Message Board

http:BL Use/Development

Older Posts ]   [ Newer Posts ]
 Honey Pot integration in own PHP script (Unix)
Author: G.Zicer   (23 Apr 12 3:35pm)
Hello guys

I am trying to implement Honey Pot code in my script and all seems fine but response is somehow weird to me. I would be grateful if anybody could help.

IP which I tried to check is 87.30.200.57

Code is used from this address from HoneyPot forum
http://projecthoneypot.org/board/read.php?f=10&i=330&t=330

Part of answer:
;; AUTHORITY SECTION: dnsbl.httpbl.org. 3600 IN SOA dnsbl.httpbl.org. dnsadmin.projecthoneypot.org. 1335197558 7200 7200 604800 3600 ;; Query time: 128 msec ;; SERVER: xxx.xx.32.10#53(xxx.xx.32.10) ;; WHEN: Tue Apr 24 00:06:25 2012 ;; MSG SIZE rcvd: 121


I think that this one should be in format 127.x.x.x
1335197558 7200 7200 604800 3600

Any idea?
 
 Re: Honey Pot integration in own PHP script (Unix)
Author: G.Zicer   (24 Apr 12 7:31pm)
Above post was for dig command.

I tried also hostbyname function.

$itman = $apikey . "." . $ip . "." . "dnsbl.httpbl.org";

$host = gethostbyname($itman);

hostbyname result for 87.30.200.57 reversed to 57.200.30.87
= [MYAPIKEY].57.200.30.87.dnsbl.httpbl.org

Why do I get back the same string while using hostbyname function?
 
 Re: Honey Pot integration in own PHP script (Unix)
Author: E.Langheinrich   (25 Apr 12 8:24am)
Have you tried running the test entries through your function? The API document has section of test entries and the expected response.

Looking at the IP your are querying it isn't currently listed within http:BL. IPs will fall of of the list after a period of time without Project Honey Pot seeing additional activity.

From my understanding depending on your version of PHP the gethostbyname function will return different things based on a NXDOMAIN lookup response.
 
 Re: Honey Pot integration in own PHP script (Unix)
Author: G.Zicer   (25 Apr 12 2:44pm)
Got it now.

It seems that both options are working, but IP which I used was wrong :)

Thank you.

I tried to check several IPs with foreach but always received negative answer (no 127.x.y.z).

When tried one-by-one I receive positive answer (127.3..x.y).

Where is the catch?

Best regards
G.
 
 Re: Honey Pot integration in own PHP script (Unix)
Author: E.Langheinrich   (25 Apr 12 10:05pm)
Can you give me more specifics on what you are running? I replied directly to you this morning directly if that works better for you.
 
 Re: Honey Pot integration in own PHP script (Unix)
Author: G.Zicer   (26 Apr 12 10:19am)
If you mean with foreach problem, here is what I used.

$apikey = 'xxxxxxx';

if(isset($_POST['ip_list'])) {

$ips = explode("\n", $_POST['ip_list']);

foreach($ips as $ip) {

// Honey Pot check
$what2lookup = implode('.', array_reverse(explode('.',$ip)));
$result2 = dolookup($apikey, $what2lookup);
$blocks = explode('.',$result2);
print " Honey Pot ".(($blocks[0] == 127 && $blocks[1] > 0) ? "<font color='red'>YES BLOCKED</font>" : "NOT BLOCKED" )." (".$blocks[0].".".$blocks[1].")<br />";

}

}


function dolookup($apikey,$ip){
$itman = $apikey . "." . $ip . "." . "dnsbl.httpbl.org";
$host = gethostbyname($itman);
return ($host);
}


Best regards
G.
 
 Re: Honey Pot integration in own PHP script (Unix)
Author: joshtronic   (15 May 12 7:26pm)
Hard to tell from the code you provided, but did you reverse the IP before assembling the URL to hit?

Here's how I did it:

// Flip tha script
$octets = explode('.', $ip_address);
krsort($octets);
$reversed_ip = implode('.', $octets);

// Perform the query
$results = dns_get_record($this->api_key . '.' . $reversed_ip . '.dnsbl.httpbl.org', DNS_A);

You're also welcome to use my wrapper: https://github.com/joshtronic/php-projecthoneypot
 
 Re: Honey Pot integration in own PHP script (Unix)
Author: S.Metler2   (9 Nov 12 7:13am)

Thanks Josh S,

This is what I was looking for ...

https://github.com/joshtronic/php-projecthoneypot

A nice and easy to read PHP wrapper.

I was surprised to see that I recognized the name on it !! I hope all is well with you.
;O)

Shane



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email