Block Bad Requests to your Server with Bad Behavior

Spam

Bad Behavior is a WordPress plugin which effectively stops spam, by analyzing not just the content of the spam, but also the way it is delivered (for example, by blacklisting requests made directly to wp-comments-post.php). I installed it a couple of months in response to my spam comment numbers (which exceeded 10,000 per month), and it has been massively effective at killing spam.

Installing and configuring Bad Behavior

Once you install the plugin, you can pull up the settings page from the Settings menu. The overall settings are fairly simple and really, they can be left at default and work very effectively.

You have options to decide whether to display your statistics in the footer, how to log HTTP requests and what kind of requests to block. I have enabled strict checking, which is stricter, but may block some legitimate requests – I’m OK with that, given how much spam I have to deal with.

You can then activate the http:BL service as an extra measure, which checks each request against a centrally maintained blacklist (similar to how Akismet works). You’ll need an Access Key for this, but it’s free and signing up is easy. You can set two values for how strict you want http:BL to block requests, but I’ve left them at the default values and they seem to be working well for me.

If applicable, you also have options for EU Cookie Handling and Reverse Proxy/Load Balancers. However, these shouldn’t apply in most cases.

Bad Behavior in action

Once Bad Behavior is set up and deployed, malicious server requests will instantly get returned a 403 error. This will save you a lot of bandwidth and precious server resources. Furthermore, if a legitimate request in block inadvertently, the error page gives a unique key that enables you to refer to the individual access attempt, and also allows the user to see why their request was blocked and offers them recommendations on how to resolve it, such as by removing malware on their machine.

403 Error

The error log

Bad Behavior can keep a log of blocked access attempts if you so wish. It makes for quite interesting reading, to see where people are trying to get access to your site.

Bad Behavior Error Log

The results

From my original position of more than 10,000 spam comments per month, I am now down to less than 200, most of which Akismet catches. So between the two, I’ve got a great system which produces very few false positives and doesn’t leave much bloat in my database. I love it and I don’t think that Bad Behavior gets enough good press.

How about you? Have you ever heard of it? Have you given it a go? How did it work for you?

3 thoughts on “Block Bad Requests to your Server with Bad Behavior”

  1. Luis says:

    Heard of it, use it, and love it! I had just as much success with Bad Behavior, with an almost 80% reduction of spam in just a month, I would recommend this to anyone having spam problems

  2. Gregory says:

    I’m absolutely shocked that you have so many spam comments! This probably is a reflection of the size of your blog readership and of course popularity.
    Our readership is relatively small but even so we do have a number of spam comments which are tedious to determine and deal with. “Bad behaviour” is something we would get good use from. Thanks Dave.

  3. Matt Smith says:

    That’s actually really impressive. I’ve always been on the fence about putting something like this into place because I was afraid of lots of false positives… But to actually go from 10,000 spams to ~200 makes me really consider taking the plunge.

Leave a Reply