Bad Behavio[u]r

A few weeks ago, I installed Bad Behavior on this site. This prevents malicious access to the server, thereby preventing comment spam and other nasties. It works in a different way to Akismet in that it doesn’t allow the access in the first place, thereby preventing a long queue of spams from forming that need to be moderated (either manually or automatically).

I’ve noticed two things. Firstly, whilst Akismet is still active, it is now picking out less than half a dozen spams per week. This will disappoint Rodney who was looking forward to the next pie spam chart, I’m sure. At this rate, it will be a very long time before another 50,000 spams make it to grayblog.

Secondly, the number of access attempts blocked by Bad Behavior (hate that spelling) has declined dramatically and rapidly since I first installed it. During the first week, over 7000 malicious access attempts were made on this site – which shows where the gazillions of spams were coming from and must have been putting a bit of a strain on the server (and adding to my bandwidth bill). By the second week, that figure had halved. I’ve just checked the figure again and, in the last seven days, there have been just 416 malicious access attempts. This implies that by preventing access and returning an error code to the malicious server, I’m actually deterring them from even trying to access grayblog – clearly the spam servers learn where they get 404s and 200s so that they don’t waste resources (clever chaps, these spammers).

Conclusion: I recommend Bad Behavior whole heartedly. I think I may install it on my other (work) blog.

4 Replies to “Bad Behavio[u]r”

  1. Yep, I noticed a similar pattern when I installed Bad Behaviour – it dropped from 5000 attempts per week to 400 or so, but it’s now back up to 1838. I think it will probably fluctuate.

    The only thing that concerns me is the problem of false positives. Though, to be honest, it makes no difference whether the comment gets lost entirely in the ether, or whether it disappears into an impenetrable spam queue. Just today, someone tried to leave a comment on one of my posts but couldn’t. Kindly, they emailed me instead.

  2. I agree about the false positive issue – as you say, if you have umpteen thousand in an Akismet moderation queue, you’re unlikely to check them all. BB does seem to be more effective though, but there is the worry that it might be too effective.

  3. And here’s a fine example – earlier this afternoon, the IP assigned to me by my ISP (after 90 minutes of inactivity my router disconnects me, and when I reconnect I get a new IP address assigned dynamically) matched an entry in the blacklist. I was unable to do the following:

    1. Post a comment to this site
    2. Edit comments on my own site
    3. That kind of thing

    Fortunately, I was still able to disable the Bad Behaviour plugin on my own site temporarily until I had done what needed doing.

    I have initiated the removal of that IP address from the blacklist, but it is not an instantaneous process. In fact, it’s quite lengthy and cumbersome. Having experienced first hand the horror, I’m rethinking my decision to install Bad Behaviour.

  4. That is alarming. Have others experienced this?
    I guess that this sort of problem is inevitable when spammers are setting up zombies that might access the net through widely-used ISPs.

Leave a Reply

Your email address will not be published. Required fields are marked *