Bad Behavior Behaving Badly
by Scott AllenTonight, I was locked out of the WordPress blogs I manage, along with most other site-owners who have the Bad Behavior plugin installed. I was greeted with a standard Bad Behavior message informing me that my IP address was blacklisted. It included a link with the usual fix-it-yourself key, and a link to my email address. On the linked fix-it-yourself page, there really was nothing you could do to fix the problem, and I was further informed that my IP address was tied to criminal activity, or possibly that there were viruses on my computer. (Wow, good to know. As soon as I finish this post, I’ll be sure to take a sledgehammer to my computer to stop all the criminal activity it’s engaged in.) It’s a little disturbing to see this on your own blog(s), when you are the author, and you know for a fact that your IP is neither blacklisted or associated with criminal behavior. Until today, I really liked this plugin, but this demonstrated a serious flaw in the software, and it will be disabled pending further review.
This was no minor glitch, and something like this could have serious consequences for websites and businesses. If left unattended in this state for a long time, a site could lose valuable search engine rankings, after the spiders of the Big 3 (Google, Yahoo, and MSN) find that they are locked out repeatedly with 403 errors. It’s most likely that these losses would be temporary, but there’s no guarantee, and by that point the damage is done.
A colleague and friend of mine pointed out that there was a recent blog post on the Bad Behavior site with an update for the plugin and this brief explanation:
All users should update to Bad Behavior 2.0.11 immediately to prevent being blocked from your own site.
Within the past two days users have found themselves blocked from their own sites while using recent versions of Bad Behavior. A third party blacklist which Bad Behavior queries recently began sending false positives for any IP address queried, causing everyone using Bad Behavior to be blocked. This issue is fixed in Bad Behavior 2.0.11.
Download Bad Behavior 2.0.11 now!
P.S. Yes, Bad Behavior is still in development. More news coming soon.
Update: Some people have asked for more details on what exactly happened. In brief, yesterday I moved all of my sites to a new dedicated server. In the process, I decommissioned an old blacklist I was running which I thought wasn’t being used, not realizing that Bad Behavior was still set to use it. Shortly afterward, I found myself locked out of my own blog, just as you all did. So therefore, this release.
Needless to say, this didn’t exactly alleviate my concerns, or inspire me to install the update (2.0.11), especially after reading about the author’s carelessness. To be fair, I do give credit to the author for responding relatively quickly and releasing an update, but it still is alarming. Who knows when the same thing will happen again, and take down everyone’s sites? In my opinion, the plugin itself has become a risk (ironically). I’ll be following further development progress, but for now, the plugin will be removed from all sites we have that use it, and I’d recommend others do the same, until it’s stability can be re-established.
Tags:
Bad Behavior | WebGeek
If you enjoyed this post, make sure you subscribe to the RSS feed!
Related Posts:
About This Entry
You’re currently reading “Bad Behavior Behaving Badly,” an entry on WebGeek
- Published:
- 12.06.07 / 12am
- Category:
- Blogging, Website Security
- Related Posts:
- Friday Favorites - 06/08/07
- Examining Logs and Sharing Knowledge Can Help Expose Security Flaws
- .Htaccess Reference
- WP-SpamFree: A Powerful Anti-Spam Plugin for WordPress!
- RSS Feeds:
- Subscribe to Blog
- Subscribe to Comments
- WordPress Plugins:
- WP-SpamFree: Blog Anti-Spam
- About Us:
- Hybrid6 Studios is a
web design and SEO firm
based in Los Angeles, CA.- Hybrid6 Studios is a
5 Comments
Jump to comment form | comments rss [?] | trackback uri [?]