The NeoSmart Files

Bad Behavior Patch for Opera Users

Bad Behavior is an excellent ‘profiling’ plug-in that deters most spam bots and attacks on web-based scripts, especially blogs, wikis, and forums. It uses a very detailed and sophisticated combination of checks and algorithms to create a ‘spammer’s profile’ and if a visitor to your site fits it, it’ll block them.

The algorithm is so good that there are almost no false positives, and together with a decent spam plug-in like Akismet or Spam Karma 2, you’re blog will be forever clean. But it has a problem with Opera. Most builds of Opera trigger a false alarm, leaving your blog reader-less, especially with the release of Opera 9, an excellent browser in all rights, but there is a solution.

  1. Download and extract Bad Behavior
  2. Open ./bad-behavior/common_tests.inc.php
  3. Comment out the code beginning from line 57 to line 60 (inclusive). It should look like this when you’re done:
    [sourcecode lang=’php’]/*
    if (array_key_exists(‘Te’, $package[‘headers_mixed’])) {
    if (!preg_match(‘/\bTE\b/’, $package[‘headers_mixed’][‘Connection’])) {
    return “582ec5e4”;
    }
    }
    */[/sourcecode]
  4. Save the file, upload the directory to your wp-content/plugins folder, activate, and enjoy!

The Technical Stuff

What we just did is disable “TE Request-Header” checks. TE request-headers are from RFC2616, section 14.39; and although we have no doubt that the authors of this wonderful algorithm had their reasons for including TE request-header checks, and that certain spam bots do indeed employ this particular header-request for TE, as far as we can tell the benefits gained by using such a check are minor.

You can view the entire RFC here. At any rate, it doesn’t matter. Bad Behavior is famous for its excellence and cross compatibility, and lack of false positives, so we feel it should stay that way – without the TE request-header checks. An ideal solution would be to implement this function as a subset of ‘Strict Mode’ which is specially designed to block more illicit traffic, but with the knowledge that it may block some legitimate users.