DRUPAL: How To Use BadBehavior 2.1x with Drupal 6.x

If you are a regular reader of my blog you know that BadBehavior is one of my favorite Drupal modules.  Bad Behavior is a script that does a great job of blocking bots, hijacked PC’s and proxies which helps protect your site from spammers, scrapers and trolls.

Using BadBehavior on your Drupal 6.x installation is a bit confusing.  First, you install the Drupal Bad Behavior module, then you must download the Bad Behavior script from ioerror.us and drop those files into a sub-directory of your Drupal BadBehavior module files.  To make things even more confusing is the fact that the official Drupal Bad Behavior module seems to have been abandoned by the maintainer since April 2008 and the module only works with the BadBehavior 1.x script.  If you try to install the latest and greatest 2.x scripts from ioerror.us, you’ll get nothing more than a WSOD.   You can use the official Drupal Bad-Behavior module with the older BadBehavior 1.x script, but you’ll be missing out on one of the best features of the newer Bad Behavior 2.x, HTTP:BL IP blacklisting provided by projecthoneypot.org.  This new feature blocks known spammer’s IP’s from their live, continually updated database of dirty IP addresses that you probably don’t want hanging around your website.

Confused yet?  Don’t worry.  I’ll show you how you can use the latest and greatest Bad-Behavior 2.x scripts with Drupal and the best part is it’s even easier than installing the officially supported, older Bad Behavior module.

How To Use Bad Behavior 2.x with Drupal:

Drupal.org member Gregarios has created a fully-patched (yet not officially supported) version of the Drupal 6.x-1.0-rc2 Bad Behavior module that works with the newer version 2.1.2 of the Bad Behavior script.  All you need to do is download the patched module from Drupal.org, unzip it and drop it into your sites/modules directory.  If you are using the older Bad Behavior module and script, you can simply over-write your existing files – there are no changes to the database structure and you do not need to run UPDATE.PHP.  After dropping in the new files, you’re done, that’s it!  You are now using the new 2.1.x version of Bad Behavior!

To activate the new HTTP:BL feature of Bad Behavior, bop over to projecthoneypot.org and create your (free) http:BL access-key.  Once you have your 12-character access key, go to your Drupal Bad Behavior configuration page (Admin/settings/badbehavior) and paste it into Project Honey Pot Key field and save it.

Note on the Bad Behavior 2.1.x whitelist:

IF you were using the whitelist in the older version BadBehavior, you will have to update your current whitlelist from the (older) whitelist.inc.php to the (newer) whitelist.ini.

The newer whitelist.ini file uses the following format:
[ip]
; Digg whitelisted as of 2.0.12
ip[] = "64.191.203.34"
ip[] = "208.67.217.130"
ip[] = "198.66.255.84"
; websiteoptimization.com whitelisted
ip[] = "67.225.164.12"

So if you had an older entry in whitelist.inc.php like this:
"66.249.64.0/19", // Google Bots
You will have to add it to whitelist.ini like this:
; Google Bots
ip[] = "66.249.64.0/19"

Of course, before upgrading or replacing any files, be sure to back up all your current files and your Drupal database.

I hope this helps – if you have questions, post a comment!