http:BL

[hansfn]

Extension Name: http:BL
Extension Author: Hans Fredrik Nordhaug (hansfn in the forum).

Extension Description:

The http:BL snippet can protect your site from search engines, suspicious, harvesters, comment spammers, or a combination thereof using the http:BL service from the Honeypot project - see http://www.projecthoneypot.org/httpbl_api.php All blocked domains (IPs) are added to the spam log.


Installation and usage:
- Put this file in your Pivot "extensions/snippets" folder.
- Get an http:BL API key on http://www.projecthoneypot.org/
- Place "[[httpBL:apikey:block]]" in the first line of all the templates, just in front of the DOCTYPE statement. "block" can be any of "search_engine", "suspicious", "harvester", "comment_spammer" or a combination using "|". To block all harvesters and comment_spammers, which is the default, use


Code:

[[httpBL:apikey:harvester|comment_spammer]]


You can also set at which threat level a domain should be blocked.


Code:

[[httpBL:apikey:suspicious:5]]


blocks all (suspicious) domains with threat level 5 and higher, the default is 10.


Limitation/issues:
- The default threat level of 10 is quite randomly selected: "Website administrators are encouraged to experiment with different threat scores and set them at what you determine is an appropriate level for your own site."
- The last seen/age value is not taken into account (yet): "This value is useful in helping you assess how 'stale' the information provided by http:BL is and therefore the extent to which you should rely on it."
.

Rough changelog:
25.08.2007: Initial release

Note: Please post all questions and discussions about this extension in this thread. Keeping the discussion confined to one thread will help others if they have any questions.

[hansfn]

I'll use this post as a TODO list:

1. Add whitelisting. (This easy to do - just waiting for somebody actually requesting/needing it.)
2. Caching. Hm, I think it's wasted since the local DNS server is already doing caching, but if the DNS server is much "slower" than the webserver ...

[hansfn]

By the way - using http:BL actually works great. From my spam log - I love it:

[macraig]

What code should the snippet add to the top of generated pages? I'm seeing nothing but a blank line added to the top of each displayed page. Does it only add HTML if a "bad" IP is detected, or does it add something regardless? Did I do something wrong, and that blank line is the result?

[hansfn]

Look at the source code of the PHP file (on the FTP server) - the snippet doesn't produce any HTML output, not even a blank line. (Put the tag on the same line as DOCTYPE, in front of it.) If a bad IP is detected it is blocked and some minimal explanatory HTML is displayed (in stead of the normal page).

[macraig]

Hansfn, I inserted the snippet call on a separate line above <DOCTYPE>. I haven't changed that yet. I just checked my spam log since adding this snippet (and pooh, replacing my old code) last night, and I've got some entries in there I've never seen before:

[hansfn]

You haven't upgrade to 1.40.4 yet which is strongly recommended security upgrade and also provides better logging (that http:BL relies on).

PS! You are correct that what you see is http:BL in action.

[macraig]

Yeah, I knew about the update, but it's tedious work to compare every file for custom changes and reproduce them in the right places in the new files. Everyone else may have fancy tools to automate some of that, but I have to do it the hard way... so I've been putting it off until I thought I could afford the time to do it.

It's good at least to know it's working. I'd LOVE to see the looks on the spammers' faces when they get that Forbidden page!

[hansfn]

[]x[]

Will this extension be ported to PivotX any time soon ? Or does it work with some small modifications ?

[hansfn]

It's ported to PivotX now - read the http:BL thread in the PivotX forum.

Actually, porting this extension was some work ...