Author: J.Yard2 (25 Nov 08 3:14pm)
The following PHP code will check the http:BL and deny access to clients listed in the database, and instead deliver your honey pot.
In addition the page requests are logged, and also counted when/if an associated <$PageName>.gif file is requested by the client.
An Overview:
Client requests /index.html, which is simply an include to /xPage0.php
xPage0.php sets the PageName and PageFile variables, includes /Site_Env.php, access_log.php, and calls http_BL_PreCheck function.
http_BL_PreCheck function queries the http:BL database, logs the result, and depending on the result delivers either the requested xPage or your honey pot page.
In addition, when the delivered page is loaded by the client, if the client requests the <$PageName>.gif image file then the counter for that page is incremented, and an entry added to the access log.
FILE: /index.html
<!--#include virtual="/xPage0.php" -->
FILE: /xPage0.php
<?php
$PageName = "x Page";
$PageFile = "/xPage.html";
require_once('./Site_Env.php');
require_once($RootPath . $AccessLoggerDir . 'access_log.php');
http_BL_PreCheck();
?>
FILE: /Site_Env.php
<?php
date_default_timezone_set("America/Los_Angeles");
$RootPath = $_SERVER["DOCUMENT_ROOT"];
$AccessLoggerDir = "/access_logger/";
$AccessLogsDir = "/access_logger/Access Logs/";
$CounterImagesDir = "/access_logger/counters/";
$MySQL = FALSE;
?>
FILE: /access_logger/access_log.php
<?php
require_once($_SERVER["DOCUMENT_ROOT"] . '/Site_Env.php');
require_once('httpBL.Class.php');
function http_BL_Lookup()
{
$http_BL = new http_bl('your key'); // Put your Project Honey Pot http:BL access key here
$IP_Address = $_SERVER['REMOTE_ADDR']; // Replace with the IP address to query
$return = $http_BL->query($IP_Address);
return array(
'Return_Code' => $http_BL->Return_Code,
'Result_Code' => $http_BL->Result_Code);
}
function http_BL_PreCheck()
{
global $PageName, $PageFile, $CounterImagesDir;
// Get DNS Registered Name of Remote Host
if (isset($_SERVER['REMOTE_HOST'])) $hostname = $_SERVER['REMOTE_HOST']; // If enabled use the PHP 'REMOTE_HOST' predefined variable
else $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); // Otherwise lookup host name
// http:BL Lookup
$http_BL_Lookup = http_BL_Lookup();
// Log the access
log_write($http_BL_Lookup['Result_Code'], $hostname, $_SERVER['REQUEST_URI']);
if ($http_BL_Lookup['Return_Code'] == 2) // Send to Honey Pot
{
$PageName = "Honey Pot";
$PageFile = "/Project_Honey_Pot/Project_Honey_Pot.html";
}
virtual($PageFile);
print '<font size="1"><img src="' . $CounterImagesDir . $PageName . '.gif" width="1" height="1" style="visibility: hidden"></font>';
/*
<!-- Counter -->
<!--#include virtual="/access_logger/count.php?PageName=Home Page" -->
/**/
}
function Counter()
{
global $RootPath, $AccessLogsDir;
// Get DNS Registered Name of Remote Host
if (isset($_SERVER['REMOTE_HOST'])) $hostname = $_SERVER['REMOTE_HOST']; // If enabled use the PHP 'REMOTE_HOST' predefined variable
else $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); // Otherwise lookup host name
$path_parts = pathinfo($_SERVER['REQUEST_URI']);
// $newline = "\r\n";
$newline = "\n";
/* echo $path_parts['dirname'], $newline;
echo $path_parts['basename'], $newline;
echo $path_parts['extension'], $newline;
echo $path_parts['filename'], $newline; // since PHP 5.2.0
/**/
// Since PHP 5.2.0
$CounterName = urldecode($path_parts['filename']);
// Pre PHP 5.2.0 workaround to get file name
// $FileName = urldecode($path_parts['basename']);
// $CounterName = substr($FileName, 0, strrpos($FileName, "."));
// $CounterName = $HTTP_GET_VARS["PageName2"];
// $CounterName = $_GET["PageName2"];
// http:BL Lookup
$http_BL_Lookup = http_BL_Lookup();
// Log the counter
log_write($http_BL_Lookup['Result_Code'], $hostname, $CounterName);
// Increment the counter
$filename = $RootPath . $AccessLogsDir . "count.log.txt";
$handle = fopen($filename, "r");
$contents = fread($handle, filesize($filename));
fclose($handle);
$lines = split($newline, $contents);
$contents = "";
foreach ($lines as &$line) {
if (!strpos($line, "\t")) continue;
list($value, $name, $since_date) = split("\t", $line);
if (strcmp($name, $CounterName) == 0) {
settype($value, "integer");
$value++;
$hits = $value;
}
if (strlen($name) > 0) {
$contents = $contents . $value . "\t" . $name . "\t" . $since_date . $newline;
}
}
$handle = fopen($filename, "w");
fwrite($handle, $contents);
fclose($handle);
}
function log_write($http_BL_Result_Code, $hostname, $Counter_Request_URI_Name)
{
global $MySQL, $RootPath, $AccessLogsDir;
// If no referrer then initialize to empty string.
if (!isset($_SERVER['HTTP_REFERER'])) $_SERVER['HTTP_REFERER'] = "";
// Create log entry string
$str2 = "'" . date("Y/m/d','H:i:s','T") . "','" . $http_BL_Result_Code . "','" . $hostname . "','" . $_SERVER['REMOTE_ADDR'] . "','" . $Counter_Request_URI_Name . "','" . $_SERVER['HTTP_REFERER'] . "','" . $_SERVER['HTTP_USER_AGENT'] . "'";
$str = date("Y-m-d\tH:i:s\tT") . "\t" . $http_BL_Result_Code . "\t" . $hostname . "\t" . $_SERVER['REMOTE_ADDR'] . "\t" . $Counter_Request_URI_Name . "\t" . $_SERVER['HTTP_REFERER'] . "\t" . $_SERVER['HTTP_USER_AGENT'] . "\r\n";
// Write to DB
if ($MySQL)
{
require_once('db_connect_wrapper.php');
global $connexion, $db_host, $db_username, $db_password, $db_name;
// session_start();
$db_name = 'stats'; // Web_Stats Database Connection
$db_host = 'localhost'; // database server
$db_username = 'db_user_name'; // database user
$db_password = 'db_password'; // database password
$ConnectResult = dbconnect();
$res = mysql_query("INSERT INTO Access_Log (Date, Time, Time_Zone, http_BL, Domain_Name, IP_Address, File_Name, Referer, User_Agent) Values($str2)");
//$res = mysql_query($query) or die("MySQL error");
}
// write to log file
//error_log($str, 3, "access.log.txt");
$date = getdate();
//$log_file = ($date[year] . "-0" . $date[mon] . " (" . $date[month] . ")" . ".access.log.txt");
//$log_file = date("Y-m", mktime()) . " (" . $date[month] . ")" . ".access.log.txt";
$log_file = date("Y") . ".access.log.txt";
if (!file_exists($RootPath . $AccessLogsDir . $log_file)) {
copy($RootPath . $AccessLogsDir . "Template.access.log.txt", $RootPath . $AccessLogsDir . $log_file);
chmod($RootPath . $AccessLogsDir . $log_file, 0666);
}
error_log($str, 3, $RootPath . $AccessLogsDir . $log_file);
}
?>
FILE: /Project_Honey_Pot/Project_Honey_Pot.html
<!-- header("Location: http://ProjectHoneyPot.org/") -->
<html>
<head>
<title>Project Honey Pot</title>
</head>
<body>
<hr>
<table border="0" width="100%" id="table1">
<tr>
<td rowspan="3" align="center" bgcolor="#FFFF00" width="100"><font size="6" color="#FF0000"><b>Access Denied</b></font></td>
<td align="left"><b><font color="#FF0000" size="4">Warning</font>:</b> According to
<a href="http://ProjectHoneyPot.org/"><b>Project Honey Pot</b></a> your IP address has been used by spammers to harvest
email addresses from web sites, engage in comment spamming, etc.</td>
</tr>
<tr>
<td align="left">Please visit the <a href="http://ProjectHoneyPot.org/"><b>Project Honey Pot</b></a> <a href="http://ProjectHoneyPot.org/ip_<!--#include virtual="Client_IP_Address.php" -->"><b>IP Address Inspector</b></a> to lookup up your IP address (<a href="http://ProjectHoneyPot.org/ip_<!--#include virtual="Client_IP_Address.php" -->"><b><!--#include virtual="Client_IP_Address.php" --></b></a>) for more information.</td>
</tr>
</table>
<hr>
<p>
<!--#include virtual="/honeypot.php" -->
</body></html>
FILE: /Project_Honey_Pot/Client_IP_Address.php
<?php
echo $_SERVER['REMOTE_ADDR'];
?>
FILE: /honeypot.php
(your honey pot)
FILE: /access_logger/counters/.htaccess
Action count-handler /access_logger/count.php
AddHandler count-handler .gif
FILE: /access_logger/counters/x Page.gif
(an empty file)
FILE: /access_logger/httpBL.Class.php
<?php
/*
Project Honey Pot Http BlackList
http://www.projecthoneypot.org/httpbl_configure.php
version 0.1
- 2008-01-18 version 0.1 by Francois Dechery, www.440net.net
- 2008-11-20 Some minor changes and additions by Anonymous.
This php class is distributed under the GNU Public License ("GPL") version 2.
http://www.gnu.org/licenses/gpl.txt
--------------
Usage Example:
$h=new http_bl('your_access_key'); // put your access key here
$ip='127.1.10.1'; // replace with the ip to query
$r=$h->query($ip);
echo $ip.": ";
if($r==2){
echo "Found a " . $h->type_txt ." (".$h->type_num .") with a score of ". $h->score . ", last seen since ". $h->days . " days";
}
elseif($r==1){
echo "Found a " . $this->engine_txt ." (".$h->engine_num .") Search engine";
}
else{
echo "Not Found";
}
*/
class http_bl{
var $access_key ="";
var $domain ="dnsbl.httpbl.org";
var $type_codes=array(
0 =>'Search Engine',
1 =>'Suspicious',
2 =>'Harvester',
3 =>'Suspicious & Harvester',
4 =>'Comment Spammer',
5 =>'Suspicious & Comment Spammer',
6 =>'Harvester & Comment Spammer',
7 =>'Suspicious & Harvester & Comment Spammer'
);
var $search_engine_codes=array(
0 =>'',
1 =>'',
2 =>'Ask Jeeves/Teoma',
3 =>'Baiduspider',
4 =>'',
5 =>'Google Bot',
6 =>'',
7 =>'',
8 =>'Live/MSN Bot',
9 =>'Yahoo! Slurp',
10 =>'Twiceler',
);
var $ip ='';
var $Result_Code ='';
var $Return_Code = 0;
// Spammer
var $days =0;
var $score =0;
var $type_num =0;
var $type_txt ='';
// Search Engine
var $reserved =0;
var $engine_num =0;
var $engine_txt ='';
// ***********************************************
function http_bl($key=''){
$key and $this->access_key=$key;
}
// return 1 (Search engine) or 2 (Generic) if host is found, else return 0
function query($ip){
if(!$ip){return FALSE;}
$this->ip=$ip;
list($a,$b,$c,$d)=explode('.',$ip);
$query=$this->access_key.".$d.$c.$b.$a.".$this->domain;
$host=gethostbyname($query);
// list($first,$days,$score,$type)=explode('.',$host);
list($first,$second,$third,$fourth)=explode('.',$host);
if($first==127){
$this->Result_Code = $host;
// Spammer
if($fourth>=1){
$this->days = $second;
$this->score = $third;
$this->type_num = $fourth;
$this->type_txt = $this->type_codes[$fourth];
return $this->Return_Code = 2;
}
// Search Engine
if($fourth==0){
$this->reserved = $second;
$this->engine_num = $third;
$this->type_num = $fourth;
$this->engine_txt = $this->search_engine_codes[$third];
return $this->Return_Code = 1;
}
}
// Not Found
else {
$this->Result_Code = "0.0.0.0";
return $this->Return_Code = 0;
}
}
}
?>
FILE: /access_logger/db_connect_wrapper.php
<?php
//---------------------------------------------
// Database connection and sql-wrapper
// Definitions in cnf_main.php
//---------------------------------------------
function dbconnect()
{
global $connexion, $db_host, $db_username, $db_password, $db_name;
$connexion = mysql_connect($db_host, $db_username, $db_password) or die("Could not establish database server connection. Check username and password");
$connexionbase = mysql_select_db( $db_name ) or die("Could not establish database connection. Check username and password");
return(($connexion && $connexionbase));
}
//---------------------------------------------
// Verbindungsaufbau
//$Connectresult = dbconnect();
//---------------------------------------------
// SQL - Wrapper
function sql($query, $operation)
{
global $debugmode;
if($debugmode == 1)
$result = mysql_query($query) or die("SQL-Error: ".mysql_error()."<br>Query: ".$query);
else
$result = mysql_query($query) or die("SQL-Error. Please contact the MailMaster");
switch($operation)
{
case "select":
$ret = array();
$lines = mysql_num_rows($result);
if( $lines == 0 )
return $ret;
else
{
$x = 0;
while($row = mysql_fetch_array($result, MYSQL_BOTH))
{
$ret[$x] = $row;
$x++;
}
return $ret;
}
case "insertwithID":
$InsertID = mysql_insert_id();
return $InsertID;
case "insert":
return $result;
case "update":
return $result;
case "delete":
return $result;
}
}
//---------------------------------------------
?>
FILE: /access_logger/count.php
<?php
require_once($_SERVER["DOCUMENT_ROOT"] . '/Site_Env.php');
// If being run as an SSI set page counter image on the page.
if (isset($_GET["PageName"])) {
print '<font size="1"><img src="' . $CounterImagesDir . $_GET["PageName"] . '.gif" width="1" height="1" style="visibility: hidden"></font>';
// echo $_GET["PageName"];
}
// If being run as handler (.htaccess) increment page count.
else {
// Log the counter
require_once($RootPath . $AccessLoggerDir . 'access_log.php');
Counter();
}
?>
--
-- Table structure for table `Access_Log` in db 'stats'
--
DROP TABLE IF EXISTS `Access_Log`;
CREATE TABLE `Access_Log` (
`ID` int(10) unsigned NOT NULL auto_increment,
`Date` date NOT NULL,
`Time` time NOT NULL,
`Time_Zone` varchar(3) NOT NULL,
`http_BL` varchar(15) NOT NULL,
`Domain_Name` varchar(128) NOT NULL,
`IP_Address` varchar(45) NOT NULL,
`File_Name` text,
`Referer` text,
`User_Agent` text,
PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;
--
-- Table structure for table `Counter_Names` in db 'stats'
--
DROP TABLE IF EXISTS `Counter_Names`;
CREATE TABLE `Counter_Names` (
`ID` int(10) unsigned NOT NULL auto_increment,
`Counter_Name` varchar(50) NOT NULL,
PRIMARY KEY (`ID`)
) ENGINE=MyISAM AUTO_INCREMENT=12 DEFAULT CHARSET=latin1;
Post Edited (1 Jan 09 3:14am)
|