phpPHP
This script first appeared here.
About
Project Honeypot is a site that attempts to actively trap malicious email- and comment-spam bots by getting webmasters to lay out deliberate 'honeypots'; tempting pages with email addresses, fake comment forms and login boxes that tracks any attempt by a bot to spam or brute-force. The site also keeps a large directory of known 'bad' IP addresses. But there's a problem; how to easily integrate the Honey Pot database of known bad IPs into protection for a website? Project Honey Pot offers a service called http:BL which essentially allows users to use DNS queries to check IP addresses against the database to determine if they are dangerous or not. There is an Apache module integrating the feature for download, but of course that's not good for those of us who are on shared hosting. So, after some hemming and hawing, I came up with a script that simulates the same functionality.
It's by no means perfect, and it won't stop all email harvesters and spam scrapers from your site (especially if it is well-known or has a good Google ranking), but it should block enough to be noticable; when I implimented it at void-star.net the number of attempted spam comments I would get a day fell from over four hundred to about 60. I think that's worth it, myself.
Installation
- Sign up for Project Honeypot and follow that site's instructions for obtaining an http:BL key.
- Download Net_DNS.
- Copy the code below to a file on your server
(remember to change the config information, specifically
$akeyand$redirect). It's not terribly important what you call it or where you put it, so long as you remember. - Upload
Net_DNSto the same folder you put your file as above. - View your page to check for errors; if everything is working correctly, you should see nothing at all.
- Now,
include()your phpPHP file into any other PHP page you wish to protect.
The Code
The following is the raw code. Copy and paste this into a file on your server, as per the instuctions above.
<?php
$akey = "abcdefghijk"; // your http:BL Access Key
$redirect = "http://www.unspam.com/noemailcollection/"; // change to the URL of your site's honeypot
$min_threat = 10;
$banned_mask = 7; // see http://www.projecthoneypot.org/httpbl_api.php
$lookup = "dnsbl.httpbl.org";
//* END CONFIG *******************************************************//
// include class file
include( "Net/DNS.php" );
// reverse the ip
$ip = explode( '.', $_SERVER['REMOTE_ADDR'] );
$hp = $akey .'.'. $ip[3] .'.'. $ip[2] .'.'. $ip[1] .'.'. $ip[0] .'.'. $lookup;
// create new Net_DNS object
$ndr = new Net_DNS_Resolver();
// debug output?
// $ndr->debug = 1;
// set nameservers
// uncomment if you're having problems getting Net_DNS to work
// $ndr->nameservers = array( '4.2.2.1', '4.2.2.2' );
// query for IP address
$r = $ndr->search( $hp );
if( !empty( $r ) ){
$c = explode( '.', $r->answer[0]->address );
// if we look suspicious, redirect us to the specified page and kill all subsequent content
if( ( $banned_mask & $c[3] ) != 0 && $c[2] > $min_threat ) {
header( "Location: $redirect" );
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>phpPHP</title>
<meta http-equiv="refresh" content="0;URL=<?=$redirect?>">
</head>
<body>
</body>
</html>
<?
die();
}
}
?>
Troubleshooting
There are two known 'roadblocks' to getting this code working.
The first is the include of the Net_DNS library.
Net_DNS itself contains a lot of include()
statements, and these are all relativley pathed. Depending on
what other scripts you are attempting to run phpPHP with, this
may cause problems as Net_DNS errors out
trying to look for itself in the wrong place. The simplest
way to fix this error is to trawl through the Net_DNS
source code, look for every include() and replace
it with an absolute path (the one that looks something
like /home/username/public_html/path/to/Net/DNS.php).
It sounds harded than it is, especially if you have a good
text editor.
There is also the possibility that Net_DNS will have
problems looking up nameservers. You can test this by uncommenting
$ndr->debug = 1;; if the script isn't returning anything,
you've got a look-up problem. To fix it, uncomment $ndr->nameservers = array( '4.2.2.1', '4.2.2.2' );
and try again; hopefully, you should now receive a result. (Remember to
re-comment the debug option!)