Neil Turner's Blog

Blogging about technology and randomness since 2002

Bad Behavior

A couple of days I added Bad Behavior to a few pages on this site. It’s a set of PHP scripts that can be used to block evil bots from your site, such as those which harvest email addresses or send trackback, comment and referral spam.

If you’re using WordPress, or a variety of other PHP-based content management tools, installing Bad Behaviour is very simple, and it can work to its full effect. Unfortunately it doesn’t have full support for Movable Type, so though you can get it working you can’t take full advantage of all of its features.

If you want to get it working in an MT installation, here’s how to do it:

Static Publishing

First of all, ensure that your files are being output as PHP documents – consult the MT manual or Google for instructions about this. Upload the Bad Behavior files somewhere, then, in each template, except those on the System and Modules tabs, add this code at the very top of each:

<?php require_once("/path/to/bad-behavior/bad-behavior-generic.php"); ?>

Replace ‘/path/to/bad-behavior/’ with the path to where you uploaded Bad Behavior. Once you’ve modified your templates, rebuild.

Dynamic Publishing

You’ll be pleased to know this is much easier. Upload Bad Behavior somewhere, and then paste the above code into the very top of the ‘Dynamic Site Bootstrapper’ template – you don’t need to do each template individually (unless you have a mix of statically and dynamically published files, in which case you will have to do it for all the statically published files).

So far, Bad Behavior has blocked 80 bot accesses – it returns a HTTP 412, or ‘Precondition Failed’ failed error to the client if it has blocked it. I certainly haven’t noticed as much referral spam lately.


  1. Bad behaviour

    I often read the blog of the erstwhile Neil Turner, and he’s recently posted an interesting article about anti-spam tool Bad Behaviour. I’ve installed it and it doesn’t seem to have broken anything so far but then I followed Neil’s…

  2. Hi Neil,
    Thanks for this post. I’ve installed it and managed to not break my installation thanks to your excellent instructions, however my trackback attempt back here got a, er, 412 Error response.
    Now, I don’t get that many trackbacks, well legitimate ones anyway, but I’d rather that they weren’t all blocked. Have you seen any others blocked at all?
    Looks like a good tool though πŸ™‚

  3. That’s funny, I got your trackback ping fine. In any case, Bad Behavior doesn’t block trackback pings on MT because the MT trackback script is Perl and not PHP.

  4. Weird. I got this message in my activity log:
    Ping ‘’ failed: Ping error: Got 412 response for
    I don’t understand all this code stuff. I’m hardware engineer πŸ˜‰

  5. Did you set up the logging facility of Bad Behavior or just the basic blocking features?

  6. Just the basic blocking features. I haven’t worked out how to get it to do more advanced stuff.
    That said, it’s still managing to block a lot already – my referer spam problem has all but disappeared.

  7. Ah okay, was hoping you’d worked out the advanced features so I didn’t have to try. πŸ˜‰
    For some reason, occasionally BB doesn’t like something Opera does and returns a 412 — but only some of the time.