Quick and dirty httpbl and drupal. An attempt to weed out evil bots, a bit

Submitted by vlado on Thu, 2007-06-21 10:44. | | | |

Lately I was looking into how to reduce the spam traffic to this website. Not just comment spam, but various harvesters and other nasties. They steal too much http bandwidth.

.htaccess methods are tempting, but they have a huge disadvantage - they are static. DNS blacklists can be used to dynamically query 'is this ip a known threat?'. One such list is provided by project honepot. They have an apache module in beta implementing it. If you don't have the option, or want a bit more dynamism, you can do the checks from your own php script.

In drupal there is already an httpbl module, but I decided not to use it. It looked easier to just insert the checks in index.php. The other benefit is that I can interfere before the drupal bootstrap has even started. The downside - none of the goodies provided by the module. I used a modified version of the script provided by planet ozh.

My modifications are adding a random link to various traps and do a few other custom niceties. Otherwise you can just add
require_once "httpbl.php" before all other code in index.php. This will ensure that nothing else gets processed if you are hit by a bot.

Interestingly enough, half an hour(ish) doing this I got:
2007-06-21 :: 05-04-40 :: BLOCKED 68.186.149.178 :: 5 :: 18 :: 2 :: /comment/reply/126 :: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Avant Browser [avantbrowser.com]; Hotbar 4.4.5.0)
2007-06-21 :: 05-04-49 :: BLOCKED 68.186.149.178 :: 5 :: 18 :: 2 :: / :: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Avant Browser [avantbrowser.com]; Hotbar 4.4.5.0)
2007-06-21 :: 05-04-55 :: BLOCKED 68.186.149.178 :: 5 :: 18 :: 2 :: / :: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Avant Browser [avantbrowser.com]; Hotbar 4.4.5.0)
2007-06-21 :: 05-06-47 :: BLOCKED 58.225.246.205 :: 5 :: 5 :: 51 :: /comment/reply/215 :: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
2007-06-21 :: 05-07-31 :: BLOCKED 211.109.26.212 :: 5 :: 5 :: 50 :: /comment/reply/215 :: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
2007-06-21 :: 05-13-56 :: BLOCKED 76.111.216.245 :: 5 :: 5 :: 28 :: /comment/reply/211 :: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
2007-06-21 :: 05-30-05 :: BLOCKED 222.221.254.163 :: 5 :: 51 :: 1 :: /comment/reply/238 :: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
2007-06-21 :: 05-30-08 :: BLOCKED 200.210.47.199 :: 5 :: 41 :: 2 :: /comment/reply/238 :: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
2007-06-21 :: 05-39-19 :: BLOCKED 72.232.83.82 :: 5 :: 19 :: 17 :: /15.05.2007/man_i_just_have_to_link_to_this/ :: Fzywenob odwvlxrh mdpxegr
2007-06-21 :: 05-39-24 :: BLOCKED 201.25.52.10 :: 5 :: 29 :: 1 :: /comment/reply/220 :: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

bastards. all I can say.

While this is not going to stop spam, I hope it will at least reduce it a bit.

read more | vlado's blog | add new comment

Reply

Please solve the math problem above and type in the result. e.g. for 1+1, type 2
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <br /> <br> <div> <a> <em> <strong> <cite> <pre> <code> <ul> <ol> <li> <dl> <dt> <dd> <h3> <img> <blockquote> <q> <strike> <small> <h4> <h5> <h6>
  • Link to content with [[some text]], where "some text" is the title of existing content or the title of a new piece of content to create. You can also link text to a different title by using [[link to this title|show this text]]. Link to outside URLs with [[http://www.example.com|some text]], or even [[http://www.example.com]].
  • Lines and paragraphs break automatically.
More information about formatting options
Home ยป Quick and dirty httpbl and drupal. An attempt to weed out evil bots, a bit