Created
October 20, 2018 07:18
-
-
Save joshp23/44adc51f506f7647d9e22878a2088064 to your computer and use it in GitHub Desktop.
Universal PHP httpBL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| To use, just include the following at the top of an index.php file: | |
| require_once '../httpBL/httpBL.php'; | |
| define( 'honeyPot', true ); | |
| */ | |
| if( !defined( 'honeyPot' ) ) die(); | |
| /* | |
| * adjust these options to suit your needs | |
| */ | |
| $apiKey = 'YOUR_KEY'; // Project Honeypot API Key | |
| $logBL = true; // Log blocks? | |
| $log_file = 'logfile.txt'; // Log file location | |
| $search_engine = 0; // Threat level responses | |
| $spammer = 0; // ... above these levels | |
| $harvester = 0; // ... will be blocked | |
| /* | |
| * DO NOT EDIT BELOW THIS LINE | |
| */ | |
| /* | |
| * obtain the user IP address | |
| */ | |
| if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) { | |
| $_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"]; | |
| $_SERVER['HTTP_CLIENT_IP'] = $_SERVER["HTTP_CF_CONNECTING_IP"]; | |
| } | |
| $client = @$_SERVER['HTTP_CLIENT_IP']; | |
| $forward = @$_SERVER['HTTP_X_FORWARDED_FOR']; | |
| $remote = $_SERVER['REMOTE_ADDR']; | |
| if (filter_var($client, FILTER_VALIDATE_IP)) $ip = $client; | |
| elseif (filter_var($forward, FILTER_VALIDATE_IP)) $ip = $forward; | |
| else $ip = $remote; | |
| /* | |
| * Begin check against the Project Honeypot blacklist: http:BL | |
| */ | |
| // build the lookup DNS query | |
| // Example : for '127.9.1.2' you should query 'abcdefghijkl.2.1.9.127.dnsbl.httpBL.org' | |
| $querry = $apiKey . '.' . implode('.', array_reverse(explode ('.', $ip ))) . '.dnsbl.httpbl.org'; | |
| $lookup = gethostbyname($querry); | |
| // check query response | |
| $result = explode( '.', $lookup); | |
| if ($result[0] == 127) { | |
| // query successful ! | |
| $activity = $result[1]; | |
| $threat = $result[2]; | |
| $type = $result[3]; | |
| $typemeaning = ''; | |
| if ($type == 0) $typemeaning = 'Search Engine'; | |
| if ($type == 1) $typemeaning = 'Suspicious'; | |
| if ($type == 2) $typemeaning = 'Harvester'; | |
| if ($type == 3) $typemeaning = 'Suspicious & Harvester'; | |
| if ($type == 4) $typemeaning = 'Comment Spammer'; | |
| if ($type == 5) $typemeaning = 'Suspicious & Comment Spammer'; | |
| if ($type == 6) $typemeaning = 'Harvester & Comment Spammer'; | |
| if ($type == 7) $typemeaning = 'Suspicious, Harvester, & Comment Spammer'; | |
| // Now determine some blocking policy | |
| switch( $type ) { | |
| // Search Engine with the configured value | |
| case 0: | |
| if ( $threat > $search_engine ) $block = true; | |
| break; | |
| // Suspicious activity with the configured value | |
| case 1: | |
| if ( $threat > $spammer ) $block = true; | |
| break; | |
| // Harvester with the configured value | |
| case 2: | |
| if ( $threat > $harvester ) $block = true; | |
| break; | |
| // Suspicious & Harvester with the configured values | |
| case 3: | |
| $thresholdT = min( $spammer, $harvester ); // get the lowest threshold | |
| if ( $threat > $thresholdT ) $block = true; | |
| break; | |
| // Comment spammer with any threat level, appropriate greylist | |
| case 4: | |
| case 5: | |
| case 6: | |
| case 7: | |
| if ( $threat > 0 ) $block = true; | |
| break; | |
| default: | |
| $block = true; | |
| break; | |
| } | |
| if ($block) { | |
| if ($logBL == true) { | |
| $date = date('Y-m-d H:i:s'); | |
| $blocked = "\n{$date} - {$typemeaning} Level:{$threat}\n"; | |
| $blocked .= "IP: {$ip} - Recency: {$activity}\n"; | |
| file_put_contents($log_file, $blocked, FILE_APPEND); | |
| } | |
| header('HTTP/1.0 403 Forbidden'); | |
| die(); | |
| } | |
| } | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment