aboutsummaryrefslogtreecommitdiff
path: root/content/posts/2007-10-15-project-honey-pot-bindings-php-and-ruby.html
diff options
context:
space:
mode:
Diffstat (limited to 'content/posts/2007-10-15-project-honey-pot-bindings-php-and-ruby.html')
-rw-r--r--content/posts/2007-10-15-project-honey-pot-bindings-php-and-ruby.html74
1 files changed, 74 insertions, 0 deletions
diff --git a/content/posts/2007-10-15-project-honey-pot-bindings-php-and-ruby.html b/content/posts/2007-10-15-project-honey-pot-bindings-php-and-ruby.html
new file mode 100644
index 0000000..b176ae8
--- /dev/null
+++ b/content/posts/2007-10-15-project-honey-pot-bindings-php-and-ruby.html
@@ -0,0 +1,74 @@
+---
+date: "2007-10-15T03:17:18Z"
+title: Project Honey Pot Bindings (PHP and Ruby)
+---
+
+<p><a href="http://projecthoneypot.org/">Project Honey Pot</a> is a <acronym title='Domain Name Service - Realtime Blacklist'>DNSRBL</acronym> to preemptively block comment
+spammers, harvesters, and other nefarious types on the web. This
+afternoon I tested 50ish "spammy" IP addresses that <a href="http://pablotron.org/?cid=1485" title="My PHP4 Akismet bindings.">Akismet</a> missed
+and Honey Pot caught about 10% of them. Unfortunately, I don't have a
+good balanced corpus of comment spam to do a full comparison between the
+two, so I'll be using both together for the time being.</p>
+
+<p>Anyway, I've been sitting on mostly complete <a href="http://hg.pablotron.org/honeypot-ruby">Ruby Honeypot
+bindings</a> for a while, but this evening I whipped up
+some PHP bindings too. </p>
+
+<p>Note that you'll need to create a Project Honey Pot account to get an
+<acronym title='Application Programming Interface'>API</acronym> key (but don't worry, it's free). Without any further ado:</p>
+
+<pre><code># sample API key
+$api_key = 'asdf1234asdf';
+
+# ip/hostname to check
+# (this will almost always be $_SERVER['REMOTE_ADDR'])
+$addr = '127.1.10.1';
+
+# create new honeypot instance
+$honeypot = new Honeypot($api_key);
+
+# check address
+if ($honeypot-&gt;is_ok($addr))
+ echo 'address is okay';
+else
+ echo 'address is NOT OKAY';
+</code></pre>
+
+<p>You can override the default age and threat thesholds by passing
+additional arguments to the constructor, like this:</p>
+
+<pre><code>$honeypot = new Honeypot($api_key, array(
+ 'ok_age' =&gt; 300, # set age threshold to 300 days
+ 'ok_threat' =&gt; 50, # set threat level threshold to 50
+));
+</code></pre>
+
+<p>Using the <code>check()</code> method instead of <code>is_ok()</code> gives you more detailed
+results. Say you're only concerned about fairly recent harvesters, and
+not comment spammers or anything else:</p>
+
+<pre><code># check the address
+$result = $honeypot-&gt;check($addr);
+
+# check for recent harvester results with a high threat level
+if ($result &amp;&amp; $result['is_harvester'] &amp;&amp;
+ $result['age'] &lt; 30 &amp;&amp; $result['threat'] &gt; 128) {
+ echo 'address is NOT OKAY';
+} else {
+ echo 'address is okay';
+}
+</code></pre>
+
+<p>Files:</p>
+
+<ul>
+<li><a href="http://pablotron.org/files/honeypot-php-0.1.0.tar.gz" title="Download Honeypot-PHP 0.1.0 tarball.">Download Honeypot-PHP 0.1.0</a> (<a href="http://pablotron.org/files/honeypot-php-0.1.0.tar.gz.asc" title="PGP signature for Honeypot-PHP 0.1.0 tarball.">Signature</a>)</li>
+<li><a href="http://pablotron.org/files/php/Honeypot-0.1.0.tgz" title="Honeypot-PHP 0.1.0 PEAR Package.">Honeypot-PHP 0.1.0 PEAR Package</a> (<a href="http://pablotron.org/files/php/Honeypot-0.1.0.tgz.asc" title="PGP signature for Honeypot-PHP 0.1.0 PEAR Package.">Signature</a>)</li>
+<li><a href="http://hg.pablotron.org/honeypot-php">Honeypot-PHP Mercurial Repository</a></li>
+</ul>
+
+<p>If you're using Wordpress, someone else already wrote a <a href="http://wordpress.org/extend/plugins/httpbl/">handy http:BL
+Wordpress plugin</a>. I didn't see a decent generic Honeypot l
+ibrary, which is why I wrote this one.</p>
+
+