Neil Turner's Blog

Blogging about technology and randomness since 2002

Bad Behavior, redux

Many moons ago (well, just under 6 years ago actually), I used a script called Bad Behavior to prevent malicious bots from visiting your site. These are bots which scrape web sites looking for email addresses to send spam to, submit comment or trackback spam, look for vulnerabilities in scripts installed on your site (like old versions of WordPress) or clog up your referrer logs with spam.

I stopped using it some time ago, but after seeing how many HTTP 404 errors I was getting due to referrer spammers I decided to install it again. It’s available as a WordPress plugin, so it’s therefore much easier to install than on Movable Type, and it integrates with the WordPress Dashboard so that you can adjust its settings and view its logs.

The scripts have also been improved considerably since 2006 and now includes integration with Project Honey Pot‘s http:BL blacklist service, to block IP addresses that are known to host bots.

In the past 24 hours, it has logged almost 1000 suspicious visits by bots; however, it has only actually blocked around 29% of those visits. Sometimes it’s because the hit isn’t suspicious enough and could feasibly be a legitimate visit by a human, or because the information from Project Honey Pot is out of date. While this may make it seem over-cautious, this still means that just shy of 300 hits by bots have been blocked in 24 hours.

Furthermore, it’s reduced the amount of comment spam received down to 0 in the same period. This doesn’t mean that I’ll be uninstalling Akismet anytime soon, as it’s still possible that people will visit the site and manually type in spam comments. But it does save me time as I won’t have to skim-read each new spam comment to check for false-positives.

Comments are closed.