1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
---
date: "2007-10-15T03:17:18Z"
title: Project Honey Pot Bindings (PHP and Ruby)
---
<p><a href="http://projecthoneypot.org/">Project Honey Pot</a> is a <acronym title='Domain Name Service - Realtime Blacklist'>DNSRBL</acronym> to preemptively block comment
spammers, harvesters, and other nefarious types on the web. This
afternoon I tested 50ish "spammy" IP addresses that <a href="http://pablotron.org/?cid=1485" title="My PHP4 Akismet bindings.">Akismet</a> missed
and Honey Pot caught about 10% of them. Unfortunately, I don't have a
good balanced corpus of comment spam to do a full comparison between the
two, so I'll be using both together for the time being.</p>
<p>Anyway, I've been sitting on mostly complete <a href="http://hg.pablotron.org/honeypot-ruby">Ruby Honeypot
bindings</a> for a while, but this evening I whipped up
some PHP bindings too. </p>
<p>Note that you'll need to create a Project Honey Pot account to get an
<acronym title='Application Programming Interface'>API</acronym> key (but don't worry, it's free). Without any further ado:</p>
<pre><code># sample API key
$api_key = 'asdf1234asdf';
# ip/hostname to check
# (this will almost always be $_SERVER['REMOTE_ADDR'])
$addr = '127.1.10.1';
# create new honeypot instance
$honeypot = new Honeypot($api_key);
# check address
if ($honeypot->is_ok($addr))
echo 'address is okay';
else
echo 'address is NOT OKAY';
</code></pre>
<p>You can override the default age and threat thesholds by passing
additional arguments to the constructor, like this:</p>
<pre><code>$honeypot = new Honeypot($api_key, array(
'ok_age' => 300, # set age threshold to 300 days
'ok_threat' => 50, # set threat level threshold to 50
));
</code></pre>
<p>Using the <code>check()</code> method instead of <code>is_ok()</code> gives you more detailed
results. Say you're only concerned about fairly recent harvesters, and
not comment spammers or anything else:</p>
<pre><code># check the address
$result = $honeypot->check($addr);
# check for recent harvester results with a high threat level
if ($result && $result['is_harvester'] &&
$result['age'] < 30 && $result['threat'] > 128) {
echo 'address is NOT OKAY';
} else {
echo 'address is okay';
}
</code></pre>
<p>Files:</p>
<ul>
<li><a href="http://pablotron.org/files/honeypot-php-0.1.0.tar.gz" title="Download Honeypot-PHP 0.1.0 tarball.">Download Honeypot-PHP 0.1.0</a> (<a href="http://pablotron.org/files/honeypot-php-0.1.0.tar.gz.asc" title="PGP signature for Honeypot-PHP 0.1.0 tarball.">Signature</a>)</li>
<li><a href="http://pablotron.org/files/php/Honeypot-0.1.0.tgz" title="Honeypot-PHP 0.1.0 PEAR Package.">Honeypot-PHP 0.1.0 PEAR Package</a> (<a href="http://pablotron.org/files/php/Honeypot-0.1.0.tgz.asc" title="PGP signature for Honeypot-PHP 0.1.0 PEAR Package.">Signature</a>)</li>
<li><a href="http://hg.pablotron.org/honeypot-php">Honeypot-PHP Mercurial Repository</a></li>
</ul>
<p>If you're using Wordpress, someone else already wrote a <a href="http://wordpress.org/extend/plugins/httpbl/">handy http:BL
Wordpress plugin</a>. I didn't see a decent generic Honeypot l
ibrary, which is why I wrote this one.</p>
|
