aboutsummaryrefslogtreecommitdiff
path: root/content/posts/2007-10-15-project-honey-pot-bindings-php-and-ruby.html
blob: b176ae8871dc36bb74ab028f8137c2540ecbeff7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
---
date: "2007-10-15T03:17:18Z"
title: Project Honey Pot Bindings (PHP and Ruby)
---

<p><a href="http://projecthoneypot.org/">Project Honey Pot</a> is a <acronym title='Domain Name Service - Realtime Blacklist'>DNSRBL</acronym> to preemptively block comment
spammers, harvesters, and other nefarious types on the web.  This
afternoon I tested 50ish "spammy" IP addresses that <a href="http://pablotron.org/?cid=1485" title="My PHP4 Akismet bindings.">Akismet</a> missed
and Honey Pot caught about 10% of them.  Unfortunately, I don't have a
good balanced corpus of comment spam to do a full comparison between the
two, so I'll be using both together for the time being.</p>

<p>Anyway, I've been sitting on mostly complete <a href="http://hg.pablotron.org/honeypot-ruby">Ruby Honeypot 
bindings</a> for a while, but this evening I whipped up
some PHP bindings too.  </p>

<p>Note that you'll need to create a Project Honey Pot account to get an
<acronym title='Application Programming Interface'>API</acronym> key (but don't worry, it's free).  Without any further ado:</p>

<pre><code># sample API key
$api_key = 'asdf1234asdf';

# ip/hostname to check
# (this will almost always be $_SERVER['REMOTE_ADDR'])
$addr = '127.1.10.1';

# create new honeypot instance
$honeypot = new Honeypot($api_key);  

# check address
if ($honeypot-&gt;is_ok($addr))
  echo 'address is okay';
else
  echo 'address is NOT OKAY';
</code></pre>

<p>You can override the default age and threat thesholds by passing
additional arguments to the constructor, like this:</p>

<pre><code>$honeypot = new Honeypot($api_key, array(
  'ok_age'    =&gt; 300, # set age threshold to 300 days
  'ok_threat' =&gt; 50,  # set threat level threshold to 50
));
</code></pre>

<p>Using the <code>check()</code> method instead of <code>is_ok()</code> gives you more detailed
results.  Say you're only concerned about fairly recent harvesters, and
not comment spammers or anything else:</p>

<pre><code># check the address
$result = $honeypot-&gt;check($addr);

# check for recent harvester results with a high threat level
if ($result &amp;&amp; $result['is_harvester'] &amp;&amp; 
    $result['age'] &lt; 30 &amp;&amp; $result['threat'] &gt; 128) {
  echo 'address is NOT OKAY';
} else {
  echo 'address is okay';
}
</code></pre>

<p>Files:</p>

<ul>
<li><a href="http://pablotron.org/files/honeypot-php-0.1.0.tar.gz" title="Download Honeypot-PHP 0.1.0 tarball.">Download Honeypot-PHP 0.1.0</a> (<a href="http://pablotron.org/files/honeypot-php-0.1.0.tar.gz.asc" title="PGP signature for Honeypot-PHP 0.1.0 tarball.">Signature</a>)</li>
<li><a href="http://pablotron.org/files/php/Honeypot-0.1.0.tgz" title="Honeypot-PHP 0.1.0 PEAR Package.">Honeypot-PHP 0.1.0 PEAR Package</a> (<a href="http://pablotron.org/files/php/Honeypot-0.1.0.tgz.asc" title="PGP signature for Honeypot-PHP 0.1.0 PEAR Package.">Signature</a>)</li>
<li><a href="http://hg.pablotron.org/honeypot-php">Honeypot-PHP Mercurial Repository</a></li>
</ul>

<p>If you're using Wordpress, someone else already wrote a <a href="http://wordpress.org/extend/plugins/httpbl/">handy http:BL
Wordpress plugin</a>.  I didn't see a decent generic Honeypot l
ibrary, which is why I wrote this one.</p>