[error]

The Bad Behavior distribution directory is now in lower case, so you'll have to make the appropriate change to your wrapper script.

[error]

Hey, jsherk, whatever happened to adding database access into bad-behavior-phplist.php and distributing it as a downloadable file? If you've gotten it working, I can add it into the Bad Behavior core distribution and post installation instructions on the Bad Behavior web site.

Also, is there somewhere you can automatically pull out the administrator's email address from phplist so that people don't have to add it in manually?

[jsherk]

I unfortunately just have not had anytime to play with it yet. I haven't forgotten about it... it's on my to do list, just not enough hours in a day sometimes!!!

There probably is a way to pull the admin email out. I'll have to investigate that as well... I'll put on my to do list!!

[jsherk]

'kyleknapp' appears to have found the problem and a solution to his problem above with Bluehost. Thank you 'error' for your assistance!

Read it here: http://forums.phplist.com/viewtopic.php?p=52609

[MarkA.]

Hello error and Kyleknapp,

I can't thank both of you enough for posting this add on BB2, it seems to have completely eliminated the spam bot signups to my newsletters.

If this works, it will eliminate about 400 spam signups per day, 400 bounce emails per day and make my life so much less complicated.

I can't thank you enough for this add on. I followed your instructions on this post and it worked first time right away.

One thing that I have noticed, it seems to take about 20 - 21 seconds from the moment I press the submit button until I receive confirmation online that I have subscribed to the list. Before BB2 it took about 1-2 seconds. I thought it may have been because I had enabled debug, but when I set define('BB2_DEBUG',0); to zero it still takes about 20 seconds, is this normal for BB2 to add this time to the process?

If you want to see what I mean, browse to this page:
http://www.mississauga4sale.com/Power-S ... equest.htm

and enter an email and see how long it takes to receive a response. (as an aside, if BB2 works fine, I can finally remove the 7+1 equation, it's looks so unprofessional and really does nothing to stop the bot spammers)

Thank you again for everything,
Mark

[MarkA.]

...

(7)
COPY this file: lists/admin/Bad-Behaviour/bad-behaviour-generic.php
TO this file: lists/admin/Bad-Behaviour/bb2-phplist.php

(8) MODIFY this file: lists/admin/Bad-Behaviour/bb2-phplist.php

Find this line:

Code: Select all

return "badbots@ioerror.us";   // You need to change this.

Change the 'badbots@ioerror.us' email address to your email address, something like this:

Code: Select all

return "myemail@mysite.com";   // You need to change this.

Hello jsherk, the only part of your excellent instructions that was a little hard to follow was step 7 above. Just to clarify, Rather than "COPY this file" I RENAMED the file called bad-behaviour-generic.php that is located in the folder lists/admin/Bad-Behaviour/ to the name bb2-phplist.php in folder lists/admin/Bad-Behaviour/ and then I browsed to the line that contained

Code: Select all

return "badbots@ioerror.us";

and changed it to

Code: Select all

return "mark@mississauga4sale.com";

is this correct, should the instructions say RENAME rather than COPY or did I do something wrong here?

Thanks
Mark[/code]

[jsherk]

I said COPY specifically so that the original file is left behind, and a copy of it (with a different name) is moved to the other directory. That way you always have the original in case you mess something up.

I guess my instructions could read:

COPY the file first to the new location (with the new name) and then modify this copied file!

[MarkA.]

I said COPY specifically so that the original file is left behind, and a copy of it (with a different name) is moved to the other directory. That way you always have the original in case you mess something up.

I guess my instructions could read:

COPY the file first to the new location (with the new name) and then modify this copied file!

Hi jsherk,

Just wanted to be sure that I did not make an error, thanks for the clarification,
Mark

[Guest]

Hello,

I too am receiving the blank page following set-up.

I have narrowed it down to this bit:

Code: Select all

//MOD Bad Behaviour spam killer
if (USE_BB2) {
  if (BB2_DEBUG) {
    echo "bb2 enabled";
  }
  require_once dirname(__FILE__) .'/admin/Bad-Behavior/bb2-phplist.php';
} else {
  if (BB2_DEBUG) {
    echo "bb2 not active";
  }
}
//end MOD

is where the white screen happens. I modified all pages as per instructed and no errors, then I included this and error.

BTW, are we still supposed to be using the 2.0.16 version of BB? I was attempting to install 2.0.23.

Thank you[/code]

[MarkA.]

(3) UPLOAD
Upload the Bad-Behaviour folder and files into your admin directory of your phpList install.
Should end up looking something like this (http://www.yoursite.com/lists/admin/Bad-Behaviour)

Hello jsherk,

I am still experiencing about 30 second delays from the time that a user presses the submit button and the time that the user is taken to the confirmation page.

Another verification question: Am I supposed to have put all the files into a folder called:

mississauga4sale.com\lists\admin\Bad-Behavior\bad-behavior\

with a total of 8 files in the folder
mississauga4sale.com\lists\admin\Bad-Behavior\

with some of them called:

bad-behavior-lifetype.php
bad-behavior-mediawiki.php and the other 6 files to be put into the folder mississauga4sale.com\lists\admin\Bad-Behavior\

and the other 24 files such as
admin.inc.php
banned.inc.php
blackhole.inc.php etc. to be put into the folder

mississauga4sale.com\lists\admin\Bad-Behavior\bad-behavior\

OR should I only have one folder named
mississauga4sale.com\lists\admin\Bad-Behavior\ and into this folder goes the 24 files and the other 8 files are to be put into the folder called
mississauga4sale.com\lists\admin\

It seems that I have two folder named
Bad-Behavior one that is a sub folder of the other and the one has capital letters at the beginning of the name Bad-Behavior and the sub folder is bad-behavior which does not have initial capitals.


Please confirm.

Thank you,
Mark

P.S. I had shut off BB2 for about 10 minutes to do some testing and during that time I received 6 spam subscriptions, this program add-on really works!

[scream]

Hey guys, just before I get started on this, I just use the mods in the first post right? And also the current version of bad behavior is 2.0.24 Will that work ok with the same mods?
Thanks
Andrew

[envision]

I was told by Tincan to post regarding
this issue that I am having. I need some sort of spam help!! I have
been able to install Bad Behavior but it messes with my index.php
code. After placing the Bad Behavior code into the
index.php, the problem is, the uid confirmation email link produces a
blank page. Can someone help with this? Please? I am using 2.10.9
PHPlist, the latest version. I haven’t pre-modified the index.php code. I
have isolated it to when the BB is placed into the PHPlist. I am stuck!!!

If someone could help that would be awesome!

[Dragonrider]

With Thanks to JSHerk for his hard work in working out how to install Bad Behavior into an old version of phpList, I've applied the Bad Behaviour Mod to the current (2.10.10) version of phpList as follows.

First of all, download the latest version of Bad Behaviour, currently 2.0.28 from here Unzip the file and upload the contents from bad-behavior downwards into your lists/admin folder on your webspace.

(so you'll have lists/admin/bad-behavior/bad-behavior etc)

As JSH says,

** BEFORE YOU MODIFY ANY FILES, MAKE A COPY OF THE ORIGINAL AND CALL IT SOMETHING LIKE myfile.php.ORIG **
** If you have any problems simply deleted the modified file, and rename myfile.php.ORIG to myfile.php **

Now, load lists/config/config.php into your favourite text editor, and as the notify spam section no longer seems to exist in 2.10.10 find the following:

Code: Select all

/*
=========================================================================

Security related settings

=========================================================================

*/

Now, add the following immediately BEFORE that code.

Code: Select all

/*
=========================================================================
Bad Behaviour related Settings
=========================================================================
*/
# use Bad Behaviour 2 spam killer
# Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it.
# It can block contact form spam, comment spam and (most importantly) newsletter subscription form spam.
# More info here: http://www.bad-behavior.ioerror.us/
# Set this to 0 if you do not want to use this feature
define('USE_BB2',1);

# show debug messages for Bad Behaviour 2 spam killer
# If USE_BB2 is set to 0 then this is not used.
# Set this to 1 if you want to see the debug messages while setting up bb2. Normally this would be set to 0.
# Possible debug messages you will see:
#  bb2 not active = USE_BB2 is set to 0
#  bb2 enabled = USE_BB2 is set to 1
#  insert_head function not defined = If you are viewing a subscribe page and see this message, then
#                                     check the path to bb2-phplist.php and/or make sure the file exists.
#                                     It is normal to see this message when you go to the phpList admin pages. 
#  insert_head function exists = This means that the function is defined and that it should be working correctly.
#                                Go to View Source Code in your browser window, and you should see
#                                the bb2 javascrpt functions that were added to the source code.
define('BB2_DEBUG',0);

# send an email whenever spam is killed by Bad Behaviour 2
# If USE_BB2 is set to 0 then this is not used.
# This is an alternative to logging. If database logging is not available or not setup, then there is no
# way to know if bb2 is actually doing anything (unless you notice a significant drop in spam received).
# Set this to 1 and it will send you an email everytime bb2 kills some spam.
# This is good for testing bb2 to see how effective it is, but if you get a lot of spam you may want to 
# turn this off. Set this to 0 if you do not want to receive an email everytime bb2 kills some spam.
define('BB2_SEND_EMAIL',1);
/*


Now modify lists/index.php
Find these lines: (from approx line 35)

Code: Select all

# load default english and language
require_once dirname(__FILE__)."/texts/english.inc";
include_once dirname(__FILE__)."/texts/".$GLOBALS["language_module"];
# Allow customisation per installation
if (is_file($_SERVER['DOCUMENT_ROOT'].'/'.$GLOBALS["language_module"])) {
  include_once $_SERVER['DOCUMENT_ROOT'].'/'.$GLOBALS["language_module"];
}

require_once dirname(__FILE__)."/admin/defaultconfig.inc";
require_once dirname(__FILE__).'/admin/connect.php';
include_once dirname(__FILE__)."/admin/languages.php";
include_once dirname(__FILE__)."/admin/lib.php";
$I18N= new phplist_I18N();


Insert these lines immediate after the above lines:

Code: Select all

//MOD Bad Behaviour spam killer
if (USE_BB2) {
  if (BB2_DEBUG) {
    echo "bb2 enabled";
  }
  require_once dirname(__FILE__) .'/admin/bad-behavior/bb2-phplist.php';
} else {
  if (BB2_DEBUG) {
    echo "bb2 not active";
  }
}
//end MOD


now save the file.

MODIFY this file: lists/admin/pagetop.php
Find these lines: (approx line 20 on)

Code: Select all

<meta name="Author" content="Michiel Dethmers - http://www.phplist.com" />
<meta name="Copyright" content="Michiel Dethmers, Tincan Ltd - http://tincan.co.uk" />
<meta name="Powered-By" content="phplist version <?php echo VERSION?>" />
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $strCharSet?>" />


Now add the following after the above lines:

Code: Select all

<!-- MOD Bad Behaviour spam killer -->
<?php
if (function_exists('bb2_insert_head')) {
  if (BB2_DEBUG) {
    echo ' - insert_head function exists ';
  }
  bb2_insert_head();
} else {
  if (BB2_DEBUG) { 
    echo ' - insert_head function not defined ';
  }
}
?>
<!-- end MOD -->


Again, save the amended file.

Now copy the file lists/admin/bad-behavior/bad-behavior-generic.php and rename to lists/admin/bad-behavior/bb2-phplist.php

Now, edit this copied file (Approx line 88)

Code: Select all

return "badbots@ioerror.us";   // You need to change this.


Change the badbots@ioerror.us to your own email.

OPTIONAL STEP - This is not required, but since database logging is currently
not working, this will cause bb2 to send you an email when it kills spam, so
that you know it's actually doing something! Although, you will also know that
it's doing something if you see a reduction in the amount of spam you recieve!

MODIFY this file: lists/admin/Bad-Behaviour/bad-behaviour/banned.inc.php

Find these two consecutive lines at the very end of the bb2_display_denial function:

Code: Select all

<?php
}


Insert the following lines IN BETWEEN the above two lines. Meaning, put the following code after the '<?php' but before the '}':

Code: Select all

//MOD Bad Behaviour spam killer- Sends you an email when Bad Behaviour kills some spam
if (BB2_SEND_EMAIL) {
  $mailmessage = "Bad Behaviour has blocked some spam from phpList.\n";
  $mailmessage .= " Support key: ".$support_key."\n";
  $mailmessage .= " Error ".$response['response']."\n";
  $mailmessage .= " for ".htmlspecialchars($_SERVER['REQUEST_URI'])."\n";
  $mailmessage .= " Explanation: ".$response['explanation']."\n";
  $mailmessage .= " Logged as: ".$response['log']."\n";
  $mailmessageto = bb2_email();
  mail($mailmessageto,'phpList- bb2 killed some spam',$mailmessage);
}
//end MOD


You can follow JSH's test routine to see if things work okay, just follow (10) in the first post in this topic.

To add the database usage in fränzchen's post, just follow his instructions, though in my 2.10.10 config.php file, this is done on approx line 74, not 72 as in 2.10.9.

I think that's all the fixes done as well, not had any spam on this text list as yet and it certainly did not slow a basic subscribe page down at all.

[jsherk]

After all that hard work by dragonrider I ended up playing around with the bad behavior plugin for WordPress and then discovered a MUCH simpler method to apply it to phpList (I really didn't know much about php when I first put the hack together), and I also got DB logging working.

So here are the EASY mod instructions!!! All previous mods are no longer necessary or relevant! This should work with any version of phpList and bad behavior, including v2.10.10 ( I tested this with Bad Behavior v2.0.28).

STEP #1 - Download/Unzip/Upload
Before I start here is a really cool trick... if you are already using Bad Behavior as plugin on your WordPress blog, then you do not need to download another copy for phpList... it can use the same files as the WordPress plugin is using, and even better that means when the plugin gets upgraded so does the version that phpList is using! Anyways, if you already have it installed as part WordPress then you can skip this downloading step.

Download latest version from here (zip file):
http://www.bad-behavior.ioerror.us/

Unzip the file, then upload the bad-behavior folder to your phpList admin directory (/lists/admin/). If you have a folder called something like 'bad-behavior.2.0.28' , don't upload that folder, but the 'bad-behavior' folder that is inside it.

STEP #2 - Modify pagetop.php file
This is the ONLY phpList file that needs to be modified.

Find the /lists/admin/pagetop.php file and make a copy of it, and call it something like pagetop.php.ORIG just in case there is a problem with the mod, then you can revert.

At the very top of the file, AFTER the <?php line but BEFORE the /* line, insert the following code. This code MUST be the VERY first thing in the file, before everything else (except the <?php) otherwise it will generate errors:

Code: Select all

//Bad Behavior
include_once('/home/path-to/admin/bad-behavior/bad-behavior-phplist.php');

Change the 'path-to' in include_once statement line to reflect the location of your bad-behavior folder.

Now further down in the same file, in the HEAD section, find this line:

Code: Select all

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $strCharSet?>" />

Right AFTER the above line, insert this code:

Code: Select all

<?php
//Bad Behavior
if (function_exists('bb2_insert_head')) {
  bb2_insert_head();
}
?>

STEP #3 - Create & modify bad-behavior-phplist.php file
Copy and paste the following code below into a new file called
bad-behavior-phplist.php

Code: Select all

<?php
/*
Bad Behavior - detects and blocks unwanted Web accesses
Copyright (C) 2005-2006 Michael Hampton

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

As a special exemption, you may link this program with any of the
programs listed below, regardless of the license terms of those
programs, and distribute the resulting program, without including the
source code for such programs: ExpressionEngine

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

Please report any problems to badbots AT ioerror DOT us
*/

###############################################################################
###############################################################################
/*

SAMPLE CODE - SCREENER:
-----------------------
<?php
//Bad Behavior - This include_once statement MUST be the very first item at the
//top of your page, or it will generate an WARNING and the following functions
//may not work: bb2_insert_head(), bb2_insert_stats(), bb2_db_viewer()
// NOTE: It MUST be the very first item on the page or you will get an error.
//       It needs to be BEFORE all tags (before <html>, <head>, <!DOCTYPE>, etc).
include_once('/home/path-to/bad-behavior/bad-behavior-generic-mysql.php');
?>

<?php
//Bad Behavior - This code should appear in the <HEAD> section of your page
// and will add the required JavaScript to your page.
if (function_exists('bb2_insert_head')) {
  bb2_insert_head();
}
?>


SAMPLE CODE - STATS:
--------------------
<?php
//Bad Behavior - This include_once statement MUST be the very first item at the
//top of your page, or it will generate an WARNING and the following functions
//may not work: bb2_insert_head(), bb2_insert_stats(), bb2_db_viewer()
// NOTE: It MUST be the very first item on the page or you will get an error.
//       It needs to be BEFORE all tags (before <html>, <head>, <!DOCTYPE>, etc).
include_once('/home/path-to/bad-behavior/bad-behavior-generic-mysql.php');
?>

<?php
//Bad Behavior - This code can appear anywhere in your page (usually in your
// footer) and will show how many blocks Bad Behavior has made (if you have
// display_stats=true in the config file). 
if (function_exists('bb2_insert_stats')) {
  bb2_insert_stats();
}
?>


SAMPLE CODE - SIMPLE DB VIEWER:
-------------------------------
See the file: bad-behavior-simple-db-viewer.php

*/
###############################################################################
###############################################################################

///////////////////////////////////////////////////////////////////////////////
//Settings for email and database access
//Change these as appropriate
define('BB2_EMERG_EMAIL','email@email.com'); //Change this
define('BB2_DB_TABLE', 'phplist_bad_behavior'); // Choose your table
define('BB2_DB_NAME', 'db-name'); // The name of the database
define('BB2_DB_USER', 'db-user'); // Your DB username
define('BB2_DB_PASSWORD', 'db-user-password'); // Your DB user password
define('BB2_DB_HOST', 'localhost'); //Probably can leave this as localhost
define('BB2_CWD', dirname(__FILE__)); //Do not change this

///////////////////////////////////////////////////////////////////////////////
// More settings you can adjust for Bad Behavior.
// Most of these are unused in non-database mode.
// More details below...
$bb2_settings_defaults = array(
   'log_table' => BB2_DB_TABLE,
   'display_stats' => true,
   'strict' => false,
   'verbose' => false,
   'logging' => true,
   'httpbl_key' => '',
   'httpbl_threat' => '25',
   'httpbl_maxage' => '30',
);
// Here is what the settings above mean...
//
// - log_table
//   Leave this as BB2_DB_TABLE (do NOT change it). Make your change up above
//   in the line that says: define('BB2_DB_TABLE', 'phplist_bad_behavior')
//   Change 'phplist_bad_behavior' to whatever table you want to use.
//   This table will be created automatically if it does not already exist.
//
// - display_stats
//   TRUE=Display stats on page that has the bb2_insert_stats() function on it.
//   FALSE=Do not display stats.
//   Default is TRUE
//
// - strict
//   TRUE=Strict checking (blocks more spam but may block some people)
//   FALSE=Recommended setting
//   
// - verbose
//   TRUE=This will log EVERY access attempt to webpage, including valid
//        permitted ones. Good for testing to see if logging is working,
//        but can cause your DB table to become huge fairly quickly.
//   FALSE=Log only denied access attempts or permitted ones that were
//         questionable. This is the recommended default setting.
//
// - logging
//   TRUE=Log info to database table.
//   FALSE=Do not log anything.
//
// - httpbl_key
//   To use Bad Behavior's http:BL features you must have an http:BL Access Key.
//   Sign up for a free account to get a key here:
//   http://www.projecthoneypot.org/httpbl_configure.php?rf=24694
//
// - httpbl_threat
//   Minimum Threat Level (25 is recommended)
//
// - httpbl_maxage
//   Maximum Age of Data (30 is recommended)


///////////////////////////////////////////////////////////////////////////////
//Open and connect to DB
$dblinkid = mysql_connect(BB2_DB_HOST, BB2_DB_USER, BB2_DB_PASSWORD); //Connect to DB
define('BB2_DB_LINK_ID', $dblinkid); //Setup the Resource Link ID so it's available in other functions.
if (!BB2_DB_LINK_ID) {
  die('Could not connect to DB: ' . mysql_error()); //Not pretty but at least you know there is a problem!
}

$dbselect = mysql_select_db(BB2_DB_NAME, BB2_DB_LINK_ID); //Choose connection Table in DB
if (!$dbselect) {
  die ('Can not use selected DB: ' . mysql_error()); //Not pretty but at least you know there is a problem!
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
///////////////////////////////////////////////////////////////////////////////
// Bad Behavior callback functions.
///////////////////////////////////////////////////////////////////////////////
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Return current time in the format preferred by your database.
function bb2_db_date() {
   return gmdate('Y-m-d H:i:s');   // Example is MySQL format
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Escape a string for database usage
// TO DO: Figure out what this should do and how to implement it
function bb2_db_escape($string) {
   return $string;   // No-op ... see TO DO
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Return affected rows from most recent query.
function bb2_db_affected_rows() {
  return mysql_affected_rows(BB2_DB_LINK_ID);
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Return the number of rows in a particular query.
function bb2_db_num_rows($link) {
  return mysql_num_rows($link);
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Run a query and return the results, if any.
// Will return FALSE if an error occurred.
// Bad Behavior will use the return value here in other callbacks.
// WRITE operations will return TRUE for successful and FALSE for nothing written
// READ operations will return an associative array of the result set, or FALSE if no rows were returned
//  It will return array[0] with first row, then array[1] with second row, etc.
function bb2_db_query($query) {
  $link = mysql_query($query, BB2_DB_LINK_ID);

  if (!$link) { //If it's 0/FALSE then there was some kind of error
    //die('There was a problem with $query: '.mysql_error()); //Uncomment this line for debugging
    return false; //Return false if there is an error
  }

  if ($link === TRUE) { //If it's exactly TRUE then it was a succesful WRITE operation
    $affected_rows = bb2_db_affected_rows(); //how many affected rows in a WRITE query?
    if ($affected_rows >= 1) {
      return true; //Something was succesfully written
    } else {
      return false; //Nothing was written
    } 
  } else { //If it's not 0/FALSE and it's not exactly TRUE then it was a READ operation
    $number_of_rows = bb2_db_num_rows($link); //number of rows read the READ query?
    if ($number_of_rows == '0') {
      return false; //No rows were found for query
    }
  }

  $result = bb2_db_rows($link); //Go get all the rows and put them an array

  return $result;
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Return all rows in a particular READ query.
// Will contain an array of all rows generated by calling mysql_fetch_assoc()
// and appending the result of each call to an array. It will return array[0]
// with first row, then array[1] with second row, etc.
function bb2_db_rows($linkid) {
  $i = 0;
  while ($row = mysql_fetch_assoc($linkid)) { //Get each row from query
    $result[$i] = $row;
    $i++;
  }
  if (empty($result)) {
    $result = $linkid; //If there were no rows, then just return the id
  }
 
  return $result;
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Return emergency contact email address.
function bb2_email() {
   return BB2_EMERG_EMAIL;
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Retrieve settings
// Currently they are hard coded in this file.
// TO DO: Retrieve from DB... need to implement bb2_write_settings() first.
function bb2_read_settings() {
   global $bb2_settings_defaults;
   return $bb2_settings_defaults;
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Write settings to database
// Currently not implemented. Settings are hard coded in this file.
// TO DO: Add another table to DB to store these settings in?
function bb2_write_settings($settings) {
   return false;
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Installation
// Will automatically create the table if it does not exist yet.
function bb2_install() {
  $settings = bb2_read_settings();
  if (!$settings['logging']) return;
   bb2_db_query(bb2_table_structure($settings['log_table']));
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Screener
// See example at top of this file
function bb2_insert_head() {
   global $bb2_javascript;
   echo $bb2_javascript;
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Display stats (optional)
// See example at top of this file
function bb2_insert_stats($force = false) {
   $settings = bb2_read_settings();
   if ($force || $settings['display_stats']) {
      $blocked = bb2_db_query("SELECT COUNT(*) FROM ".$settings['log_table']." WHERE `key` NOT LIKE '00000000'");
      $totals = bb2_db_query("SELECT COUNT(*) FROM ".$settings['log_table']);
    if ($blocked !== FALSE) {
         echo '<p><a href="http://www.bad-behavior.ioerror.us/">Bad Behavior</a> has blocked <strong>'.$blocked[0]['COUNT(*)'].'</strong> access attempts to date. ('.$totals[0]['COUNT(*)'].' db entries).</p>';
      }
  }
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Return the top-level relative path of wherever we are (for cookies)
// You should provide in $url the top-level URL for your site.
// TO DO: What is this actually used for? Seems to work fine if you leave it as '/'
function bb2_relative_path() {
  return '/';
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Calls inward to Bad Behavor itself.
require_once(BB2_CWD . "/bad-behavior/version.inc.php");
require_once(BB2_CWD . "/bad-behavior/core.inc.php");

bb2_install(); //Check if table exists and create it if it does not

bb2_start(bb2_read_settings());


//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//SIMPLE DB VIEWER
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//Simple display of what's in DB
//See bad-behavior-simple-db-viewer.php for sample of how to use it
// VALID OPTIONS FOR THIS FUNCTIONS ARE:
//  $what:  0=ALL entries  1=Permitted entries only  2=Denied entries only
//  $page_num:  Any integer 1 or greater.
//  $per_page:  Number of entries per page to display. Any integer 1 or greater.
//  $sort_by:  'date' or 'request_uri' or 'key'
//  $order_by: 'ASC' or 'DESC'
// RETURN VALUES:
//  Function will return an array($limit_start, $limit_end, $total_count, $page_num, $display)
//  $limit_start: This is the first record number that it is displaying
//  $limit_end:  This is the last record number that it is displaying
//  $total_count: This is the total number of entries in the database
//  $page_num: The actual page number that was displayed
//  $display: This contains the html for the <table> that will be displayed
function bb2_simple_db_viewer($what=0, $page_num=1, $per_page=25, $sort_by='date', $order='DESC') {
  if ($what !== 0 && $what !== 1 && $what !== 2) {
    $what = 0;
  }
  if ($page_num < 1) {
    $page_num = 1;
  }
  if ($per_page < 1) {
    $per_page = 1;
  }
  if ($sort_by !== 'date' && $sort_by !== 'request_uri' && $sort_by !== 'key') {
    $sort_by='date';
  }
  if ($order !== 'ASC' && $order !== 'DESC') {
    $order='DESC';
  }
 
  $where = '';
  if ($what == 1) {
    $where = "WHERE `key` = '00000000' ";
  } elseif ($what == 2) {
    $where = "WHERE `key` NOT LIKE '00000000' ";
  }

  $total_result = bb2_db_query("SELECT COUNT(*) FROM ".BB2_DB_TABLE." ".$where);
  $total_count = $total_result[0]['COUNT(*)'];

  $orderby = "ORDER BY `".$sort_by."` ".$order." ";
 
  $limit_start = ($page_num * $per_page) - $per_page;
  if ($limit_start > $total_count) {
    $limit_start = $total_count-1;
  }

  if ($per_page > $total_count) { //
    $per_page = $total_count;
  }
 
  $limit_end = $limit_start + $per_page;
 
  if ($limit_end > $total_count) {
    $limit_end = $total_count;
  }

  for ($i=$page_num; $i>1; $i--) { //Make sure the page number requested actually exists
    if ( ( ($page_num * $per_page) - $per_page) > $total_count) {
      $page_num--;
    }
  }

  $limit = "LIMIT ".$limit_start.", ".$per_page;

  $query = "SELECT * FROM `".BB2_DB_TABLE."` ".$where.$orderby.$limit;
  $result = bb2_db_query($query);
 
  //Display string of table to return
  $display .= '<br><span style="color: red;">Query... '.$query.'</span>';
  $display .= '<br><table border="1" style="color: #555555; font-size: small; background-color: white;">';
  $display .= '<tr style="color: black; font-weight: bold; text-decoration: underline; text-align: center; background-color: #888888;"><td>ID</td><td>IP</td><td>DATE</td><td>METHOD</td><td>URI</td><td>PROTOCOL</td><td>HEADERS</td><td>AGENT</td><td>ENTITY</td><td>KEY</td></tr>';
 
  $alternate_rows = 'even';
  if ($result) { //Make sure it found some rows
    foreach ($result as $array) {

      if (empty($array['request_entity'])) { //This field can be blank alot, so put a space in it.
        $array['request_entity'] = '&nbsp;';
      }

      if ($array['key'] == '00000000') { //Assumes that only 00000000 is permitted. Check with Michael
        $array['key'] = 'Permitted<br>'.$array['key'];
      } else {
        $array['key'] = 'DENIED<br>'.$array['key'];
      }

      if ($alternate_rows == 'even') { //Alternating colors for each row
        $alternate_rows = 'odd';
        $row_color = '#FFFFFF';
      } else {
        $alternate_rows = 'even';
        $row_color = '#DDDDDD';
      }
 
      $display .= '<tr style="background-color: '.$row_color.';"><td>'.$array['id'].'</td><td>'.$array['ip'].'</td><td>'.$array['date'].'</td><td>'.$array['request_method'].'</td><td>'.$array['request_uri'].'</td><td>'.$array['server_protocol'].'</td><td>'.$array['http_headers'].'</td><td>'.$array['user_agent'].'</td><td>'.$array['request_entity'].'</td><td>'.$array['key'].'</td></tr>';
    }
   
    $limit_start++; //Since record 0 is actually the 1st record, we will add one to make the first record=1
 
  } else { //No rows found
    $total_count = 0;
    $display .= '<tr style="background-color: '.$row_color.';"><td colspan="10">No records exist in that range</td>';
  }

  $display .= '</table>';
 
  //This returns all the info you need to display
  // RETURN VALUES:
  //  Function will return an array($limit_start, $limit_end, $total_count, $page_num, $display)
  //  $limit_start: This is the first record number that it is displaying
  //  $limit_end:  This is the last record number that it is displaying
  //  $total_count: This is the total number of entries in the database
  //  $page_num: The actual page number that was displayed
  //  $display: This contains the html for the <table> that will be displayed
  $return_array = array($limit_start, $limit_end, $total_count, $page_num, $display);

return $return_array;
}

?>

You will need to change a few settings and enter your database info like your email, db-name, db-username, and db-password. You can also change the name of table if you want. Whatever table name you choose will be automatically created and setup properly for you.

Save this file as bad-behavior-phplist.php into the bad-behavior folder (the same folder where you find the bad-behavior-generic.php).

STEP 4 - Test it
Go to one your phpList subscribe pages or to an admin page, then select View Source from your browser, and you should see a couple bb2 javascript functions after the META tags in the HEAD section of the page.

Now if you set 'verbose'=TRUE in the bad-behavior-phplist.php file, this will log ALL activity to your phplist pages, including all permitted valid activity. Visit a couple different pages again, then check the database and you should see a couple entries have been added. You probably want to set 'verbose'=FALSE when you are done testing, otherwise it will create a HUGE db table very quickly.

That's it! Much easier than all the previous steps!!!

BONUS - DB Viewer
Okay, as a bonus I created a simple database viewer so you can actually see whats in the table without having to use a tool like phpMyAdmin.

Copy and paste the following code below into a file called
bad-behavior-simple-db-viewer.php

Code: Select all

<?php
//Bad Behavior - This include_once statement MUST be the very first item at the
//top of your page, or it will generate an WARNING and the following functions
//may not work: bb2_insert_head(), bb2_insert_stats(), bb2_db_viewer()
include_once('/home/path-to/bad-behavior/bad-behavior-phplist.php');
?>


<HTML>

<HEAD>


<!-- SAMPLE SCREENER FUNCTION INCLUDE -->
<?php
//Bad Behavior - This code should appear in the <HEAD> section of your page
// and will add the required JavaScript to your page.
if (function_exists('bb2_insert_head')) {
  bb2_insert_head();
}
?>
<!-- END screener function include -->


</HEAD>

<BODY>


<!-- SAMPLE STATS DISPLAY -->
<?php
//Bad Behavior - This code can appear anywhere in your page (usually in your
// footer) and will show how many blocks Bad Behavior has made (if you have
// display_stats=true in the config file).
if (function_exists('bb2_insert_stats')) {
  bb2_insert_stats();
}
?>
<!-- END stats display -->


<!-- SAMPLE DB VIEWER -->
<FORM action="" method="post">
<span style="font-size: large; text-decoration: underline; font-weight: bold;">BAD BEHAVIOR - Simple Database Viewer</span>
<br>

<?php
if (function_exists('bb2_simple_db_viewer')) {
 
  $next =$_POST['next'];
  $prev = $_POST['prev'];
  $what = $_POST['what'];
  $page_num = $_POST['page_num'];
  $per_page = $_POST['per_page'];
  $sort_by = $_POST['sort_by'];
  $order_by = $_POST['order_by'];
  if (empty($what)) {
    $what = 0;
  }
  if (!isset($page_num)) {
    $page_num = 1;
  }
  if (!isset($per_page)) {
    $per_page = 5;
  }
  if (!isset($sort_by)) {
    $sort_by = 'date' ;
  }
  if (!isset($order_by)) {
    $order_by = 'DESC';
  }
 
  if (isset($next)) {
    $page_num = $page_num + 1;
  }
  if (isset($prev)) {
    $page_num = $page_num - 1;
    if ($page_num < 1) {
      $page_num = 1;
    }
  }
 
  if ($what == '0') {
    $select_view0 = 'selected="yes"';
    $what = 0;
  } elseif ($what == '1') {
    $select_view1 = 'selected="yes"';
    $what = 1;
  } elseif ($what == '2') {
    $select_view2 = 'selected="yes"';
    $what = 2;
  }
 
  if ($per_page == '5') {
    $select_pp5 = 'selected="yes"';
  } elseif ($per_page == '10') {
    $select_pp10 = 'selected="yes"';
  } elseif ($per_page == '15') {
    $select_pp15 = 'selected="yes"';
  } elseif ($per_page == '20') {
    $select_pp20 = 'selected="yes"';
  } elseif ($per_page == '25') {
    $select_pp25 = 'selected="yes"';
  } elseif ($per_page == '50') {
    $select_pp50 = 'selected="yes"';
  } elseif ($per_page == '100') {
    $select_pp100 = 'selected="yes"';
  }

  if ($sort_by == 'date') {
    $select_sort1 = 'selected="yes"';
  } elseif ($sort_by == 'request_uri') {
    $select_sort2 = 'selected="yes"';
  } elseif ($sort_by == 'key') {
    $select_sort3 = 'selected="yes"';
  }

  if ($order_by == 'ASC') {
    $select_order1 = 'selected="yes"';
  } elseif ($order_by == 'DESC') {
    $select_order2 = 'selected="yes"';
  }
 
  ///////////////////////////////////////////////////////////////////////////
  //bb2_simple_db_viewer()
  // VALID OPTIONS FOR THIS FUNCTIONS ARE:
  //  $what:  0=ALL entries  1=Permitted entries only  2=Denied entries only
  //  $page_num:  Any integer 1 or greater.
  //  $per_page:  Number of entries per page to display. Any integer 1 or greater.
  //  $sort_by:  'date' or 'request_uri' or 'key'
  //  $order_by: 'ASC' or 'DESC'
  // RETURN VALUES:
  //  Function will return an array($limit_start, $limit_end, $total_count, $page_num, $display)
  //  $limit_start: This is the first record number that it is displaying
  //  $limit_end:  This is the last record number that it is displaying
  //  $total_count: This is the total number of entries in the database
  //  $page_num: This is the actual page number being displayed
  //  $display: This contains the html for the <table> that will be displayed
  $result = bb2_simple_db_viewer($what, $page_num, $per_page, $sort_by, $order_by);
 
  $page_num = $result[3];

  $type = 'ALL records';
  if ($what == 1) {
  $type = 'PERMITTED records only';
  } elseif ($what == 2) {
    $type = 'DENIED records only';
  }

  echo '<input type="hidden" name="page_num" value="'.$page_num.'">';

  echo 'Displaying record(s)&nbsp;&nbsp;<b>'.$result[0].'</b> to <b>'.$result[1].'</b>&nbsp;&nbsp;of <b>'.$result[2].'</b> total ('.$type.').';
  echo '&nbsp;&nbsp;<input type="submit" name="prev" value="PREV">&nbsp;&nbsp;<input type="submit" name="next" value="NEXT">';
 
  echo '<br>VIEW:<select name="what"><option value="0" '.$select_view0.'>ALL entries<option value="1" '.$select_view1.'>PERMITTED entries<option value="2" '.$select_view2.'>DENIED entries</select>&nbsp;&nbsp;';
  echo 'SORT BY:<select name="sort_by"><option value="date" '.$select_sort1.'>Date<option value="request_uri" '.$select_sort2.'>Request Uri<option value="key" '.$select_sort3.'>Key</select>&nbsp;&nbsp;';
  echo 'ORDER BY:<select name="order_by"><option value="ASC" '.$select_order1.'>Ascending<option value="DESC" '.$select_order2.'>Descending</select>&nbsp;&nbsp;';
  echo 'PER PAGE:<select name="per_page"><option value="5" '.$select_pp5.'>5<option value="10" '.$select_pp10.'>10<option value="15" '.$select_pp15.'>15<option value="20" '.$select_pp20.'>20<option value="25" '.$select_pp25.'>25<option value="50" '.$select_pp50.'>50<option value="100" '.$select_pp100.'>100</select>&nbsp;<input type="submit" value="GO">';
 
  echo $result[4]; //display the <table>

  echo 'Displaying record(s)&nbsp;&nbsp;<b>'.$result[0].'</b> to <b>'.$result[1].'</b>&nbsp;&nbsp;of <b>'.$result[2].'</b> total ('.$type.').';
  echo '&nbsp;&nbsp;<input type="submit" name="prev" value="PREV">&nbsp;&nbsp;<input type="submit" name="next" value="NEXT">';

}
?>
<!-- END db viewer -->


</FORM>

</BODY>

</HTML>

Change the 'path-to' in include_once statement line to reflect the location of your bad-behavior folder.

You can this put this file pretty much anywhere you want on your site (probably a password protected directory), and then just access it from your browser and you are good to go.

[RonFred]

I read through the the many pages and the source code itself. I never did find a simple explaination of what BB2 does. How about adding somewhere a little paragraph about what the mod actually does and what the administrator commitement is to run the package on a regular basis. One list of exactly what platforms it runs on along with PHPlist would also be great.

So I'm guessing it is a database of IP addresses harvested from those that visit my PHPlist install. I suppose I can then manually decide which IP attached to which subscriber attempt was actually spam and which are not, and then if visitors I tagged as spammers use the same IP address to come to my site again, they can be blocked with a page 404 style message.

Is that it in a nutshell?