Running a public website of any kind means having to deal with various unwanted guests. This blog, for example, receives around 300 spam comment posts a day, and any number of attempts to break in.
With a little bit of research, a site administrator can reduce the effort of managing all of these intrusive visitors to a minimum. The trick is to choose the right tools to keep the site accessible for legitimate users without making it too easy for bad guys to get in or generating a lot of daily work to keep things going.
For this blog, Kelly’s World, I use two tools that work well with WordPress:
- Akismet , which comes with WordPress, and analyzes submitted comments for characteristics that suggest the comment is spam. This is basically the same idea as an email spam filter, and it works pretty well
- Bad Behavior , which is an optional plugin that can be used with WordPress and other blogs/site content management tools. Bad Behavior looks at characteristics of the site *visitor*: their browser, their IP address, characteristics of their HTTP traffic. If something looks fishy, Bad Behavior can prevent the visitor from getting at the site at all. Bad Behavior works pretty darn well too. Or it did…
Bad Behavior has been working great for a couple of years. On Thursday I attempted to access my blog from work, and got the “you’ve been blocked” message from Bad Behavior. I didn’t think much of it: although where I work is pretty clean from a security perspective, there are several hundred thousand users sharing a few thousand outbound IP addresses, so I could see a false blacklist entry getting added somewhere. But today my friend Chris emailed me saying he had been blocked as well, so I went into full investigation mode…
I don’t know whether I have the problem fixed. Apparently, however, there was a problem with Bad Behavior’s back end configuration, and a patch had to be released to correct it . I was using Bad Behavior 2.0.9: the patch is 2.0.11.
If you are trying to comment on my site (and aren’t some sort of Russian pornography spam bot), please email me at kadams at kgadams dot net. Replace the at with an “@” and the dot with a … dot. You know the drill. Let me know when you encountered the problem, and I’ll look into it.