Icy Phoenix

     
 


Post new topic  Reply to topic 
Page 1 of 1
 
 
Reply with quote Download Post 
Post [REQ] "Project Honey Pot" Support 
 
Hi

I don't know if this is the right forum to write this one, but on the MOD forum only moderators can open topics.

BTW

I'm using from a long time a script that connects my site to Project Honey Pot database ( http://www.projecthoneypot.org )

This place, if you don't know, tracks the activity of spammers and the IP that they use, giving to the IP a threat level, and all is for free: you can even check there a suspicious IP and see if it has been used by a spammer.

Once you subscribe, you can add "booby traps" (honey pots) on your site that robots used by spammers fall into acquiring email addresses that are MX records donated by members (I donated 14) for the purpouse to be used as traps for spammers, basically they are emails that one is not using and decide to donate, but this is not mandatory, I've some domains that I'm not actively using so I donated some MX records that are now used to hunt spammers (every time a new one is trapped they send me an email with the congratulations...). A spammer robot follows this hidden link, goes to a page and acquire emails and once they appear on the net the IP is banned (genuine bots like google are recognized by the system)

After a while they give you a key and you can use the system to keep spammers out of the site automatically, by a script, you can set different parameters, like the threat level and redirect the spammer on  a whatever url address (i redirect them into the trap page)

Well, as I said , I'm using this system for a while and also in the beta and the SVN of icyphoenix and it fits very well, you can even see on the crackertracker page what Ips are redirected to your trap page.

Note that this system has pro and cons: it can work for you if you've a little site like mine, with few people on the staff that monitor the site for comment spammers, this system do it for you but it can even kick out innocent people that are using a dynamic IP that was costantly used by a spammer, or, like it happens for providers like Fastweb Italy that uses few public IPs , almost all of their IPs are blacklisted, also, all the italian network is ranked as "suspicious" (sigh..) so you've to raise or lower the threat level accordingly to your need, and also write exceptions (I wrote one for a friend of mine that is on fastweb), but if you're desperate for spammers, like I was, the lasting activity of them on your site will result on some occasional human being that registers manually to the site in order to write links ( I had only one in a couple of years ) . Ip redirected by the system are dozens every day even on a little site like mine and they can be monitored on the cracker tracker page.

In any case, while I write here the method and the script that I'm using (the script is not by me, I only modified it a little, it's a generic script that I found on the net), I want to encourage someone in writing a good mod to be added to Icyphoenix, I found one for phpBB , tried it, but it was not as effective as this script, it should be simple, but I'm not a coder   ...

Anyway,  here is the script, write it in a whatever new .php file and add it to your site. Note that the "key" value is empty (I wrote there some "X"), you need to have your personal one from project honey pot, and also the "$hp" value has to be modified to be a page where the spammers are going to be redirected (I use my trap page on site). Also note the exclusion at the beginning (an IP from fastweb Turin) AND the "if ( !defined('IN_ICYPHOENIX') )" that I don't know if it is only in the SVN version of Icyphoenix.

I called this file "httpBL.php"

Code: [Download] [Hide] [Select]
<?php
if ( !defined('IN_ICYPHOENIX') )
{
    die("Hacking attempt");
}

// exclusion for a public Ip used by Fastweb Italy, almost all Fastweb IPs are
//banned by project honey pot  
if ($_SERVER['REMOTE_ADDR'] != "81.208.91.238") {
    function httpbl_check_referer() {
        global $_SERVER;
// here goes your project honey pot key
        $key = 'xxxxxxxxxxxxx';
        $result = explode( ".", gethostbyname( $key . "." . implode ( ".", array_reverse( explode( ".", $_SERVER["REMOTE_ADDR"] ) ) ) . ".dnsbl.httpbl.org" ) );
          if ( $result[0] == 127 ) {
            // Information for the following three configuration variables can be found at
            // http://www.projecthoneypot.org/httpbl_api.php
            //
            // Consider malicious bots active within the past how many days?
            $age_thres = '45';
            // Consider malicious bots with a threat score greater than what (0-255)?
            $threat_thres = '10';
            // Consider malicious which types of bots?
            $denied = '1,2,3,4,5,6,7';

            // Where do you want to redirect malicious bots? It is recommended that you
            // forward them to a Project Honey Pot QuickLink, available here:
            // http://www.projecthoneypot.org/manage_quicklink.php
            //
            // Alternatively, you may leave the default value or blank the value to not use
            // redirection at all, like this:
            // $hp = ''

            $hp = 'http://yoursite.com/whatever.php';
            $age = false;
            $threat = false;
            $deny = false;
                        if ( $result[1] < $age_thres )
                $age = true;
                if ( $result[2] > $threat_thres ) {
                    $threat = true;
                }

                foreach ( explode( ",", $denied ) as $value ) {
                    if ( $value == $result[3] ) {
                        $deny = true;
                    }
                }

            if ( $deny && $threat ) {
                if ( $hp ) {
                    header( "HTTP/1.1 301 Moved Permanently ");
                    header( "Location: $hp" );
                    exit;
                }
                else exit;
            }
        }
    }
    httpbl_check_referer();
}
    ?>


Then, this file must be called from Icyphoenix, you can even choice not to call this file everytime you open a page of the site, you can for example add the inclusion only in the files where a user writes something (viewtopic, album comment etc.). In any case, I went straight in /includes/page_header.php and added

include(IP_ROOT_PATH . 'httpBL.' . PHP_EXT);

(note that the format is the last one used in Icyphoenix)

so everytime a page is loaded, httpBL.php is checked and an user is accepted or not accordingly to the values written in that site.

Hope this helps and I hope to see something more "clean"   in the future.
 



 
tormentorSend private messageVisit poster's website  
Back to topPage bottom
Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Support us
 
Reply with quote Download Post 
Post Re: [REQ] "Project Honey Pot" Support 
 
Thanks for sharing.

What about creating a pack with instructions included so I can add it in contrib folder for next release?
 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
Mighty GorgonSend private messageSend e-mail to userVisit poster's website  
Back to topPage bottom
Reply with quote Download Post 
Post Re: [REQ] "Project Honey Pot" Support 
 
Dear Almighty Gorgon

You know I'm not a coder but a "smanettone"   , I wouldn't be able to pack a standardized mod, as you can see, the code itself is half a mess.

I cast the bait as a suggestion for someone to make it a proper modification (I'm not jealous, there is very little from me in the code...) , sorry  
 



 
tormentorSend private messageVisit poster's website  
Back to topPage bottom
Post new topic  Reply to topic  Page 1 of 1
 


Display posts from previous:    

HideWas this topic useful?

Link this topic
URL
BBCode
HTML




 
Permissions List
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events