Pingback Problems with Bad Behavior v1.2.2

A new feature in Bad Behavior v1.2.2 blocks all requests that carry a blank user-agent string. This is actually a good thing, because blank user-agents appear to have become a popular technique among spammers to avoid basic user-agent blocks. Generally, if you found a legitimate request to have been blocked by the new blank user-agent filtering, you would add the IP of that request to your whitelist in order to allow it to pass by Bad Behavior next time. Unfortunately, this feature also cripples WordPress’ ability to send pingbacks.

WordPress seems to confirm its received pingbacks using a blank user-agent, and any attempt to send a pingback while using Bad Behavior v1.2.2 will fail, because the confirmation request from the pinged blog will be blocked by Bad Behavior for having a blank user-agent. There are currently two ways to prevent this. You could add the IPs for every WordPress blog that you know to your whitelist, or you could disable the blank user-agent block by removing lines 49-52 of bad-behavior-user-agent.php, as detailed in Changeset #3535. Since Michael and I believe that this is actually a WordPress problem, I have submitted Bug #1713, which requests that future versions of WordPress identify themselves with a simple “WordPress” user-agent, rather than a blank user-agent.

Update: Michael has added a patch to Bug #1713. This patch is for both WordPress v1.5.2 and v1.6 (alpha, aka “do not use”), and fixes the above-mentioned issue by assigning a simple “WordPress” user-agent to your WordPress blog. If you do not want to apply the patch, disabling Bad Behavior’s blank user-agent block, as mentioned above, is still a valid solution to this issue.

Update 2: Bug #1713 has been officially addressed and fixed by Changeset #2933. Thanks, Ryan!

5 responses

  1. I think there is also a problem between a Bad Behavior 1.2.2 protected side and a side which uses Spam Karma 2.
    When the BB-side sends a trackback to the SK-side, SK’s checks the side of the incomming trackback. I think SK doesn’t set the user agent and will be blocked by BB. So SK decides that the BB-side is a spammer cause it is not reachable.

  2. […] Laut hat WordPress eine schlechte Angewohnheit (bad behavior): Im Zusammenhang mit der verarbeitung von Pingbacks setzt WordPress keinen User-Agent. Dies mag der Spamblocker Bad Behavior in der Version 1.2.2 nicht und blockt fortan die IP (der Pingback geht dabei verloren). […]

  3. Yet another reason to disable the blank user-agent block. ::sigh:: Not too long ago, blog comments made unbearable by spam. Today, I fear that anti-spam filters are beginning to do just that as well.

  4. Seems to me, that there is a change in Bad Behavior 1.2.3 and higher which also fixes the problem.

  5. Yep, that it does. Currently, I am running v1.2.4 here, but thanks for adding that bit of news to this entry. I forgot all about it.