News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

httpBL

Started by Diego Andrés, February 17, 2010, 03:55:54 PM

Previous topic - Next topic

Arantor

It's down to what is actually done by the other site. Stop Forum Spam / Stop Spammer don't actually do that much in terms of authenticating the submissions; Motoko-chan (former project manager here) once submitted his own IP to SFS (as used by SS) to prove that it doesn't validate it, it just takes submissions.

I don't know what the honeypot site does, but I'm guessing it does more than just accepting user submissions.

Wizzlefits

If I'm not mistaken, honeypot is basically the same as SFS. (talking about blocking, not trapping spammers)
It returns info on the IP in question, but it's up to the requesting site (your forum) to block or let pass.
They both are just black lists to one degree or another.

While playing with my honeypot trap page.. I submitted my IP to their database.  It's still listed, but it's white listed.  :P

Arantor

Actually, not quite the same. It's insanely easy to get an IP blacklisted on SFS but much harder to do on honeypot.

Wizzlefits

Quote from: Arantor on April 28, 2010, 10:23:51 AM
Actually, not quite the same. It's insanely easy to get an IP blacklisted on SFS but much harder to do on honeypot.

LOL!
You do have a point there!
At least you can easily remove your IP from SFS. Yep! did that too. ::)

snoopy_virtual

Arantor is right, it's very difficult to get your IP black-listed in PHP (Project Honey Pot).

In SFS you just submit an IP without giving any explanation and they don't even check if it's right or not, but in PHP if you submit an IP you need to explain what this IP has been doing and why you are submitting it, and the points (Threat Level) it will get will depend on the kind of actions you tell them it's been doing, the amount of people reporting that IP, etc. And anyway they don't accept everything you say about an IP if they cannot confirm it's true.

They trust a lot more the results sent from the Honey Pots pages, because all the links to these Honey Pots are hiding, so humans never get inside them and the spambots are kind enough to report themselves from them.

Actually if you get spammers inside your forum (anybody who has passed all your security barriers) you will need to report them to PHP only if you are sure they are humans. If they are robots they will end up reporting themselves.

On the other hand, if your IP gets ever black-listed in PHP it's very easy to get it white-listed. Just log into PHP's site. As soon as the site recognizes you as a member of the project you will see a link to white-list your IP.




I find a lot more interesting what Wizzlefits said a few days ago about a couple of spambots passing httpBL by brute force.

We need to talk about it to see how they managed, because that shouldn't happen.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

butchs

I can see the brute force pass bye happen because it takes a little time to look up each ip.  Add a cache buffer and that will be the end of that.  Yea, yea, I know what you are going to say.   ;)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Wizzlefits

#206
Quote from: butchs on May 01, 2010, 05:06:46 PM
I can see the brute force pass bye happen because it takes a little time to look up each ip.  Add a cache buffer and that will be the end of that.  Yea, yea, I know what you are going to say.   ;)

Have to agree, cache the ip for 5 min. would do it.

Or
add a delay of 5 seconds between registration requests from the same IP.

kaamaru

If the honey post server goes down, would my site still function?

Arantor

Sure it will. Just with one less measure of protection.

giveaway365.com

which is that "with one less measure of protection."?

Arantor

If the honey pot site goes down, your site says up, and that includes any other measures of anti spam you have.

kaamaru

OK, awesome. Do any of you know when honey pot will be back online? I need to get an API.

Wizzlefits

Figured they would be back up by now. It's been a week since the new hard drive was installed.

Wizzlefits

O...
Even though the honey pot site is down, it's only the front end of the site. They are still tracking spammers and httpBL is working just fine.

Sea Mac

#214
Thank you for this MOD!

I got a honeypot (I got 2   actually) and tried Installing this Mod.

At install time it   showed all "Test Successful" or "File Skipped" so I installed it.

My   site quit working. http://thetruthabouthemp.com/hempity/index.php

QuoteTemplate Parse Error!        There was a problem loading the /Themes/default/languages/Modifications.english-utf8.php   template or language file.  Please check the syntax and try again -   remember, single quotes (') often have to be escaped with a   slash (\).  To see more specific error information from PHP,   try accessing   the file directly.

You may want to try to refresh this page or use the   default theme

214: $txt['httpBL_honeyPot_word'] = 'Keyword of your Honey Pot link';
215: $txt['httpBL_honeyPot_word_sub'] = 'This is the only word in your Honey Pot link the spammers are going to see. Write something to attract them and make them click on it and not anything scary for them. If you cannot find out a good word just leave it blank. The mod will choose one for you.';
216: $txt['httpBL_info_email_1'] = 'First word of your email';
217: $txt['httpBL_info_email_2'] = 'Second word of your email';
218: $txt['httpBL_info_email_3'] = 'Third word of your email';
219: $txt['httpBL_info_email_sub'] = 'The mod needs your email address to tell you if there are any problems and to show it to the human beings unlucky enough to have an IP considered as spammer and not knowing how to get out of the page <b>warning.php</b>, so they can ask you for help. Then, it has to be a valid email address. We have split it into 3 words so the robots cannot see it. For example, if your address is <b>[email protected]</b> the first word is <b>info</b>, the second one <b>yourwebsite</b>, and the third one <b>com</b>.';
220: $txt['httpBL_enable_bad_email'] = 'Check the email address you have written. You cannot leave blank any of the 3 words.';
221: $txt['httpBL_bad_last_activity'] = 'Number of days to consider good an IP';
222: $txt['httpBL_bad_last_activity_sub'] = 'If an IP used to belong some time ago to a spammer, but nobody has seen it doing anything wrong since at least this number of days, we don\'t consider it dangerous now and we leave the visitor pass.';
223: $txt[httpBL_bad_threat
224:
225:
What Happened?

It looks as if I'm going to have to reinstall the WHOLE SMF Forum!

snoopy_virtual

You don't need to reinstall SMF. Just edit the file giving you the problem:

Navigate to the folder /Themes/default/languages/ and look for the file Modifications.english-utf8.php

At the end of the file you should have exactly this:


// MOD httpBL START
// General
$txt['httpBL_title'] = 'MOD httpBL';
$txt['httpBL_honeyPot_link_error'] = 'Wrong honeyPot link. Check your MOD httpBL configuration.';
$txt['httpBL_honeyPot_key_error'] = 'Wrong http:BL API key. Check your MOD httpBL configuration.';
$txt['httpBL_honeyPot_key_error_2'] = 'Connection failed. This either means that your http:BL API key is incorrect or that there is a problem in your DNS system.';
$txt['httpBL_caught'] = 'Spammers stopped by MOD httpBL: ';

// Config page
$txt['httpBL_description'] = 'The MOD httpBL checks every visitor\'s IP to see if it\'s already in projecthoneypot\'s DB. If this is true the mod redirects them to the warning.php page denying them access to the forum.<br />Here you can turn the mod on and off and change some of its parameters.';
$txt['httpBL_config'] = 'MOD httpBL settings';
$txt['httpBL_enable'] = 'Enable/Disable MOD httpBL';
$txt['httpBL_enable_bad_API_key'] = 'The API key you have written is wrong. Check it out carefully and try again.';
$txt['httpBL_honeyPot_link'] = 'Link to your Honey Pot';
$txt['httpBL_honeyPot_link_sub'] = 'If you want to use MOD httpBL you must have a Honey Pot installed in your server. If you haven\'t got one you need to go first to <a href="http://www.projecthoneypot.org/?rf=62759" target="_blank">www.projecthoneypot.org</a> to ask for one and install it in your server. After that, write here the link to that Honey Pot. It will be something like:<br /><b>http://www.yourwebsite.com/yourhoneypot.php</b>';
$txt['httpBL_honeyPot_key'] = 'Your Honey Pot http:BL API key';
$txt['httpBL_honeyPot_key_sub'] = 'If you want to use MOD httpBL you must have as well a http:BL API key from Project Honey Pot. If you haven\'t got one you need to go first to <a href="http://www.projecthoneypot.org/?rf=62759" target="_blank">www.projecthoneypot.org</a> to sign up for one and write it here. Please notice they are not going to give you one if you haven\'t installed a Honey Pot, so you better do that first.';
$txt['httpBL_honeyPot_word'] = 'Keyword of your Honey Pot link';
$txt['httpBL_honeyPot_word_sub'] = 'This is the only word in your Honey Pot link the spammers are going to see. Write something to attract them and make them click on it and not anything scary for them. If you cannot find out a good word just leave it blank. The mod will choose one for you.';
$txt['httpBL_info_email_1'] = 'First word of your email';
$txt['httpBL_info_email_2'] = 'Second word of your email';
$txt['httpBL_info_email_3'] = 'Third word of your email';
$txt['httpBL_info_email_sub'] = 'The mod needs your email address to tell you if there are any problems and to show it to the human beings unlucky enough to have an IP considered as spammer and not knowing how to get out of the page <b>warning.php</b>, so they can ask you for help. Then, it has to be a valid email address. We have split it into 3 words so the robots cannot see it. For example, if your address is <b>[email protected]</b> the first word is <b>info</b>, the second one <b>yourwebsite</b>, and the third one <b>com</b>.';
$txt['httpBL_enable_bad_email'] = 'Check the email address you have written. You cannot leave blank any of the 3 words.';
$txt['httpBL_bad_last_activity'] = 'Number of days to consider good an IP';
$txt['httpBL_bad_last_activity_sub'] = 'If an IP used to belong some time ago to a spammer, but nobody has seen it doing anything wrong since at least this number of days, we don\'t consider it dangerous now and we leave the visitor pass.';
$txt['httpBL_bad_threat'] = 'Threat level considered bad';
$txt['httpBL_bad_threat_sub'] = 'Project Honey Pot gives every IP a threat level which is changing every day depending on what this IP does and how many days ago it did it. Every IP with a threat level lower than the number you put here will pass without even been checked.';
$txt['httpBL_very_bad_threat'] = 'Threat level considered VERY bad';
$txt['httpBL_very_bad_threat_sub'] = 'Every IP with a threat level greater than the number you put here won\'t be able to pass at all. The IPs with a threat level between both numbers will see a captcha and, if they prove they are humans, they will be granted a pass for a few hours.';
$txt['httpBL_cookie_length'] = 'Hours until an IP needs to prove again it\'s human';
$txt['httpBL_cookie_length_sub'] = 'As the IPs change very often, when the visitors see the captcha and prove they are human they are allowed inside the page only for this amount of hours. After that the IP may be coming from a different computer. We wouldn\'t recommend you to change these last 4 values until you know the way the mod works.';
$txt['httpBL_no_negative_here'] = 'The number of days and the threat level cannot be negative numbers or 0.';
$txt['httpBL_no_higher_than'] = 'The threat level considered bad cannot be higher than the threat level considered <b>VERY</b> bad.';
$txt['httpBL_viewlog_extra'] = 'View extra information in the log';
$txt['httpBL_viewlog_extra_sub'] = 'If you tick this options you are going to see all the information in the log, but maybe it\'s too much and you will loose perspective. Sometimes it\'s better to see only the important things.';
$txt['httpBL_config_sub_1'] = 'If you want to see the look of your "warning.php" page with this settings (the page everybody with an IP considered dangerous is going to be redirected) press this link:';
$txt['httpBL_config_sub_2'] = 'If you want to change its design or translate that page and you don\'t know how, or if you have any other question about the MOD, you can ask for help in the <a href="http://www.simplemachines.org/community/index.php?topic=366399" target="_blank">official support forum</a> or try to find more information <a href="http://www.snoopyvirtualstudio.com/tutoriales/index.php?estudio=httpBL_2" target="_blank">reading the tutorial</a>.';

// View log page
$txt['httpBL_viewlog'] = 'httpBL Spammers Log';
$txt['httpBL_viewlog_description'] = 'Every time the MOD httpBL stops a spammer or detects an internal error adds an entry to this log you can see here. This is the list of spammers stopped by the mod either because their threat level was higher than the threat level considered <b>VERY</b> bad or because they saw the captcha and couldn\'t prove they were humans.';
$txt['httpBL_viewlogpass'] = 'httpBL Humans Log';
$txt['httpBL_viewlogpass_description'] = 'This is the list of the humans stopped by the mod but allowed in after they have proved they were not robots.';
$txt['httpBL_viewlogerror'] = 'httpBL Errors Log';
$txt['httpBL_viewlogerror_description'] = 'This is the list of the internal errors detected by the mod when trying to check an IP. Depending on the error, some of them may have been stopped and others may have been allowed in. To see all the information here you need to press the button <b>"Show extra information"</b>.';
$txt['httpBL_log_no_entries'] = 'There are no entries in the MOD httpBL Spammers Log. Either you haven\'t caught any spammer yet or you have erased all the entries.';
$txt['httpBL_logpass_no_entries'] = 'There are no entries in the MOD httpBL Humans Log. Either nobody have proved to be human yet or you have erased all the entries.';
$txt['httpBL_logerror_no_entries'] = 'There are no entries in the MOD httpBL Errors Log. Either you haven\'t got any errors yet or you have erased all the entries.';
$txt['httpBL_viewlog_extra'] = 'Show extra information';
$txt['httpBL_viewlog_normal'] = 'Hide extra information';
$txt['httpBL_log_show_legend'] = 'Show legend';
$txt['httpBL_log_hide_legend'] = 'Hide legend';
$txt['httpBL_pages'] = 'Pages';
$txt['httpBL_log_date'] = 'Date';
$txt['httpBL_log_ip'] = 'IP';
$txt['httpBL_log_threat'] = 'Th. L.';
$txt['httpBL_log_threat_long'] = 'Threat Level - The threat level of this IP in Project Honey Pot database.';
$txt['httpBL_log_activity'] = 'L. B. A.';
$txt['httpBL_log_activity_long'] = 'Last Bad Activity - The number of days since this IP was seen doing something wrong.';
$txt['httpBL_log_suspicious'] = 'S.';
$txt['httpBL_log_suspicious_long'] = 'Suspicious - Just suspicious of being a spammer.';
$txt['httpBL_log_harvester'] = 'H.';
$txt['httpBL_log_harvester_long'] = 'Harvester - A robot that surfs the internet looking for email addresses to use them later to send spam.';
$txt['httpBL_log_comment'] = 'C.';
$txt['httpBL_log_comment_long'] = 'Comment Spammer - A robot that post to blogs and forums. These posts typically are full of links to sites being promoted by the spammers.';
$txt['httpBL_log_url'] = 'Page';
$txt['httpBL_log_url_long'] = 'The page this IP was visiting when it was detected and expelled by the mod.';
$txt['httpBL_log_user_agent'] = 'Browser';
$txt['httpBL_log_error_message'] = 'Message';
$txt['httpBL_yes'] = 'Yes';
$txt['httpBL_threat_colors'] = 'Meaning of colors:';
$txt['httpBL_threat_low'] = 'Low threat';
$txt['httpBL_threat_medium'] = 'Medium threat';
$txt['httpBL_threat_high'] = 'High threat';
$txt['httpBL_threat_very_high'] = 'Very high threat';
$txt['httpBL_log_remove_all_confirm'] = 'Are you sure you want to delete all MOD httpBL log entries? - Please notice this action will delete not only the entries in this section, but ALL THE ENTRIES IN THE LOG.';
$txt['httpBL_log_remove_selected_confirm'] = 'Are you sure you want to delete all selected MOD httpBL log entries?';

// Errors
$txt['httpBL_log_no_error'] = 'No error';
$txt['httpBL_no_errorNumber'] = 'There is no error number';
$txt['httpBL_no_defined'] = 'No defined yet';
$txt['httpBL_answers_captcha'] = 'Answers on the captcha';
$txt['httpBL_answer_captcha'] = 'Answer on the captcha';
$txt['httpBL_good'] = 'Good';
$txt['httpBL_bad'] = 'Bad';
$txt['httpBL_empty_ip'] = 'Empty IP';
$txt['httpBL_wrote_hidding'] = 'Wrote on a hidding place';
$txt['httpBL_no_show_captcha'] = 'Th. L. too high. Didn\'t show the captcha';
$txt['httpBL_no_reverse_ip'] = 'Cannot check. IP not normal. Allowed to pass';
$txt['httpBL_log_key_error'] = 'Cannot check due to API key error. Allowed to pass';
$txt['httpBL_no_127'] = 'Cannot check. response[raw] doesn\'t start by 127. Allowed to pass';
$txt['httpBL_unknown'] = 'unknown';
// MOD httpBL END


If you have something different you will get an error.

By the way: Very nice site you have  ;)

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

esoteric

Hi, first time mod installer here and I've done the honeypot thing, got the congrats screen and I have an api key. I installed httpBL successfully and it shows up in my admin package place as being installed. I then had to manually edit my theme index.template.php file and thought I'd done that ok, but when I go back to admin page I don't have the Mod httpBL link under my members menu as in the picture. I do however have quite a big space, as if it's made room for the link.



Here's the stuff I already had in my index.template.php file:

Quote// The following will be used to let the user know that some AJAX process is running
   echo '
   <div id="ajax_in_progress" style="display: none;', $context['browser']['is_ie'] && !$context['browser']['is_ie7'] ? 'position: absolute;' : '', '">', $txt['ajax_in_progress'], '</div>';

echo '
</body>
</html>';
}

And after inserting the bit of code:

Quote// The following will be used to let the user know that some AJAX process is running
   echo '
   <div id="ajax_in_progress" style="display: none;', $context['browser']['is_ie'] && !$context['browser']['is_ie7'] ? 'position: absolute;' : '', '">', $txt['ajax_in_progress'], '</div>';

echo '
';

   /*****************
   ** httpBL START **
   *****************/
   global $sourcedir, $modSettings;
   if ($modSettings['httpBL_enable'])
   {
      require_once($sourcedir . '/httpBL_Subs.php');
      $honeyLink = httpBL_honeylink($modSettings['httpBL_honeyPot_link'], $modSettings['httpBL_honeyPot_word']);
      echo $honeyLink;
   }
   /*****************
   **  httpBL END  **
   *****************/
   
    echo '
</body>
</html>';
}

I'm sorry if I'm missing something glaringly obvious.  I really worry that I've bitten off more than I can chew here so please be kind.

butchs

I wonder if it is there and you just need to reset your cache?  Go to Forum Maintenance => Empty the file cache and see if that helps?
:o
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

Exsharaen

I wonder why SMF doesn't notify me of updates while I'm monitoring for updates... should update ASAP and retranslate then...

esoteric

Quote from: butchs on June 01, 2010, 10:13:48 AM
I wonder if it is there and you just need to reset your cache?  Go to Forum Maintenance => Empty the file cache and see if that helps?
:o

Thanks for the reply butchs, unfortunately i don't see an option to empty any cache from within Forum Maintenance.
I have these options though:

GENERAL MAINTENANCE
*Optimize all tables to improve performance.
*Check all files against current versions.
*Find and repair any errors.
*Recount all forum totals and statistics.
*Empty out unimportant logs.
*Convert HTML-entities to UTF-8 characters

REMOVE OLD POSTS
*Remove all topics not posted in for x days

Advertisement: