Message Board

http:BL Use/Development

Older Posts ]   [ Newer Posts ]
 SPIP plugin
Author: M.Porte   (2 Oct 07 6:43am)
Hello everyone,

I have finished the first stable release of the SPIP (www.spip.net) plugin that allows easy installation of a honeypot (modulos the download from PHPot to their FTP which is sometime disorientating for beginners ;) and can use http:BL to filter the visitors.

The idea is simple, once the plugin is configured with a manually installed honeypot, the user can easily put automatic links in their website, the concept is similar to the MT plugin: there is a template for the links to the honeypot which generates links with random phrases hidden to normal visitors and pointing to the site honeypot.

The user also have an option to configure filtering based on http:BL with his own access key. The plugin makes a query and cache http:BL ratings for the visitors IP. The user can configure different filtering strategies according to the threat level and type. The options are:
- hide the email address (replace all string in the page looking like an email with another string...)
- hide the forums (this will just block the POST of the SPIP forum/contact forms, sending filtered posters to a 403)
- redirect to the honeypot (this does a redirect by header to the installed honeypot)
- send a 403 header and a page explaining why it has been forbidden with a link to PHPot page for that IP.

I am running it right now with most threats redirected to the honeypot and the number of catch from my honeypot has sharply risen since I installed it yesterday... obviously, this will only help catching already known threats...

I haven't written a full documentation page yet, the plugin is availlable here:

in French and English.
http://files.spip.org/spip-zone/honeypot_192.zip

I will now work on setting up a stat page for the site, to get some local stats on what filters have been applied.

Pierre
 
 Re: SPIP plugin
Author: M.Porte   (11 Oct 07 7:00pm)
The new version of the plugin now offers caching of the IPs for a week (configurable) as well as statistics gathering about the type of filtered threats.

You can see a french documentation here:
http://www.spip-contrib.net/Filtrage-des-visites-avec-P-H-Pot
(English translation should come soon, but you can anyway use the plugin without the documentation, it's localised in English and straightforward to configure).

Here is a screenshot of the stats:
http://www.spip-contrib.net/local/cache-vignettes/L600xH1342/httpbl_stats-2-f764f.png



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email