Bad Behavior Workaround – Dealing with Windows Live

May 9, 2009 · 5 comments

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

I have been working with Windows 7 recently and since it does not ship with Windows Messenger, I had to install Windows Live Messenger on it.  In doing so, I noticed a lot of new features in that product, including integration with a number of Web 2.0 items.  One of those features is to add web activities so that your contacts and others can see recent changes in these other applications. I host this blog on my own server and use twitter quite a bit. So, I was anxious to add these activites to my Windows Live Messenger profile.  However, I ran across a problem when trying to add this blog.  The Windows Live website kept giving me the error

“We can’t get your information for this web activity. Make sure your account is public and try again.”

I tried communicating with the Microsoft Live team via an article on their blog, but got no response.  While that was a bit annoying, I decided to do some additional research.  I checked my Apache server logs and saw that in fact the Windows Live servers were trying to access my site, but were getting a 403 error (Forbidden).  In thinking more about my site, I concluded that the only reason this could be happening was because I have a plugin installed called Bad Behavior.  I checked the records and sure enough, there it was: live-messenger-blacklisted

I was surprised that a number of the IP addresses from Microsoft Live were being blocked, so I contacted Micheal Hampton, the author of Bad Behavior with the details from the Apache logs, Bad Behavior logs and my reasoning why they should not be blacklisted.  To my surprise, the response I got was unsupportive and blamed Microsoft for delivering a corrupted user-agent string.  I have checked that string against other strings and parsers and I for one, cannot find anything corrupt about it.  Not to metion the fact that this same URL was able to connect and interact with my blog just a few weeks ago.  Something must have changed.

I have asked Michael to again review the situation and provide details that clearly identify the corrupt aspect of the agent-string.  Besides, the software is not saying that there is a problem with the agent-string — it is saying that the agent-string was found on a blacklist.  I asked that the details include the blacklist identifying the agent-string. My only guess, based on reading the code, is that Bad Behavior does not like the agent string starting with the text: “User-Agent: “, but if that was the case, I don’t know why Michael did not say so directly.

Since Bad Behavior is in such wide use within the WordPress community, I also wonder why Michael does not take a direct interest in working with Microsoft to minimize the support requests that he and Microsoft must be getting. It is in their best interests and he pulls much more weight in this disucssion than any arbitrary end user. Overall I am disappointed in both. In the meantime, I have worked around the problem and if you use WordPress along with Microsoft Live, you may need to do the same thing.

In Bad Behavior, there is a file in the directory <blog>/wp-content/plugin/bad-behavior/bad-behavior/whitelist.inc.php which allows users to whitelist those items they feel are being blocked incorrectly (false-positives).  To allow Windows Live to access your blog, you will need to udpate that file.  Here is my copy which works with Live Messenger.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
<?php if (!defined('BB2_CORE')) die('I said no cheating!');
 
function bb2_whitelist($package)
{
        // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
 
        // Inappropriate whitelisting WILL expose you to spam, or cause Bad
        // Behavior to stop functioning entirely!  DO NOT WHITELIST unless you
        // are 100% CERTAIN that you should.
 
        // IP address ranges use the CIDR format.
 
        // Includes four examples of whitelisting by IP address and netblock.
        $bb2_whitelist_ip_ranges = array(
                "64.191.203.34",        // Digg whitelisted as of 2.0.12
                "208.67.217.130",       // Digg whitelisted as of 2.0.12
                "10.0.0.0/8",
                "172.16.0.0/12",
                "192.168.0.0/16",
                "65.54.233.0/24",       // Microsoft Live
//              "127.0.0.1",
        );
 
        // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
 
        // Inappropriate whitelisting WILL expose you to spam, or cause Bad
        // Behavior to stop functioning entirely!  DO NOT WHITELIST unless you
        // are 100% CERTAIN that you should.
 
        // You should not whitelist search engines by user agent. Use the IP
        // netblock for the search engine instead. See http://whois.arin.net/
        // to locate the netblocks for an IP.
 
        // User agents are matched by exact match only.
 
        // Includes one example of whitelisting by user agent.
        // All are commented out.
        $bb2_whitelist_user_agents = array(
        //      "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) It's me, let me in",
        );
 
        // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
 
        // Do not edit below this line
 
        if (!empty($bb2_whitelist_ip_ranges)) {
                foreach ($bb2_whitelist_ip_ranges as $range) {
                        if (match_cidr($package['ip'], $range)) return true;
                }
        }
        if (!empty($bb2_whitelist_user_agents)) {
                foreach ($bb2_whitelist_user_agents as $user_agent) {
                        if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
                }
        }
        return false;
}
 
?>

My modification to the original file is line #20 which adds the network addresses that I have observed in my logs and testing. Hopefully, this will get you up and running too.

I am hopeful that Bad Behavior and/or Microsoft will cooperate in eliminating the need for this whitelist approach and deal with the situation.

Article by Steve Van Domelen

Steve has written 47 awesome articles.

2 Pingbacks/Trackbacks

Previous post:

Next post: