Way back in the dark ages (well, 2007), Paul Burdick wrote an extension to use Bad Behavior spam blocking on an Expression Engine website. Since then, many things have happened—Expression Engine 2 was released, I got married and moved to Oregon—and many things have not—the apocalypse, an EE2 version of Bad Behavior. I decided it was high time to remedy that last item.
I have been using Low’s excellent NoSpam add-on for years and still recommend it highly. However, it has it’s limitations. The biggest issue for me is that it does not block spam submissions to SAEF forms. Additionally, it doesn’t do its filtering until after the form is submitted, meaning that all that spam traffic is putting additional load on your poor server.
Bad Behavior is an open-source script that has been around for a long time and is well-respected. It works differently than Akismet or other popular anti-spam scripts, in that it prevents spammers from accessing your website at all. The Bad Behavior script runs at the beginning of page load and checks a variety of data about the request to identify spammers. If it decides a particular request is suspicious, it immediately stops Expression Engine from processing the rest of the page and displays a simple error message. As a general rule, Bad Behavior attempts to never block legitimate users, even if that means the occasional spammer does get through. Therefore, you may want to run Low NoSpam or another comment-spam filter as a second line of defense.
Generally, you can just upload and activate the extension to be protected. There are settings you can tweak to fine-tune the way Bad Behavior works, but doing so is not necessary. Optionally, it will also check requests against Project Honey Pot’s http:BL, a blacklist of known spammers. To use that feature, you will need to sign up for an API key and enter it on the extension settings page.
The settings page also displays detailed logs for the past week (which is as long as Bad Behavior stores log data). This can be useful in resolving false-positives.
Download and unzip the extension. Upload the “vz_bad_behavior” folder to your /system/expression_engine/third_party/ folder. Finally, enable the extension in your control panel. You can change some settings if you want, but there is usually no need to.
P.S. If you appreciate the decrease in spam you see after installing this extension, don’t thank me. It only took me a couple hours to put this together. Thank Michael Hampton, the developer of the Bad Behavior library. Even better: make a donation to support its development.