Author: M.Prince (21 May 07 1:13pm)
A few things.
First, you should not query the root DNS servers of Project Honey Pot, but instead should query your own local DNS. If there is something wrong with your local DNS then I'd suggest using something more reliable. For example, OpenDNS provides a great, free service that should work great in conjunction with http:BL.
Second, in order to figure out what's going on you need to provide more details. You list, for instance, 66.232.125.138. That IP currently is listed in the http:BL. However, it wasn't listed until 5/8/07 -- the date on which it was confirmed as a comment spammer. If the registration was before that date, the the listing would not be active. If the listing was after that date, then I would suspect either something is wrong with the code you're using, or something is wrong with your local DNS.
Finally, please remember that just because something has been seen by our network of traps does not mean that we're going to list it on http:BL. You suggest that 128.241.20.204 is TMCrawler. If the crawler has not exhibited harvesting, comment spamming, or other malicious behavior then we will not list it on http:BL. Imagine if we did otherwise. Suddenly the IPs of a number of our own members, who have visited their own honey pots to make sure they are working, would be listed. This would be a perverse outcome.
|