Intergrating Project Honeypot into your Website

Introduction

The Honeypot Project is a "distributed system for identifying spammers and the spambots they use to scrape addresses from your website" . It's a powerful tool for protecting your site from malicious visitors.

Getting Started

First things first, you will need to register on the new account on the website to get an API key to use the service. You will find your API key on the Black List configuration page.

Understanding the Black List API

The API uses a DNS IP lookup system to return data about the visitors IP address. To do the lookup you'll need to send a request to one of the projects DNS servers. The request looks something like this:

YourAPIKey.VisitorsIPAddressReversed.dnsbl.httpbl.org

So for example if our visitors IP address was 192.168.0.1 and our API key was abcdefghijk our request would look like this

abcdefghijk.1.0.168.192.dnsbl.httpbl.org

The request will then return a result that looks like an IP address. Each octet of the IP address will provide us with information about our visitor. The result can look like this:

127.5.10.1

Octet 1: If the request was successful then 127 will be returned. If 127 is not returned then there was an error.

Octet 2: This indicates when the visitors IP address was last logged in the Black List database (ranges from 0-255 days) and indicates how "stale" the data is.

Octet 3: This indicates the threat of the visitor (ranges from 0-255). 10 is not a high threat rating.

Octet 4: This indicates (in bitwise) what activity the visitor has been tagged with.

For instance a value of 6 indicates that the visitor is both a Harvestor and a Comment Spammer (2 + 4 = 6).

For a more detailed look at the API please visit the Black List API page.

Using the code

The code is broken up into 3 distinct parts.

Part 1 is a fairly comprehensive method of getting the visitors IP address.

function getIP() { if ($_SERVER['HTTP_CLIENT_IP'] && $_SERVER['HTTP_CLIENT_IP'] != 'unknown') { return $_SERVER['HTTP_CLIENT_IP']; } else if ($_SERVER['HTTP_X_FORWARDED_FOR'] && $_SERVER['HTTP_X_FORWARDED_FOR'] != 'unknown') { return $_SERVER['HTTP_X_FORWARDED_FOR']; } else if ($_SERVER['REMOTE_ADDR'] && $_SERVER['REMOTE_ADDR'] != 'unknown') { return $_SERVER['REMOTE_ADDR']; } else { throw new Exception('Could not acquire a valid IP address'); } } 

Part 2 is the request and response from the Black List DNS server.

function getBL($ip) { // Generate API Query $query = "YourAPIKey" . implode('.', array_reverse(explode('.', getIP()))) . "dnsbl.httpbl.org"; // Get Query Results $result = explode('.', gethostbyname($query)); if ($result[0] == 127) { $result['activity'] = $result[1]; $result['threat'] = $result[2]; $type = $result[3]; if ($type & 0) { $result['type']['Search Engine'] = true; } if ($type & 1) { $result['type']['Suspicious'] = true; } if ($type & 2) { $result['type']['Harvester'] = true; } if ($type & 4) { $result['type']['Comment Spammer'] = true; } return $result; } else { throw new Exception('Black List API returned an invalid return code: '. $result[0]); } }

Part 3 is dealing with blocking certain visitors.

function processBlackList() { try { $rating = getBL(); // Set your own custom threat assessment code here if ($rating['threat'] > 20) { block($rating); } } catch (Exception $e) { echo "Encountered a problem while checking the Black List: ". $e->getMessage(); } } function block($rating) { echo "You have been blocked due to the following detected activities:<br/>"; echo implode("<br/>", $rating['type']); die(); }

Points of Interest

The major problems with a remote service is time taken to preform a request and get the result back and the possibility of the remote service being down for maintanence or major congestions. To counter this you could store recent visits in a database and check in your database first instead of checking the Black List DNS server each page load.

You can also create a honey pot page and add it to the start your robot.txt file to catch inconsiderate crawlers before they land on any relevant pages.

Conclusion

Enjoy and remember that the honey pot service also has a number of other services that can help you secure your website.

References

http://www.projecthoneypot.org/about_us.php

Update history

License

This article, along with any associated source code and files, is licensed under The Common Public License Version 1.0 (CPL)

About the author