diff options
Diffstat (limited to 'content/posts/2007-10-15-project-honey-pot-bindings-php-and-ruby.html')
-rw-r--r-- | content/posts/2007-10-15-project-honey-pot-bindings-php-and-ruby.html | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/content/posts/2007-10-15-project-honey-pot-bindings-php-and-ruby.html b/content/posts/2007-10-15-project-honey-pot-bindings-php-and-ruby.html new file mode 100644 index 0000000..b176ae8 --- /dev/null +++ b/content/posts/2007-10-15-project-honey-pot-bindings-php-and-ruby.html @@ -0,0 +1,74 @@ +--- +date: "2007-10-15T03:17:18Z" +title: Project Honey Pot Bindings (PHP and Ruby) +--- + +<p><a href="http://projecthoneypot.org/">Project Honey Pot</a> is a <acronym title='Domain Name Service - Realtime Blacklist'>DNSRBL</acronym> to preemptively block comment +spammers, harvesters, and other nefarious types on the web. This +afternoon I tested 50ish "spammy" IP addresses that <a href="http://pablotron.org/?cid=1485" title="My PHP4 Akismet bindings.">Akismet</a> missed +and Honey Pot caught about 10% of them. Unfortunately, I don't have a +good balanced corpus of comment spam to do a full comparison between the +two, so I'll be using both together for the time being.</p> + +<p>Anyway, I've been sitting on mostly complete <a href="http://hg.pablotron.org/honeypot-ruby">Ruby Honeypot +bindings</a> for a while, but this evening I whipped up +some PHP bindings too. </p> + +<p>Note that you'll need to create a Project Honey Pot account to get an +<acronym title='Application Programming Interface'>API</acronym> key (but don't worry, it's free). Without any further ado:</p> + +<pre><code># sample API key +$api_key = 'asdf1234asdf'; + +# ip/hostname to check +# (this will almost always be $_SERVER['REMOTE_ADDR']) +$addr = '127.1.10.1'; + +# create new honeypot instance +$honeypot = new Honeypot($api_key); + +# check address +if ($honeypot->is_ok($addr)) + echo 'address is okay'; +else + echo 'address is NOT OKAY'; +</code></pre> + +<p>You can override the default age and threat thesholds by passing +additional arguments to the constructor, like this:</p> + +<pre><code>$honeypot = new Honeypot($api_key, array( + 'ok_age' => 300, # set age threshold to 300 days + 'ok_threat' => 50, # set threat level threshold to 50 +)); +</code></pre> + +<p>Using the <code>check()</code> method instead of <code>is_ok()</code> gives you more detailed +results. Say you're only concerned about fairly recent harvesters, and +not comment spammers or anything else:</p> + +<pre><code># check the address +$result = $honeypot->check($addr); + +# check for recent harvester results with a high threat level +if ($result && $result['is_harvester'] && + $result['age'] < 30 && $result['threat'] > 128) { + echo 'address is NOT OKAY'; +} else { + echo 'address is okay'; +} +</code></pre> + +<p>Files:</p> + +<ul> +<li><a href="http://pablotron.org/files/honeypot-php-0.1.0.tar.gz" title="Download Honeypot-PHP 0.1.0 tarball.">Download Honeypot-PHP 0.1.0</a> (<a href="http://pablotron.org/files/honeypot-php-0.1.0.tar.gz.asc" title="PGP signature for Honeypot-PHP 0.1.0 tarball.">Signature</a>)</li> +<li><a href="http://pablotron.org/files/php/Honeypot-0.1.0.tgz" title="Honeypot-PHP 0.1.0 PEAR Package.">Honeypot-PHP 0.1.0 PEAR Package</a> (<a href="http://pablotron.org/files/php/Honeypot-0.1.0.tgz.asc" title="PGP signature for Honeypot-PHP 0.1.0 PEAR Package.">Signature</a>)</li> +<li><a href="http://hg.pablotron.org/honeypot-php">Honeypot-PHP Mercurial Repository</a></li> +</ul> + +<p>If you're using Wordpress, someone else already wrote a <a href="http://wordpress.org/extend/plugins/httpbl/">handy http:BL +Wordpress plugin</a>. I didn't see a decent generic Honeypot l +ibrary, which is why I wrote this one.</p> + + |