Version 1.x of this plugin works differently than the 0.2x versions. Any user of the 0.2x versions should completely uninstall the 0.2x version, especially including the removal of the line added to config.php. If the old version is not properly removed, you will have PHP errors that cause your pages to not load. The 0.2x versions will no longer be supported, so please plan your upgrade soon. For help, please use the support forum thread for this plugin. See link below.

This plugin adapts the Bad Behavior 2.0.30 spam fighting script to NucleusCMS. The Bad Behavior script is written by MichaelHampton, MarkJaquith, FirasDurri, and AndySkelton. Bad Behavior is a set of PHP scripts which prevents spambots and other malicious accesses to your PHP-based Web site. It prevents comment spam, trackback spam, guestbook spam, wiki spam, referrer spam, and some types of malicious Web site hacking. It works before your page is fully loaded and can conserve site resources.

As of version 0.26, including the 1.x versions, of this plugin (version 2.0.21+ of the badbehavior scripts), Bad Behavior incorporates data on harvesters and comment spammers compiled by Project Honey Pot and published through its http:BL service. In order to enable this feature, you must obtain an http:BL access key and provide this key to Bad Behavior in its settings as described below. While the http:BL settings can be fine-tuned to block or allow requests based on the threat level and age of a harvester or comment spammer record, the default settings have been extensively tested and found to block virtually all spammers known to http:BL while allowing all legitimate users, even those that http:BL may have classified as suspicious. This feature obsoletes any other http:BL plugins you may have, and they can be removed.

1. Unzip the file and upload the contents to your plugin directory
2. Install the plugin...
3. Edit Options to ensure plugin is enabled.

1. Edit your Nucleus config.php file and remove the line that looks like this:

 include($DIR_PLUGINS.'badbehavior/bad-behavior-nucleuscms.php');

1. From the admin area, uninstall the NP_BadBehavior v.0.2x plugin.
2. Install the 1.x version as described above.

First obtain the key from the Honey Pot Project.

Now, in the Nucleus admin area, visit the BadBehavior admin page from the Plugins Management page. Click the Admin tab, and then add your key in the appropriate field.

Once you’ve installed the plugin, it will be working every time someone tries to access your site. It checks for blacklisted ip addressed and user-agents, as well as malformed http headers.

Stats are kept for one week and can be viewed (rather rudimentarily) in the admin area for the plugin.

If you need to disable the plugin, use the plugin options page to turn it off.

• <%BadBehavior%> outputs the number of spam/malicious agents blocked in past 7 days. (Thanks, admun).

For example, you might put this in your footer:

<a href="http://www.bad-behavior.ioerror.us" title="Bad Behavior">Bad Behavior</a> has blocked <%BadBehavior%> malicious accesses in the past 7 days.

• Who can view the plugin stats?
• Does stat page appear in Quick Menu?
• Enable Bad Behavior?
• Delete NP_BadBehavior data tables on uninstall?

• If special user-agents or IP addresses must be given access to the site, you can whitelist IP addresses and user-agents by editting the file nucleus/plugins/badbehavior/bad-behavior/whitelist.inc.php. Only edit this if you feel confident about it.
• As of 1.02, you can selectively disable NP_BadBehavior by setting the global variable, $np_bb_off = 1, in any php program. This could be useful if you are using an include to show Nucleus content in a non-Nucleus page.

• badbehvior (pre-v 2.0.11) scripts give false positives on a blacklist due to that blacklist being dead. See this explanation: http://www.bad-behavior.ioerror.us/2007/12/06/bad-behavior-2011/. Fixed in NP_BadBehavior 0.23

• Version 1.10 - 16 Oct 2009 - Requires complete uninstall of pre-1.x versions as described in Upgrading section above. Simply updates the badbehavior scripts to 2.0.30.
• Version 1.02 - 21 Jan 2009 - Requires complete uninstall of pre-1.x versions as described in Upgrading section above. Add $global variable, $np_bb_off, to permit the shutting down of NP_Badbehavior from outside scripts, i.e. from nucleus/index.php to not use it in admin area, or from an external php program that includes nucleus pages.
• Version 1.01 - 30 Dec 2008 - Requires complete uninstall of pre-1.x versions as described in Upgrading section above. Adds links to ip address whois in the logs, to see from where blocks are coming. Also, fix small error in how viewing permissions were handled for the admin page.
• Version 1.00 - 20 Nov 2008 - Requires complete uninstall of previous versions as described in Upgrading section above. Redo how plugin is called to simplify plugin installation and use. Update badbehavior scripts to 2.0.25. Improve administration of script options. Fix access rights option. Add option to disable the script from admin page.
• Version 0.26 - 25 Sep 2008 - update badbehavior script to 2.0.24. Some improvements and bug fixes.
• Version 0.25 - 21 Jul 2008 - update badbehavior script to 2.0.20. Some improvements and bug fixes.
• Version 0.24 - 30 Jan 2008 - update badbehavior script to 2.0.13. Some improvements for users of digg and trackback/ping services.
• Version 0.23 - 06 Dec 2007 - update badbehavior script to 2.0.11. Critical Update.
• Version 0.22 - 10 May 2007 - fix bugs in log search. Add skin variable (Thanks, admun!).
• Version 0.21 - 04 Apr 2007 - fix empty query warning on initial load of Logs page.
• Version 0.2 - 04 Apr 2007 - adds some log viewing to plugin admin page.
• [Version 0.1b, beta release of plugin ]

NP_BadBehavior version 1.00 works with Nucleus CMS 3.33 - 2008-11-20 ftruscot