1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Add-on Bad Behavior bot protection

Discussion in 'Resource and Add-on Requests' started by Alfa1, Aug 27, 2013.

  1. Alfa1

    Alfa1 Well-Known Member

    One of the most important addons I have on my vbulletin big board is Bad Behavior. Its important because it does the following:
    1. Blocks spam bots
    2. Blocks downloaders and scrapers, which saves a ton of money
    3. Blocks vulnerability scanners, which saves headaches. :)
    4. Blocks users with malicious addons and virus infections
    5. It does all of this in the background (checks browser fingerprint and useragent) and does not bother legitimate users.
    The great thing is that it uses Project Honeypot and you are also able to blacklist or whitelist any bot.
    See: http://bad-behavior.ioerror.us/about/

    I would love to have this software integrated as an addon for xenforo.
     
  2. Daniel Hood

    Daniel Hood Well-Known Member

    There are a few spam protection solutions available. A couple of which use Honeypot, is there a reason why any of them won't work for you?
     
  3. Alfa1

    Alfa1 Well-Known Member

    No. That's a totally different approach. This completely blocks all blacklisted users from using your site. Not just from registration. It also uses different detection methods than the other Honeypot tools.
    I have been using this for years. It blocks about 1.6 million malicious attempts per month on my site. This saves a massive amount of bandwidth(a 40% decrease!), decreases attacks and as it complements other spam measures it also decreases spam.
     
  4. Daniel Hood

    Daniel Hood Well-Known Member

    Interesting. I'll look into it later.
     
    Alfa1 likes this.
  5. xf_phantom

    xf_phantom Well-Known Member

    http://bad-behavior.ioerror.us/support/porting-guide/


    Have you tried to include it yourself?
     
  6. Alfa1

    Alfa1 Well-Known Member

  7. Tracy Perry

    Tracy Perry Well-Known Member

    Another good one (although it does not directly integrate with xenForo - but you can find view the logs it creates through a panel or via ssh) is ZB Block. I used it for a while and integration into xenForo's index.php was VERY easy.
     
  8. Alfa1

    Alfa1 Well-Known Member

    I still want this.
     
  9. Alfa1

    Alfa1 Well-Known Member

    Let me know if you have time for this.
     
  10. Alfa1

    Alfa1 Well-Known Member

    I still want this.
     
  11. tenants

    tenants Well-Known Member

    I was asked to do this, but sorry, it's not something I would recommend including, so I wont add it to TAC.

    A recent update of FBHP stops bots that attempt to register, using a 0 query method (once a bot is known as attempting to register, they are sent a low byte usage, 0 query forbidden 401 message,
    see here : http://xenforo.com/community/thread...ion-page-honey-pots.37063/page-22#post-744223

    [​IMG]

    Bots that have been detected as bots (attempting to register and fill hidden fields, no js, very quick), will then see the 401 site wide, the IP will be cached for X Hours (defined by you the admin)

    It's fairly impossible to trigger this, unless you are a bot, so no humans will see this with FBHP (unless they happen to be sharing the same network IP address as a botter, in which case, use a low cache value). There is also the option to turn this off (for forums that are likely to be accessed by users on the same network as automated spammers... it happens!)

    However, I have seen BadBehaviour pick up too many false positives (I myself have been detected on one forum, and I was not on a shared network!).

    Since I avoid false positives like the plague, I wont include BadBehaviour in TAC (it's also fairly redundant with the FBHP implementation)
     
    Last edited: Apr 28, 2014
  12. Alfa1

    Alfa1 Well-Known Member

    Thanks for your explanation, but you seem to have a misconception about my request: it does not primarily relate to registrations. The solutions in your addon are great for blocking bots from registration. But it does not block bots from using a website or from submitting spam on already registered accounts. The purpose of bad behavior is much broader.

    I am requesting this addon because it has worked wonders for my vb big board in many ways, without many complaints. What Bad Behavior does is:
    • block scrapers from stealing content and bandwidth. This saves me a lot of costs each month.
    • block various automated hack & simple ddos attempts.
    • block spam bots from submitting automated spam through registered accounts.
    • block blacklisted spiders from indexing and scraping.
    • ban users by browser fingerprint.
    • block automated registrations
    • submit blacklisted users to project honeypot
    It does not primarily detect on IP basis, but a combination of user agent, browser fingerprint, IP, protocol, registered, headers, type of request.

    The webmaster can opt to block certain types of behavior, which means that if I want to block the use of alexa toolbar on my site, then I can block this. If you have that toolbar installed, then you will be blocked.
    So the fact that you got blocked from using a website can easily be a matter of the webmasters preference conflicting with your browser addons.
     

Share This Page