The honeymoon ends…badly
So, as it turns out, the rules Bad Behaviour uses aren’t very good. I noticed it began blacklisting an IP I was coming from at work. As it turns out, that IP was hitting my feed URL without an “Accept” HTTP header. That pissed off Bad Behaviour and so Bad Behaviour rejected the request and threw an entry in the bad request database table. Later, I sent a perfectly valid HTTP request to fetch my blog and it too was rejected. Not because I didn’t send an “Accept” header (because I did), but because “I know you and I don’t like you, dirty spammer.”
As it turns out, Bad Behaviour checks requests for the usual fingerprinting. If none of those flag the request as a spammer, it makes one more check. It looks to see if the IP making the request has ever had any infractions logged against it. In my case, an errant request for my feed got an entire IP address blacklisted.
Why is that bad? Well…for starters…a whole slew of people in the world make their requests from the same IP address. People who use proxy servers or who use a NAT-enabled network all share the same public IP address. That means one person can ruin everything for the rest of the users on that network. LAME.
So, I’m pretty sure Bad Behaviour’s days are over on my site. It was a fun experiment. It was nice to see what good software could accomplish. Now all I have to do is find that software.
