Bad Behavior does two things:
-
It checks the HTTP request and sees if it is as per the standard or not. Usually spammers don’t write their scripts so well as to be fully compliant with the HTTP standard. Bad Behavior can make out poorly scripted HTTP requests from properly scripted ones (which would be sent by genuine visitors using well-designed Web browsers, etc.), and then blocks the improper HTTP requests.
-
It checks the IP address of the machine that sent the HTTP request against a database of known spammer IPs. If the IP address matches one in the database, Bad Behavior will block the request before it gets to the WordPress engine, thereby conserving your CPU and bandwidth. The spammer that sent the HTTP request will get nothing in the response. This is not done by default – to enable this functionality, you need to be a member of Project HoneyPot, as you rightly mentioned. When you sign up for this Project, you will get a “key” that you need to enter in the plugin settings page to enable this functionality.
Hope this helps.
Regards
Vijay Padiyar