WordPress 2.5 & Bad Behavior 2.0.x

If you are a Bad Behavior user, upgrade to version 2.0.14, and you won’t have to worry about WordPress 2.5 compatibility problems. Also on another note, if you have a high-traffic site, Bad Behavior may not be right for you. It might have been my imagination, but I noticed a slight increase in site responsiveness when I disabled Bad Behavior here back when I first learned it had issues with WordPress 2.5. (Additionally, FYI, I noticed a ginormous increase in site responsiveness when I disabled the Text Link Ads plugin!)

Bad Behavior in the Blogosphere

Like probably most early adopters and testers of the beautiful ((Specifically the new admin interface!)) 2.5 version for WordPress, I’ve had a lot of fun checking out what’s new, what’s different, and all of that.

I was particularly excited to try out the new interface for uploading media, which I didn’t have to wait long to do, due to the convention of having a graphic to head each post.

So I chose a picture and attempted to upload.

Then it happened; I apparently had killed the Intarwebs, and WordPress started complaining about “403 Forbidden” errors which neither carried with them any explanation or even showed up in my server’s error logs.

Crap, now what? So I trekked off to the WordPress testers mailing list and sought the help of the experts, and I was promptly taught the ways of tracking down media manager debug information by Andy Skelton (thanks again!). ((If you want to enable debugging in the media manager, open the file /wp-admin/includes/media.php, and replace debug: false with debug: true. Revisit the media manager to see the debugging in action; revert the change to turn debugging off again.))

And I stared long and hard at that debug information. Something in that smattering of code and status information was the answer to my problem. I compared file requests, file names, and user-agents between the debug code and my server logs.

Then it occurred to me: the uploader is using the user-agent “Shockwave Flash”; could that be the problem?

I scanned the list of blocked user-agents active on my server — it wasn’t listed. Just to be safe, though, I removed the blocks and tried again. Still nothing.

Finally I decided to do what I should have done to begin with — deactivate all of my plugins and try again. So I did, and uploading worked! Hmm, a plugin was at fault the whole time, and it didn’t take much to narrow it down. Upon glancing at the list, I remembered that Bad Behavior ((A great plugin for stopping possibly malicious users from ever even reaching your site.)) had a user-agent blacklist.

So I opened up /wp-content/plugins/Bad-Behavior/bad-behavior/blacklist.inc.php and started scanning. Not too far down at all I came across this bit of code:

$bb2_spambots_0 = array(
[snip]
"PussyCat ",		// misc comment spam
"PycURL",		// misc comment spam
"Shockwave Flash",	// spam harvester
"TrackBack/",		// trackback spam
"user",			// suspicious harvester
[snip]
);

There it was! ((The actual line # within the file was 41.)) Removing the “Shockwave Flash” line allowed the new WordPress media manager to function properly.

Hopefully putting this out into the blogosphere will keep anyone else from re-sending to the Testers email or posting to a WordPress bug report about this issue. It’s an easy fix that anyone can do. :-)

13 thoughts on “WordPress 2.5 & Bad Behavior 2.0.x”

  1. Egads, you’re absolutely right! Ironically, I remember specifically thinking about the similarity in those file names and that I’d need to double check it.

    So much for thinking. :)

    Post updated to reflect proper file name. Thanks, Kirk!

  2. You know, it’s really cool seeing my blog linked to from the WordPress Codex! :-)

    Thanks for adding the link, Beth; Bad Behavior’s a great plugin, and I’m sure a lot of people are going to want to continue using it with WordPress 2.5!

  3. I found that I had to make one more change to get uploads to work on my system. It seems that Flash is also tripping condition a0105122 in common_tests.php, which checks for an Expect header in an HTTP/1.0 request. Removing “Shockwave Flash” from the blacklist and disabling this check together seems to be sufficient.

    This may be specific to the Linux version of Flash Player, since there are some other issues with the uploader that only hit me when using it on a Linux desktop. I haven’t tried re-enabling the test and uploading from a Windows or Mac system yet.

    Latest from Kelson: Flocking from Netscape

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>