Project Honey Pot is a DNSRBL to preemptively block comment spammers, harvesters, and other nefarious types on the web. This afternoon I tested 50ish "spammy" IP addresses that Akismet missed and Honey Pot caught about 10% of them. Unfortunately, I don't have a good balanced corpus of comment spam to do a full comparison between the two, so I'll be using both together for the time being.
Anyway, I've been sitting on mostly complete Ruby Honeypot bindings for a while, but this evening I whipped up some PHP bindings too.
Note that you'll need to create a Project Honey Pot account to get an API key (but don't worry, it's free). Without any further ado:
# sample API key
$api_key = 'asdf1234asdf';
# ip/hostname to check
# (this will almost always be $_SERVER['REMOTE_ADDR'])
$addr = '127.1.10.1';
# create new honeypot instance
$honeypot = new Honeypot($api_key);
# check address
if ($honeypot->is_ok($addr))
echo 'address is okay';
else
echo 'address is NOT OKAY';
You can override the default age and threat thesholds by passing additional arguments to the constructor, like this:
$honeypot = new Honeypot($api_key, array(
'ok_age' => 300, # set age threshold to 300 days
'ok_threat' => 50, # set threat level threshold to 50
));
Using the check()
method instead of is_ok()
gives you more detailed
results. Say you're only concerned about fairly recent harvesters, and
not comment spammers or anything else:
# check the address
$result = $honeypot->check($addr);
# check for recent harvester results with a high threat level
if ($result && $result['is_harvester'] &&
$result['age'] < 30 && $result['threat'] > 128) {
echo 'address is NOT OKAY';
} else {
echo 'address is okay';
}
Files:
- Download Honeypot-PHP 0.1.0 (Signature)
- Honeypot-PHP 0.1.0 PEAR Package (Signature)
- Honeypot-PHP Mercurial Repository
If you're using Wordpress, someone else already wrote a handy http:BL Wordpress plugin. I didn't see a decent generic Honeypot l ibrary, which is why I wrote this one.