I don't know if this is the right forum to write this one, but on the MOD forum only moderators can open topics.
BTW
I'm using from a long time a script that connects my site to Project Honey Pot database ( http://www.projecthoneypot.org )
This place, if you don't know, tracks the activity of spammers and the IP that they use, giving to the IP a threat level, and all is for free: you can even check there a suspicious IP and see if it has been used by a spammer.
Once you subscribe, you can add "booby traps" (honey pots) on your site that robots used by spammers fall into acquiring email addresses that are MX records donated by members (I donated 14) for the purpouse to be used as traps for spammers, basically they are emails that one is not using and decide to donate, but this is not mandatory, I've some domains that I'm not actively using so I donated some MX records that are now used to hunt spammers (every time a new one is trapped they send me an email with the congratulations...). A spammer robot follows this hidden link, goes to a page and acquire emails and once they appear on the net the IP is banned (genuine bots like google are recognized by the system)
After a while they give you a key and you can use the system to keep spammers out of the site automatically, by a script, you can set different parameters, like the threat level and redirect the spammer on a whatever url address (i redirect them into the trap page)
Well, as I said , I'm using this system for a while and also in the beta and the SVN of icyphoenix and it fits very well, you can even see on the crackertracker page what Ips are redirected to your trap page.
Note that this system has pro and cons: it can work for you if you've a little site like mine, with few people on the staff that monitor the site for comment spammers, this system do it for you but it can even kick out innocent people that are using a dynamic IP that was costantly used by a spammer, or, like it happens for providers like Fastweb Italy that uses few public IPs , almost all of their IPs are blacklisted, also, all the italian network is ranked as "suspicious" (sigh..) so you've to raise or lower the threat level accordingly to your need, and also write exceptions (I wrote one for a friend of mine that is on fastweb), but if you're desperate for spammers, like I was, the lasting activity of them on your site will result on some occasional human being that registers manually to the site in order to write links ( I had only one in a couple of years ) . Ip redirected by the system are dozens every day even on a little site like mine and they can be monitored on the cracker tracker page.
In any case, while I write here the method and the script that I'm using (the script is not by me, I only modified it a little, it's a generic script that I found on the net), I want to encourage someone in writing a good mod to be added to Icyphoenix, I found one for phpBB , tried it, but it was not as effective as this script, it should be simple, but I'm not a coder
...
Anyway, here is the script, write it in a whatever new .php file and add it to your site. Note that the "key" value is empty (I wrote there some "X"), you need to have your personal one from project honey pot, and also the "$hp" value has to be modified to be a page where the spammers are going to be redirected (I use my trap page on site). Also note the exclusion at the beginning (an IP from fastweb Turin) AND the "if ( !defined('IN_ICYPHOENIX') )" that I don't know if it is only in the SVN version of Icyphoenix.
I called this file "httpBL.php"
<?php
if ( !defined('IN_ICYPHOENIX') )
{
die("Hacking attempt");
}
// exclusion for a public Ip used by Fastweb Italy, almost all Fastweb IPs are
//banned by project honey pot
if ($_SERVER['REMOTE_ADDR'] != "81.208.91.238") {
function httpbl_check_referer() {
global $_SERVER;
// here goes your project honey pot key
$key = 'xxxxxxxxxxxxx';
$result = explode( ".", gethostbyname( $key . "." . implode ( ".", array_reverse( explode( ".", $_SERVER["REMOTE_ADDR"] ) ) ) . ".dnsbl.httpbl.org" ) );
if ( $result[0] == 127 ) {
// Information for the following three configuration variables can be found at
// http://www.projecthoneypot.org/httpbl_api.php
//
// Consider malicious bots active within the past how many days?
$age_thres = '45';
// Consider malicious bots with a threat score greater than what (0-255)?
$threat_thres = '10';
// Consider malicious which types of bots?
$denied = '1,2,3,4,5,6,7';
// Where do you want to redirect malicious bots? It is recommended that you
// forward them to a Project Honey Pot QuickLink, available here:
// http://www.projecthoneypot.org/manage_quicklink.php
//
// Alternatively, you may leave the default value or blank the value to not use
// redirection at all, like this:
// $hp = ''
$hp = 'http://yoursite.com/whatever.php';
$age = false;
$threat = false;
$deny = false;
if ( $result[1] < $age_thres )
$age = true;
if ( $result[2] > $threat_thres ) {
$threat = true;
}
foreach ( explode( ",", $denied ) as $value ) {
if ( $value == $result[3] ) {
$deny = true;
}
}
if ( $deny && $threat ) {
if ( $hp ) {
header( "HTTP/1.1 301 Moved Permanently ");
header( "Location: $hp" );
exit;
}
else exit;
}
}
}
httpbl_check_referer();
}
?>
if ( !defined('IN_ICYPHOENIX') )
{
die("Hacking attempt");
}
// exclusion for a public Ip used by Fastweb Italy, almost all Fastweb IPs are
//banned by project honey pot
if ($_SERVER['REMOTE_ADDR'] != "81.208.91.238") {
function httpbl_check_referer() {
global $_SERVER;
// here goes your project honey pot key
$key = 'xxxxxxxxxxxxx';
$result = explode( ".", gethostbyname( $key . "." . implode ( ".", array_reverse( explode( ".", $_SERVER["REMOTE_ADDR"] ) ) ) . ".dnsbl.httpbl.org" ) );
if ( $result[0] == 127 ) {
// Information for the following three configuration variables can be found at
// http://www.projecthoneypot.org/httpbl_api.php
//
// Consider malicious bots active within the past how many days?
$age_thres = '45';
// Consider malicious bots with a threat score greater than what (0-255)?
$threat_thres = '10';
// Consider malicious which types of bots?
$denied = '1,2,3,4,5,6,7';
// Where do you want to redirect malicious bots? It is recommended that you
// forward them to a Project Honey Pot QuickLink, available here:
// http://www.projecthoneypot.org/manage_quicklink.php
//
// Alternatively, you may leave the default value or blank the value to not use
// redirection at all, like this:
// $hp = ''
$hp = 'http://yoursite.com/whatever.php';
$age = false;
$threat = false;
$deny = false;
if ( $result[1] < $age_thres )
$age = true;
if ( $result[2] > $threat_thres ) {
$threat = true;
}
foreach ( explode( ",", $denied ) as $value ) {
if ( $value == $result[3] ) {
$deny = true;
}
}
if ( $deny && $threat ) {
if ( $hp ) {
header( "HTTP/1.1 301 Moved Permanently ");
header( "Location: $hp" );
exit;
}
else exit;
}
}
}
httpbl_check_referer();
}
?>
Then, this file must be called from Icyphoenix, you can even choice not to call this file everytime you open a page of the site, you can for example add the inclusion only in the files where a user writes something (viewtopic, album comment etc.). In any case, I went straight in /includes/page_header.php and added
include(IP_ROOT_PATH . 'httpBL.' . PHP_EXT);
(note that the format is the last one used in Icyphoenix)
so everytime a page is loaded, httpBL.php is checked and an user is accepted or not accordingly to the values written in that site.
Hope this helps and I hope to see something more "clean"
in the future.
