BadBehavior

Summary: Protect PmWiki with Bad Behavior 2.2.x
Version: 2.2
Prerequisites:
Status:
Maintainer: RonG
Categories: Security, Spam
Users: (view? / edit)
Discussion: BadBehavior-Talk

Questions answered by this recipe

Does PmWiki support Bad Behavior?

All sections are optional, you can remove those that do not apply to your recipe, and add new ones.

Description

This recipe adds support for Bad Behavior 2.2.x to PmWiki 2.x. Bad Behavior is a system for blocking link spam, other malicious activity, and the robots which deliver it. You can visit the Bad Behavior web site at: http://bad-behavior.ioerror.us

Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site’s load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.

Instead of merely looking at the content of potential spam, Bad Behavior analyzes the delivery method as well as the software the spammer is using. In this way, Bad Behavior can stop spam attacks even when nobody has ever seen the particular spam before.

Installation

The MySQL database is not strictly required, but it will degrade Bad Behavior's performance if you don't use one. To omit the database, follow these instructions, but skip the database configuration and set $bb2logging to false when editing cookbook/bad-behavior-mysql.php

  1. You will need to create a database, user, and password in MySQL. This typically looks like:
          create database bb2_pmwiki;
          grant all on bb2_pmwiki.* to user@localhost identified by 'password'; 
  2. Download bad-behavior.2.2-pmwiki.zip
  3. Unzip the bad-behavior.2.2-pmwiki folder.
  4. Inside that folder, copy the folder bad-behavior to your PmWiki folder.
  5. Then copy the file cookbook/bad-behavior-mysql.php to your PmWiki's cookbook folder.
  6. In your PmWiki folder, edit cookbook/bad-behavior-mysql.php and set the correct values for: $bb2host, $bb2user, $bb2pass, $bb2name . These are your MySQL host, MySQL user, MySQL password, and the name of the database, respectively, as when you created the database (above).
  7. If you have an httpBL key, set it as: $bb2httpbl_key (get one from: http://www.projecthoneypot.org/httpbl.php )
  8. In your local/config.php file, add the following line: include_once('cookbook/bad-behavior-mysql.php');

PmWiki should now be protected by Bad Behavior.

Configuration

As of version 2.2, all configuration should be done by editing the values in local/bad-behavior.config.php . New installations should copy the file bad-behavior.config.php.sample to local/bad-behavior.config.php first. It is unlikely you'll ever need to change anything in there aside from database settings, with the possible exception of $bb2offsiteforms , which must be set to true if you're using a recipe that gives your PmWiki OpenID authorization capability. OpenID users will not be able to authenticate with $bb2offsiteforms set to false.

Usage

Once installed, it "just works." See important note about upgrading Bad Behavior below.

Upgrading Bad Behavior

You can and should upgrade your version of Bad Behavior 2.2.x to the latest available from http://bad-behavior.ioerror.us/download/ as they are released. To do this, download the latest 2.2.x version, and unzip it somewhere outside your PmWiki folder. Copy the file bad-behavior-pmwiki-mysql.php from your current bad-behavior folder into the new bad-behavior folder, and then replace your old bad-behavior folder with the new one. You should not copy the files from the new folder into the old folder as this method may leave old Bad Behavior files lying around with unintended consequences. You can put yourself on the mailing list at the Bad Behavior web site to be notified when there is a new version available.

Notes

  • Bad Behavior works best with a database, and this version only supports MySQL. I'm looking into SQLite, but discussions about it lead me to believe it unlikely that SQLite can handle the write activity required by the logging. I feel uncomfortable adding a database to PmWiki since one of the attractions of it is the lack of a database, but I doubt the logging is going to work without one.
  • If you want to use OpenID with PmWiki and Bad Behavior, you need to set $bb2offsiteforms to true in cookbook/bad-behavior-mysql.php

Changelog / Release Notes

 v 2.2 Feb 14, 2013 Bugfix for users with logging off, support for upgrade-proof config file
 v 2.1 May  9, 2012 Supports Bad Behavior 2.2.3+ whitelisting
 v 2.0 Mar  2, 2012 A few rough edges taken off and updated for Bad Behavior 2.2
 v 1.0 Feb 25, 2009 (unreleased) Initial version, supports Bad Behavior 2.1

See also

Contributors

All of the important code was written by other people. just hacked it together, but it has been working for me on public sites since early 2009, and I hope it will be useful to others.

Comments

See discussion at BadBehavior-Talk

Missing zip file

Note - I have just tried to work through this recipe installation and found that the zip file given above is missing.

I checked the Bad Behaviour web site and found that it has an entry for PmWiki, but the zip file is not present there either.

Des May 19, 2013, at 01:16 PM

User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.