simple upgrade of a plugin. I almost had a heart attack, thinking someone had hacked my site.
Wouldn’t it be nice if all the plugins we use had a feature wherein we could be notified by email? Something we could sign up for?
Dec 18th, 2007 at 2:19 am
Michael Hampton Says
Why haven’t you signed up for the existing email or RSS feed? You also get notified of the update on the WP plugins admin page.
Dec 18th, 2007 at 2:27 am
Justin Says
Oh, duh. Thanks
Dec 18th, 2007 at 3:04 am
suleiman Says
Woohooo. So glad you got this fixed, users of my site were complaining up the wazoo about this one!
Dec 19th, 2007 at 12:06 pm
Bolonki Says
Hello Michael, thanks for your Bad Behaviour (hehe).
I wonder if you are planning to issue a mod so that BB works with Super-Cache. Can I use the mod for WP-Cache?
Supercache is a lot better than WP-Cache, and I’m sure a lot of people would love if it worked well with Bad Behaviour.
Dec 19th, 2007 at 8:13 pm
Paul Says
I notice that you’ve also added a blanket ban on agent ‘MJ12bot’ between .10 and .11.
I got hit by that bot (it triggered a deny in robots.txt,) and from their webpage, there’s a spambot going round pretending to be MJ12bot, but with a very specific version number - is the blanket ban necessary? (I was tempted to block the bot myself until I saw their page and thought to only block that version number.)
Dec 19th, 2007 at 11:19 pm
Michael Hampton Says
Paul, the block on MJ12bot was put in place for the real bot, not for the fake one.
It’s a distributed crawler where anyone can download the crawler code and have it start crawling bits of the web using that person’s bandwidth combined with that of everyone else who runs the crawler.
This isn’t often a problem, until it becomes one when more than one of these MJ12nodes begins hitting a server at the same time. I’ve seen instances in which dozens of different MJ12nodes were hammering a server (mine!) to death. And that’s hard to do.
To the best of my knowledge, this problem has never been fixed. Google solved this problem years ago. Though it’s hard to tell, since the source isn’t published and neither, apparently, is a changelog.
With the fake bot you mentioned that’s started running around the network, it gets even hairier. Fortunately the MJ12bot page provided enough information for me to distinguish the real bot from the fake, and I’ll incorporate this into Bad Behavior when I can confirm that MJ12bot is no longer a threat to web servers.
Dec 20th, 2007 at 12:49 am
Paul Says
Michael:
> Paul, the block on MJ12bot was put in place for the real bot, not for the fake one.
Ah - ok, thanks for the explanation. I’ll leave the blanket ban in then.
Dec 20th, 2007 at 8:15 am
AlexC Says
Hi guys,
I am the creator of original MJ12bot. I found this discussion while searching for “fake bot”. As mentioned above right now there are lots of instances of fake MJ12bot v1.0.8 - this is run by criminals who installed this software on unsuspecting user PCs using some kind of virus or rootkit. We have nothing to do with this practice and it is not our software that they install - basically they fake user-agent, any bot can do it, email spammers have been doing this since forever, so anyone who sees right now MJ12bot v1.0.8 can be 100% confident it is a fake.
This fake bot ignores robots.txt and also overloads sites - unlike our bot they did not put anytime into thinking through all these things, which is no wonder - it is the criminals who run this bot, we are here as victims as you are guys - we get bad publicity for absolutely no reason, perhaps this was the intention of those criminals, we might never know for sure.
What you can be certain however is that our legit bot supports robots.txt, especially Crawl-Delay parameter in it - it allows to slow the bot down and also we spread loads on servers to prevent overloading them. We have been doing this for over 3 years now, we do NOT overload sites - we have solved this ages ago, plus with Crawl-Delay you can control speed of crawling. So please, don’t consider us a bad bot - we obey your robots.txt commands, so if you wish to exclude us then feel free to do so - we respect your decisions and will obey them.
The fake bot however won’t - we publish as much as we know on our bots page, but I hope yet again you will appreciate that we are suffering really badly from these criminals who have nothing to do with us, yet because it is trivial to fake user-agent it reflects badly on us.
I hope you appreciate the situation, if anyone is in doubt then you can always contact me via email on our bots page - usually we respond within hours.
regards,
Alex Chudnovsky
Dec 30th, 2007 at 12:25 am
redboy Says
thanks a lot ! it works well …
Dec 31st, 2007 at 1:44 pm
Rene Says
Imagine my surprise to be blocked on my own blog.
Checked my phpadmin, and sure enough there I was.
came back here, read your advice, downloaded updated plugin, renamed on my filemanager my badbehavior folder with XXs, uploaded update with Dreamweaver, and bam I was in. Haven’t checked my other wordpress blog yet
Thanks,
René
Jan 3rd, 2008 at 3:55 pm
Ron Says
I just installed Bad Behavior and was going through the log file. How do I know if the plug-in mistakenly blocked a legitimate site? For example, I found http://help.yahoo.co.jp/help/jp/search/indexing/indexing-27.html referenced. Was this a valid indexing bot? I’ve also noticed references to my rss feed. Since I’m trying to get my site off the ground, I would hate to think I’ve blocked needed readers and indexers.
Thanks,
Ron
Jan 13th, 2008 at 12:51 am