Author: M.Porte (2 Oct 07 6:43am)
I have finished the first stable release of the SPIP (www.spip.net) plugin that allows easy installation of a honeypot (modulos the download from PHPot to their FTP which is sometime disorientating for beginners ;) and can use http:BL to filter the visitors.
The idea is simple, once the plugin is configured with a manually installed honeypot, the user can easily put automatic links in their website, the concept is similar to the MT plugin: there is a template for the links to the honeypot which generates links with random phrases hidden to normal visitors and pointing to the site honeypot.
The user also have an option to configure filtering based on http:BL with his own access key. The plugin makes a query and cache http:BL ratings for the visitors IP. The user can configure different filtering strategies according to the threat level and type. The options are:
- hide the email address (replace all string in the page looking like an email with another string...)
- hide the forums (this will just block the POST of the SPIP forum/contact forms, sending filtered posters to a 403)
- redirect to the honeypot (this does a redirect by header to the installed honeypot)
- send a 403 header and a page explaining why it has been forbidden with a link to PHPot page for that IP.
I am running it right now with most threats redirected to the honeypot and the number of catch from my honeypot has sharply risen since I installed it yesterday... obviously, this will only help catching already known threats...
I haven't written a full documentation page yet, the plugin is availlable here:
in French and English.
I will now work on setting up a stat page for the site, to get some local stats on what filters have been applied.