Home » blogs » vlado's blog

Quick and dirty httpbl and drupal. An attempt to weed out evil bots, a bit

Submitted by vlado on Thu, 2007-06-21 10:44. | | | |

Lately I was looking into how to reduce the spam traffic to this website. Not just comment spam, but various harvesters and other nasties. They steal too much http bandwidth.

.htaccess methods are tempting, but they have a huge disadvantage - they are static. DNS blacklists can be used to dynamically query 'is this ip a known threat?'. One such list is provided by project honepot. They have an apache module in beta implementing it. If you don't have the option, or want a bit more dynamism, you can do the checks from your own php script.

In drupal there is already an httpbl module, but I decided not to use it. It looked easier to just insert the checks in index.php. The other benefit is that I can interfere before the drupal bootstrap has even started. The downside - none of the goodies provided by the module. I used a modified version of the script provided by planet ozh.

My modifications are adding a random link to various traps and do a few other custom niceties. Otherwise you can just add
require_once "httpbl.php" before all other code in index.php. This will ensure that nothing else gets processed if you are hit by a bot.

Interestingly enough, half an hour(ish) doing this I got:
2007-06-21 :: 05-04-40 :: BLOCKED 68.186.149.178 :: 5 :: 18 :: 2 :: /comment/reply/126 :: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Avant Browser [avantbrowser.com]; Hotbar 4.4.5.0)
2007-06-21 :: 05-04-49 :: BLOCKED 68.186.149.178 :: 5 :: 18 :: 2 :: / :: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Avant Browser [avantbrowser.com]; Hotbar 4.4.5.0)
2007-06-21 :: 05-04-55 :: BLOCKED 68.186.149.178 :: 5 :: 18 :: 2 :: / :: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Avant Browser [avantbrowser.com]; Hotbar 4.4.5.0)
2007-06-21 :: 05-06-47 :: BLOCKED 58.225.246.205 :: 5 :: 5 :: 51 :: /comment/reply/215 :: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
2007-06-21 :: 05-07-31 :: BLOCKED 211.109.26.212 :: 5 :: 5 :: 50 :: /comment/reply/215 :: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
2007-06-21 :: 05-13-56 :: BLOCKED 76.111.216.245 :: 5 :: 5 :: 28 :: /comment/reply/211 :: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
2007-06-21 :: 05-30-05 :: BLOCKED 222.221.254.163 :: 5 :: 51 :: 1 :: /comment/reply/238 :: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
2007-06-21 :: 05-30-08 :: BLOCKED 200.210.47.199 :: 5 :: 41 :: 2 :: /comment/reply/238 :: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
2007-06-21 :: 05-39-19 :: BLOCKED 72.232.83.82 :: 5 :: 19 :: 17 :: /15.05.2007/man_i_just_have_to_link_to_this/ :: Fzywenob odwvlxrh mdpxegr
2007-06-21 :: 05-39-24 :: BLOCKED 201.25.52.10 :: 5 :: 29 :: 1 :: /comment/reply/220 :: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

bastards. all I can say.

While this is not going to stop spam, I hope it will at least reduce it a bit.

vlado's blog | add new comment
Home » blogs » vlado's blog