Moodle

Add Bad Behaviour script to prevent link spam and spam robots from signing up and/or accessing Moodle

Details

  • Type: Sub-task Sub-task
  • Status: Open Open
  • Priority: Minor Minor
  • Resolution: Unresolved
  • Affects Version/s: 2.0
  • Fix Version/s: DEV backlog
  • Component/s: Authentication
  • Labels:
    None
  • Affected Branches:
    MOODLE_20_STABLE

Description

Here is a possible solution to preventing spam users... there is a script called Bad Behaviour which is a PHP-based solution for blocking link spam and the robots which deliver it.

It is highly effective in preventing these robots from ever even getting to your form... I am not aware of anybody that has implemented this in Moodle yet, but it is in use with programs like Wordpress and phpList, and for some people it is blocking hundreds and hundreds of spam robots a day... they never make it to the form, so they can't signup!!

Here's the link:
http://www.bad-behavior.ioerror.us/

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Jeff Sherk added a comment -

It's actually Bad Behavior, not Bad Behaviour (there is no 'u' in it)!

Show
Jeff Sherk added a comment - It's actually Bad Behavior, not Bad Behaviour (there is no 'u' in it)!
Hide
Permalink
Martin Dougiamas added a comment -

Thanks Jeff.

I had a quick look at the code.

I think these tests (for HTTP 1.0, plus some of black/white listing) would be great to bundle as one test that can optionally (new CFG option) be applied on the signup page to stop bots even seeing that form.

Show
Martin Dougiamas added a comment - Thanks Jeff. I had a quick look at the code. I think these tests (for HTTP 1.0, plus some of black/white listing) would be great to bundle as one test that can optionally (new CFG option) be applied on the signup page to stop bots even seeing that form.
Hide
Permalink
Amr Hourani added a comment -

will it worth to be modified? what if it blocks the real ppl? what about performance due to code conflict? i also checked the code, it contains static ip addresses hard coded for bots like google, msn and so. these ips will never be the same always, especially google, they have loads of ip addresses outside the US.

i think it will be easier, faster, and hassle free if there is a htaccess generater/modifier script, to add lines to the script to prevent spam bots where there is no referrer, on common pages like, signup.php , post.php and perhaps login/index.php

spam bots usually do post forms, hence, there will be no referrer like normal human behavior when they refer to the pre-post page, then they post forms.

example:

  1. block comment spam by denying access to no-referrer requests to signup page
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .signup\.php*
    RewriteCond %{HTTP_REFERER} !.mymoodlesite.com. [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule ^(.*)$ ^http://goodbye-spammers.com/$ [R=301,L]
Show
Amr Hourani added a comment - will it worth to be modified? what if it blocks the real ppl? what about performance due to code conflict? i also checked the code, it contains static ip addresses hard coded for bots like google, msn and so. these ips will never be the same always, especially google, they have loads of ip addresses outside the US. i think it will be easier, faster, and hassle free if there is a htaccess generater/modifier script, to add lines to the script to prevent spam bots where there is no referrer, on common pages like, signup.php , post.php and perhaps login/index.php spam bots usually do post forms, hence, there will be no referrer like normal human behavior when they refer to the pre-post page, then they post forms. example:
  1. block comment spam by denying access to no-referrer requests to signup page RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .signup\.php* RewriteCond %{HTTP_REFERER} !.mymoodlesite.com. [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule ^(.*)$ ^http://goodbye-spammers.com/$ [R=301,L]
Hide
Permalink
Jeff Sherk added a comment -

The author of Bad Behavior will usually respond if you try to contact him, and you could ask what the reason for hardcoded ip's are and make your other suggestion.

There is no perfect solution, but Bad Behavior is highly effective on my WordPress blog and phpList newsletter signup page... it is an alternative to captcha (which I hate)... I hope that Moodle does not have to go the captcha route!!

Show
Jeff Sherk added a comment - The author of Bad Behavior will usually respond if you try to contact him, and you could ask what the reason for hardcoded ip's are and make your other suggestion. There is no perfect solution, but Bad Behavior is highly effective on my WordPress blog and phpList newsletter signup page... it is an alternative to captcha (which I hate)... I hope that Moodle does not have to go the captcha route!!

People

Vote (0)
Watch (5)

Dates

  • Created:
    Updated:
Atlassian JIRA (v4.4.5#665-sha1:422aead) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.