|
Author: J.Yard2 (11 Apr 09 3:37pm)
My Repel http:BL Implementation
Repel http:BL Web Site
http://repel.in-progress.com/
Overview
My implementation of Repel http:BL was designed to deliver only an access denied page and nothing else to any client that has an http:BL record. The objective here is not to encourage already known harvesters that have an http:BL record to repeatedly visit the site by continuing to provide them with a bouquet of honey pot addresses.
To catch new and currently unknown harvesters that do not yet have an http:BL record, hidden honey pot links are included on all site pages, except the access denied page that is delivered to already known harvesters.
FILE: conf
# Project Honey Pot - http:BL - Repel
Include conf/extra/httpd-httpBL.Repel.conf
FILE: conf/extra/httpd-httpBL.Repel.conf
# Turn on Rewrite Engine
RewriteEngine on
# Repel
RewriteLock /usr/local/apache2/rewritelock.lock
RewriteMap repel "prg:/usr/local/Repel1.0/Repel/repel.py"
# Obtain http:BL Result & Set Environment Variables
RewriteCond ${repel:%{REMOTE_ADDR}|OK} ^([A-Fa-f0-9:]{7,11})\ ((?:\ *(?:None|SearchEngine(?:\=.*)?|Suspicious|Malicious|Harvester|CommentSpammer))+)\ *(?:Dormant=(..)?)?\ *(?:Threat=(..)?)?\ *(?:Expired=(..:..:..))?\ *(.*)? [NC]
RewriteRule .* - [E=httpBL:%1,E=Type:%2,E=Dormant:%3,E=Threat:%4,E=Expired:%5,E=Other:%6]
# Deny Access (Repel) - Deliver Access Denied Page
RewriteCond %{ENV:Type} Suspicious|Malicious|Harvester|CommentSpammer [NC]
RewriteCond %{REQUEST_URI} !^.*Project_Honey_Pot/http_BL_Access_Denied/ [NC]
RewriteCond %{REQUEST_URI} !^.*access_logger/counters/http:BL\ -\ Access\ Denied\.gif$ [NC]
RewriteCond %{REQUEST_URI} !^.*favicon\.ico$ [NC]
RewriteRule ^.* /Project_Honey_Pot/http_BL_Access_Denied/index.html [L,NC]
# If no http:BL Result, set httpBL Variable to "00:00:00:00". Used/required in Custom Logging (RewriteOptions inherit)
SetEnvIf httpBL ^$ httpBL=00:00:00:00
FILE: /Project_Honey_Pot/http_BL_Access_Denied/index.html
<!-- header("Location: http://ProjectHoneyPot.org/") -->
<html>
<head>
<title>http:BL Access Denied</title>
<META HTTP-EQUIV="refresh" CONTENT="15;URL=http://ProjectHoneyPot.org/ip_<!--#include virtual="Client_IP_Address.php" -->">
</head>
<body>
<hr>
<table border="0" width="100%" id="table1">
<tr>
<td rowspan="3" align="center" bgcolor="#FFFF00" width="100"><font size="6" color="#FF0000"><b>Access Denied</b></font></td>
<td align="left"><b><font color="#FF0000" size="4">Warning</font>:</b> According to
<a href="http://ProjectHoneyPot.org/"><b>Project Honey Pot</b></a> your IP address has been used by spammers to harvest
email addresses from web sites, engage in comment spamming, etc.</td>
</tr>
<tr>
<td align="left">Please visit <a href="http://ProjectHoneyPot.org/"><b>Project Honey Pot</b></a> and use the <a href="http://ProjectHoneyPot.org/ip_<!--#include virtual="Client_IP_Address.php" -->"><b>IP Address Inspector</b></a> to lookup up your IP address (<a href="http://ProjectHoneyPot.org/ip_<!--#include virtual="Client_IP_Address.php" -->"><b><!--#include virtual="Client_IP_Address.php" --></b></a>) for more information.</td>
</tr>
</table>
<hr>
<i>If you are not redirected to the <a href="http://ProjectHoneyPot.org/"><b>Project Honey Pot</b></a> <a href="http://ProjectHoneyPot.org/ip_<!--#include virtual="Client_IP_Address.php" -->"><b>IP Address Inspector</b></a> in 15 seconds, please click on the link above.</i>
</body></html>
FILE: /Project_Honey_Pot/http_BL_Access_Denied/Client_IP_Address.php
<?php
echo $_SERVER['REMOTE_ADDR'];
?>
|
Welcome to Project Honey Pot | Login