Message Board

http:BL Use/Development

Older Posts ]   [ Newer Posts ]
 Honey Pot & http:BL Simple PHP Script
Author: P.Hauser   (8 Aug 07 4:33pm)
Hi,

here is just another simply to modify php-solution for a blocker script via http:BL to include into a website. Check the blog at

http://planetozh.com/blog/my-projects/honey-pot-httpbl-simple-php-script/

Also read the comments there to include this code into perl/cgi.

You can download the highlighted code, cut and paste at

http://planetozh.com/blog/go.php?http://planetozh.com/download/httpbl.php

or download the raw text and save as .php:

http://planetozh.com/blog/go.php?http://planetozh.com/download/httpbl.txt

Should work and can be modified as well.

Post Edited (9 Aug 07 12:43am)
 
 Re: Honey Pot & http:BL Simple PHP Script
Author: S.Sblam   (10 Aug 07 8:15am)
You're setting 'notabot' cookie. Although unlikely, spammer could target you script and always send this cookie, thus bypassing protection completly.
It would be safe if you used PHP's session mechanism instead.

$type & 0 won't work (there are no bits in 0 to check for). In this special case you should use $type==0.

http:BL doesn't filter out dynamic IPs, so the result isn't 100% certain. Blocking comment spammers with any threat level might be too restrictive. You can remedy this a bit by taking into account age of listing. For example:

$threat = $threat * 5 / ($age+5))

This will halve threat level if listing is 5 days old, 1/3rd of threat for 10-day old, etc.

You can make blocking even more precise (with less false positives) if you block POST request from comment spammers and GET requests form harvesters, but not vice-versa.
 
 Re: Honey Pot & http:BL Simple PHP Script
Author: P.Hauser   (10 Aug 07 9:38am)
Spammer might care about cookies, bots don't. A PHP session mechanism will do better, I agree.

$type==0 will do, yes. Another good idea is to "age" the results.

... and last not least eventually block harvester HEAD requests and also knock out random user agents before a script does an IP- or IP-range check. Saves a lot of memory for the script. Yes, blocking single IPs is often not very efficient, especially if they're dynamic.

Actually at this time I take http:BL data returns only for informational purposes and let my script write them to a log and send me a mail. From that information I then decide on a daily basis, if an IP will be blocked or not and add it to my blocking list or not.

Generally I agree to all your objections and suggestions. The author of the script is Ozh at http://planetozh.com/. Why don't you just drop him a line about your ideas in his blog?

Might improve his script and the script "... can be modified as well."

Thanks for your ideas.

Post Edited (10 Aug 07 9:39am)



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–25, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email