Way back in the dark ages (well, 2007), Paul Burdick wrote an extension to use Bad Behavior spam blocking on an Expression Engine website. Since then, many things have happened—Expression Engine 2 was released, I got married and moved to Oregon—and many things have not—the apocalypse, an EE2 version of Bad Behavior. I decided it was high time to remedy that last item.
I have been using Low’s excellent NoSpam add-on for years and still recommend it highly. However, it has it’s limitations. The biggest issue for me is that it does not block spam submissions to SAEF forms. Additionally, it doesn’t do its filtering until after the form is submitted, meaning that all that spam traffic is putting additional load on your poor server.
Bad Behavior is an open-source script that has been around for a long time and is well-respected. It works differently than Akismet or other popular anti-spam scripts, in that it prevents spammers from accessing your website at all. The Bad Behavior script runs at the beginning of page load and checks a variety of data about the request to identify spammers. If it decides a particular request is suspicious, it immediately stops Expression Engine from processing the rest of the page and displays a simple error message. As a general rule, Bad Behavior attempts to never block legitimate users, even if that means the occasional spammer does get through. Therefore, you may want to run Low NoSpam or another comment-spam filter as a second line of defense.
Generally, you can just upload and activate the extension to be protected. There are settings you can tweak to fine-tune the way Bad Behavior works, but doing so is not necessary. Optionally, it will also check requests against Project Honey Pot’s http:BL, a blacklist of known spammers. To use that feature, you will need to sign up for an API key and enter it on the extension settings page.
The settings page also displays detailed logs for the past week (which is as long as Bad Behavior stores log data). This can be useful in resolving false-positives.
Installation
Download and unzip the extension. Upload the “vz_bad_behavior” folder to your /system/expression_engine/third_party/ folder. Finally, enable the extension in your control panel. You can change some settings if you want, but there is usually no need to.
Visit the VZ Bad Behavior repo on GitHub
P.S. If you appreciate the decrease in spam you see after installing this extension, don’t thank me. It only took me a couple hours to put this together. Thank Michael Hampton, the developer of the Bad Behavior library. Even better: make a donation to support its development.
Comments:
Ibn Saeed on June 8, 2011 at 1:49pm#1
Hello
I have one question, will this work with Safecracker ?
http://expressionengine.com/downloads/details/safecracker/
EliVZ on June 8, 2011 at 1:53pm#2
Bad Behavior works before Expression Engine starts generating the page, so spammers won’t be able to see your website at all. So it keeps them from spamming SafeCracker, FreeForm, EE contact forms, etc.
Michael Fraase on June 9, 2011 at 4:20pm#3
Installed the extension and enabled it. Appears to be working. Added the Project Honeypot API key and received the following errors:
A PHP Error was encountered
Severity: Notice
Message: Undefined index: log_table
Filename: vz_bad_behavior/ext.vz_bad_behavior.php
Line Number: 96
A Database Error Occurred
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘WHERE `key` NOT LIKE ‘00000000’’ at line 1
SELECT * FROM WHERE `key` NOT LIKE ‘00000000’
Filename: third_party/vz_bad_behavior/ext.vz_bad_behavior.php
Line Number: 96
EliVZ on June 9, 2011 at 8:48pm#4
Michael- Sorry about that. I just uploaded a new version to GitHub that should fix the bug. You might need to disable and re-enable the extension for it to take effect.
Mark Collins on August 18, 2011 at 3:04pm#5
Thank you kindly sir :)
Christian Engelhardt on December 13, 2011 at 7:08pm#6
Is it possible to exclude a post address? We are running an extension using a post address /index.php/?ACT=31 to post back variables. The posting app is hosted on a different IP and my variables get never posted with your extension. It does do a good job preventing spam…
EliVZ on December 13, 2011 at 7:25pm#7
Christian,
Do you have the “Allow off-site posting to forms” box checked in settings? By default, direct posting from other IPs is disabled, as that is how most comment spam is generated, but checking that box should enable it. Let me know if you already have that set and it still isn’t working.