Support

Bad Behavior is the integration of the third party Bad Behavior security library. It is supposed to protect your site by analyzing the request and figuring out if there's something suspicious about it. Following that link will tell you more about Bad Behavior and how it works.

Regarding the various sub-errors reported by Bad Behavior, there is an easy way to learn more about them. Go to your site's back-end, Components, Admin Tools, Web Application Firewall, Security Exceptions Log. Find the record of the security exception you are interested in (tip: you can select "Bad Behaviour" from the "Reason" drop-down to filter only Bad Behaviour security exceptions). There will be an info icon next to "Bad Behaviour". Click on it to visit a page in Bad Behavior's website which further explains the details of that security exception.

@french150 Stupid wannabe hacker (a.k.a. "script kiddies") will try URLs and hacking methods at random. This means that 99% of the times they target a URL of a component either not installed or even for an older Joomla! release, e.g. 1.0. I have also seen some incredible #fails on this site, like someone trying to attack an ASPX file (which, of course, couldn't even run as I'm using Apache on Linux). So, don't worry about the target URL if it it targets something not installed or activated on our site; it's probably some script kiddie who think he's being smart... not! ;)

@dsa787 You can always blacklist the IP range 123.125.71.1-123.125.71.254 for a more reliable effect. The Geo Blocking has a 99% accuracy (according to the supplier of the IP-to-Country database, MaxMind).

The exceptions occur when someone is suspected of trying to hack your site. Do note that because they trigger an exception doesn't mean that they DID try to hack your site. There's a false positive rate in the area of 10%, which means that roughly 1 out of 10 security exceptions is a poor innocent lad with a slightly peculiar query which triggered the security exception. It's like TSA agents singling out a guy because they think he might be a terrorist suspect. Most likely he's not, yet they do single him out.

Admin Tools draws its security exception decisions based on the settings you have configured in its Web Application Firewall feature (components, Admin Tools, Web Application Firewall, Configure WAF). By default, an insane level of protection is enabled. You can fine-tune it at will, following our documentation as a reference of what each WAF feature does. In fact, I urge you to allocate 1-2 hours to read the documentation and configure your site. It is the best web site security crash-course you can get - especially considering the low price - or so I'm told by other users :)

I hope that helps!

Instead of adding the IPs to the black-list manually, you can use the automatic IP blacklisting feature of Admin Tools' WAF. Just set it to block the IP for 60 minutes after 2 security exceptions occurring within 5 minutes. This will throw off the bots running off these IPs; after two hacking attempts they will be disallowed from accessing your site, forcing them to give up trying.

Yes, of course there is. Inside the Bad Behaviour configuration block -in the Configure WAF page- you'll see the option titled "White list IPs (comma separated list)". Just enter the IP in there and this service's IP won't be blocked by the Bad Behaviour integration :)

You're welcome! :)