MOD_SECURITY vs Bad Behavior

Bad Behavior and MOD_Security are both great tools to help block spammers, bots, scrapers, proxies, and application-level attacks – but which one should you use?

Bad Behavior:
+ Easy to install and configure, especially on WordPress. The Drupal Bad Behavior module is no longer supported so it will not work “out of the box” with the newest version of Bad Behavior, but you can make it work by following these instructions. (I have the fully-patched and working module that you can drag’n Drop into your modules directory – contact me if you would like a copy)
+ Many built-in rules that block a wide variety of spammers, bots, scrapers, proxies and other bad stuff.
No control over the rules and no visibility into what is blocked or why; Bad Behavior has an on/off “strict mode” setting – but it’s a mystery as to what it changes. Bad Behavior also allows you to whitelist IP’s, but gives you no other control of what is or is not blocked
Must be installed and separately administered on every site/domain/sub-domain.
May be slower due to the additional PHP overhead

+ Full, fine-grained control over blocking rules
+ Create your own rules, or get (free) fully-tested rules from GotRoot (and customize to your needs)
+ Fully integrates with CSF Firewall
+ Protects the entire server with the same ruleset
+ Very lightweight/fast – does not use PHP resources
Must have root-access to install
Can only run on a dedicated or VPS server
More difficult to install for non-Linux types

I started with BadBehavior, then used both Mod_Security and BadBehavior together for a number of years with a very light-set of ModSecurity rules, allowing Bad Behavior to block the rest. Recently I grew tired of maintaining Bad Behavior across all my sites and frustrated with the lack of control in Bad Behavior. I translated all of the Bad Behavior rules into Mod Security and now use it exclusively.

So which one is right for you? Only you can decide. Now you know the differences.

2 thoughts on “MOD_SECURITY vs Bad Behavior

  1. I just fell back on this post, wow I commented 3 years ago. I want to add that CSF offers great tools that compliment mod_security and offers more blacklists out of the box… with a little configuration first.

Leave a Reply

Your email address will not be published.