Barraccuedda comes bundled with caching modules and backup/migrate module, I think havin an internally preconfigured anti-spam contrib module would be awesome.

I would like to suggest the module at which is the bad behavior module.

There may be other modules available, but this module is especiall y interesting because it:

Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however.

The problem: Spammers run automated scripts which read everything on your web site, harvest email addresses, and if you have a blog, forum or wiki, will post spam directly to your site. They also put false referrers in your server log trying to get their links posted through
your stats page.

As the operator of a Web site, this can cause you several problems. First, the spammers are wasting your bandwidth, which you may well be paying for. Second, they are posting comments to any form they can find, filling your web site with unwanted (and unpaid!) ads for their products. Last but not least, they harvest any email addresses they can find and sell those to other spammers, who fill your inbox with more unwanted ads.

Bad Behavior intends to target any malicious software directed at a Web site, whether it be a spambot, ill-designed search engine bot, or system crackers. It blocks such access and then logs their attempts.

And its free. But it requires boost/reverse proxy and load balancer cnofiguration and would not be a simple drop in module to be used with barracudda bya novice like me. If Barracudda was preconfigured to be compatible with this I think it would be a great addition.


omega8cc’s picture

Title: Add native support in boost/firewall/etc for Bad Behavior module or another anti-spam module as a contrib bundled module » Add support for Bad Behavior module
Project: Barracuda » Octopus
Component: Other Services » Miscellaneous
Priority: Major » Normal
Status: Active » Postponed (maintainer needs more info)

Have you tried that module? Does it really require any changes on the BOA system side? What are the issues you have experienced?

AntiNSA’s picture

I want to try it, but it requires configuring boost/reverse proxy:


1. Boost:
   When using this module with Boost module enabled, you must have
   a whitelist.ini file in the BB script directory. A blank one can be
   created using the following from the command line:
   touch /[path/to/site]/sites/all/libraries/bad-behavior/whitelist.ini
   If this file doesn't exist while using Boost module, Boost will write
   file-not-found errors in the server logs.

2. Reverse Proxies & Load Balancers:
   Bad Behavior script library, as of version 2.1.9, supports reverse
   proxies and load balancers via a set of configurable options. Once
   this support is enabled, BB2 will try to determine the actual IP
   address of the client by examining certain HTTP headers, instead of
   using the local host IP. This is usually the 'X-Forwarded-For' header,
   which is added to the incoming headers by the proxy sitting in front
   of your web server.

   If you enable Drupal's built-in 'reverse_proxy' option as described
   in your site's settings.php file, the Drupal Bad Behavior module will
   enable BB2's reverse proxy support by default. You can override this
   default behavior by visiting the Bad Behavior module's settings page,
   and unchecking the 'Enable reverse proxy support' option.

   WHAT YOU ARE DOING or you may end up blocking your site visitors.

Which makes me nervous. I do have a spam problem , but I dont want to risk any traffic flow or damaging my current boa setup which is running very smooth. I have no idea about the reverse proxy and boost configuration, along with the BOA csf firewall configuaration, so I would rather err on the side of caution and ask for it to be included as a contrib module.

omega8cc’s picture

Status: Postponed (maintainer needs more info) » Closed (works as designed)

1. Boost - this is something you are responsible for, it doesn't need to be done on the BOA level, also because BOA can't determine if Boost is enabled.

2. Reverse Proxies & Load Balancers - BOA already does that out of the box, so Drupal receives always correct visitor IP.

So far I don't see here anything to be done on the BOA side/level.

omega8cc’s picture

Plus, BOA already comes with many lines of defense to fight spambots.

If you could test the module and share experience, we could then re-consider adding it by default.

omega8cc’s picture

Issue summary: View changes