Bad Behavior 1.0-rc3

Bad Behavior Bad Behaviour

See also the permanent page for Bad Behavior and the announcement for Bad Behavior 1.0.

Security Update: All Bad Behavior users should update to 1.0-rc3 immediately to prevent malicious attacks on your database.

I’ll skip the usual mumbo jumbo and skip right to the important parts:

Fixed in this release:

  • A security issue has been identified and fixed which prevents malicious attackers from attempting SQL injection attacks by sending specially crafted data in the HTTP headers. While no exploits are known at this time, all users are urged to update immediately.
  • A few more false positives have been fixed.
  • A few more spambots are now banned.
  • An email address now appears on the error page for people to contact if they are having trouble. You have the option of changing it to your own email address or leaving as the default, in which case email will come here. Keep in mind that email address will be visible to spammers!

Important: Some files in the plugin were renamed in Release Candidate 2. If you are upgrading from Release Candidate 1, you will need to remove the Bad Behavior files from your server, upload the new files, and re-enable the plugin in your WordPress admin panel. You do not need to do this if you are upgrading from Release Candidate 2.

Thank you again to everyone who has tried out Bad Behavior and provided valuable feedback. Both the praise and the trouble reports are greatly appreciated! Please feel free to contact me if you have either.

One thought on “Bad Behavior 1.0-rc3

  • May 2, 2005 at 3:19 am
    Permalink

    Well, I couldn’t really see the effect of bad behavior last month, since I merely have cumulative stats from awstats and no logs due to wp-cache. However, for what a day’s worth of awstats is worth, not a single bot that gets through. Thus, I’d say they work together quite well already, as long as you use the generic bad behavior _before_ wp-cache.

Comments are closed.