|
Author: J.Fortune (27 May 07 11:47pm)
Made a couple of changes to JWesley2's fine script:
1. Check first octet for a value of "127". According to the API, anything else is an error, so I decided to let it slide as a non-threat. For my own IP address, I was getting goofy results (but only on the production server).
2. Added a threat_level method for simplicity in the calling web pages. This makes it easy to insert CAPTCHA code if the threat level exceeds any value you want. See the last example. I didn't want to ban anyone (our site is largely marketing), so the bad guys get a CAPTCHA and the good guys don't (hopefully). I'd like to keep the site accessible to the disabled, if feasible.
<?php
/*
* Copyright 2007 Brian Engert (lart@engert.us)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
class httpbl {
var $key = "yourkey";
var $host = "dnsbl.httpbl.org";
function isListed($ip) {
$reverseip = $this->reverse_IP($ip);
if (!$reverseip)//was it a valid ish ip?
return false;
//Debugging only
//echo "Request: ".$this->key . '.' . $reverseip . '.' . $this->host."<br>";
//echo "resolved?: " . gethostbyname($this->key . '.' . $reverseip . '.' . $this->host)."<br>";
$responce = gethostbyname($this->key . '.' . $reverseip . '.' . $this->host);
if (strstr($responce, $this->host)) {
return false;//if the domain does not resolve then it will be the same thing we passed to gethostbyname
}
//echo "Responce is ";
//print_r($responce);
//echo "\n";
$responce = explode("." ,$responce);
if ($responce[0] != 127)
return false; //First octet must be 127, else there is an error condition
$values = array();
$values['last_activity'] = $responce[1];
$values['threat'] = $responce[2];
if ($responce[3] == 0)//if it's 0 then there's only 1 thing it can be
$values['Search_Engine'] = true;
if ($responce[3] & 1)//does it have the same bits as 1 set
$values['Suspicious'] = true;
if ($responce[3] & 2)//does it have the same bits as 2 set
$values['Harvester'] = true;
if ($responce[3] & 4)//does it have the same bits as 4 set
$values['Comment_Spammer'] = true;
return $values;
}
function reverse_IP($ip) {
preg_match("/[0-9]{1,4}.[0-9]{1,4}.[0-9]{1,4}.[0-9]{1,4}/", $ip, $matches);
$ip = explode(".", $matches[0]);
//print_r($ip);//debug code :-D
if (count($ip)!=4)
return null;
return $ip[3] . '.' . $ip[2] . '.' . $ip[1] . '.' . $ip[0];
}
function threat_level($ip) {
$answer = $this->isListed($ip);
if ($answer == false) return 0;
return $answer["threat"];
}
}
/*example code
echo "<pre>";
$dnsbl = new httpbl();
$visitor= $_SERVER['REMOTE_ADDR'];
$answer = $dnsbl->isListed("127.0.0.1");
if ($answer == false) {
print_r("No threat");
}
else {
print_r($answer);
}
echo "</pre>";
*/
/*example code with just threat level
$dnsbl = new httpbl();
echo 'Threat level: '.$dnsbl->threat_level("81.177.22.243");
*/
/*CAPTCHA example*/
//Check for malicious IP (do a session_start() as the first line of the page)
include "./hpot/httpbl.php";
$dnsbl = new httpbl();
if ($dnsbl->threat_level($_SERVER['REMOTE_ADDR']) > 0) {
include "captcha.inc"; //Another row of form elements and CAPTCHA logic
}
else {
//set verification code for user to make form handler happy
echo "<input type=\"hidden\" name=\"verificationcode\" value=\"".$_SESSION['verification_key']."\">";
}
?>
|
