The Bad Behavior Spam Blocker Part 1
Anyone with a blog has seen comment spam. This is the stuff that shows up talking about Viagra, written in Russia and are usually stuffed with links.
There are a couple tactics for combating this sort of thing; some sites require registration to comment, some people manually delete the stuff and some sites use technology to help.
What to do? What to do...?
Well, I don't think it's a good idea to add barriers in front of users participating in a discussion, so registration is out. I'm pretty lazy and don't want to manually delete comment spam so moderation isn't going to work. I am a programmer though so I have an innate confidence in technology to deal with this (mostly anyway). To that end I like to use 2 different services to deal with comment spam; Akismet, which I'm not going to talk about now, and Bad Behavior.
According to the official site:
Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site’s load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.
Thankfully, there are already Wordpress plugins for both Akismet and Bad Behavior, so my blog is pretty well protected, but I also work on custom programs and need to protect them too. This got me thinking about how to to get Bad Behavior up and running on your systems; which is why you're here I'm sure.
Like most things php, installing Bad Behavior is pretty easy. To install just download the files, unzip and place the files somewhere in your applications include path. Then just include the below preferably in a file included in all your pages after you upload the files. Using the below will only protect your site
1 2 3 4
<?php $path_to_bb = '/path/to/'; require_once("$path_to_bb/bad-behavior-generic.php"); ?>
The above is nice and all; your site's pretty well protected from there but it would be nice to know what was happening behind the scenes. Just how many spam attempts are being blocked?
Bad Behavior does include a logging system but, oddly, at the time of this writing using 2.0.26, they don't include any sort of install script. The instructions state:
If you just can’t live without logging, you will need to provide a database connection. Bad Behavior uses callbacks whenever it needs to run a database query; in order to provide this functionality, you will need to provide the appropriate hooks into your PHP-based software’s database and add them into the bad-behavior-generic.php file. The code has stub functions which show what is needed, and you can use the bad-behavior-wordpress.php file as an example to work from, though your implementation will necessarily be different.
I'll go into detail in the next post; I'm still sick so I can't write anymore.