Message Board

http:BL Use/Development

Older Posts ]   [ Newer Posts ]
 Honey Pot & http:BL Simple PHP Script
Author: P.Hauser   (8 Aug 07 4:33pm)
Hi,

here is just another simply to modify php-solution for a blocker script via http:BL to include into a website. Check the blog at

http://planetozh.com/blog/my-projects/honey-pot-httpbl-simple-php-script/

Also read the comments there to include this code into perl/cgi.

You can download the highlighted code, cut and paste at

http://planetozh.com/blog/go.php?http://planetozh.com/download/httpbl.php

or download the raw text and save as .php:

http://planetozh.com/blog/go.php?http://planetozh.com/download/httpbl.txt

Should work and can be modified as well.

Post Edited (9 Aug 07 12:43am)
 
 Re: Honey Pot & http:BL Simple PHP Script
Author: S.Sblam   (10 Aug 07 8:15am)
You're setting 'notabot' cookie. Although unlikely, spammer could target you script and always send this cookie, thus bypassing protection completly.
It would be safe if you used PHP's session mechanism instead.

$type & 0 won't work (there are no bits in 0 to check for). In this special case you should use $type==0.

http:BL doesn't filter out dynamic IPs, so the result isn't 100% certain. Blocking comment spammers with any threat level might be too restrictive. You can remedy this a bit by taking into account age of listing. For example:

$threat = $threat * 5 / ($age+5))

This will halve threat level if listing is 5 days old, 1/3rd of threat for 10-day old, etc.

You can make blocking even more precise (with less false positives) if you block POST request from comment spammers and GET requests form harvesters, but not vice-versa.
 
 Re: Honey Pot & http:BL Simple PHP Script
Author: P.Hauser   (10 Aug 07 9:38am)
Spammer might care about cookies, bots don't. A PHP session mechanism will do better, I agree.

$type==0 will do, yes. Another good idea is to "age" the results.

... and last not least eventually block harvester HEAD requests and also knock out random user agents before a script does an IP- or IP-range check. Saves a lot of memory for the script. Yes, blocking single IPs is often not very efficient, especially if they're dynamic.

Actually at this time I take http:BL data returns only for informational purposes and let my script write them to a log and send me a mail. From that information I then decide on a daily basis, if an IP will be blocked or not and add it to my blocking list or not.

Generally I agree to all your objections and suggestions. The author of the script is Ozh at http://planetozh.com/. Why don't you just drop him a line about your ideas in his blog?

Might improve his script and the script "... can be modified as well."

Thanks for your ideas.

Post Edited (10 Aug 07 9:39am)



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email