Honeypot Spam Blocker - mangoblog plugin

Posted by Paul Klinkenberg in CFML , MangoBlog on June 29, 2010

Yet another plugin for mangoblog! About two weeks ago, I rediscovered Project Honeypot.They have a service called HTTP:BL, where you can check ip addresses for comment spamming and email harvesting behaviour.
With the help of that service, you can now block those ip addresses from even seeing your blog. This will reduce comment spamming, reduce server resources, and helps protecting the content of your site, especially any email addresses you might have on your blog.

What it does is simple: before the template of your website is executed, the ip address of the visitor is checked. If it is a spammer or harvester, your custom message will be displayed, and the request will be aborted.

Download the plugin

You can download it with the following url: http://www.railodeveloper.com/svn.cfm?repositorypath=honeypotSpamBlocker/HoneypotSpamBlocker.zip%3AHEAD&download=1

You can also view and download the source code in my subversion browser

Settings

spam blocker settingsAs you can see in the screenshot, there are a lot of settings. You can define which types of spammers are blocked, which are just logged, and even filter on last spam activity and threat rating by HTTP:BL.

Just click on the image to see a larger version.

Log files

In the settings you can define which types of events are logged. If you are logging anything, you can view the log from within the plugin settings page.

Test it

test screen exampleBecause your ip is probably not spamming or harvesting, you need a way to test this plugin. Therefore, there is also a test screen within the settings page. Just enter an ip address and hit the button. A new window will then open which will act as if you are visiting your blog with that ip. You can find some spam ip addresses from the project honeypot website.

Problems? Want to say thanks?

Leave me a comment; I appreciate it!

Related Entries:

del.icio.us Digg StumbleUpon Facebook Technorati Fav reddit Google Bookmarks
| Viewed 9103 times
  1. Sami Hoda

    #1 by Sami Hoda - June 30, 2010 at 12:45 AM

    I thought that (maybe cfformprotect?) for MangoBlog already had Project Honeypot support.
    Reply
  2. Mark Aplet

    #2 by Mark Aplet - June 30, 2010 at 12:53 AM

    Is this part of the same api being used by the CFFormProtect plugin? Does this plugin work with the CFFormProtect Plugin? Or have you tested that? Curious to know if it does a better job than the one that comes with mango blog or not.

    I do like all the settings you have given users to control the action to be taken on a comment. I am hoping it works well with the existing plugin to double to protection.

    Also, on a related note. I created a plugin for putting a honeypot on your blog in an effort to catch spammers too. Take a look at it here: http://www.visual28.com/articles/project-honey-pot
    Reply
  3. Paul Klinkenberg

    #3 by Paul Klinkenberg - June 30, 2010 at 10:10 AM

    @Sami: you are right, cfformprotect has this functionality as well. Differences are: cfformprotect only runs when a comment is posted, and you can't control the honeypot settings it uses to determine whether it is spam. This SpamBlocker plugin does a (cached) check on every page request, and just stops the request if it came from a spammer.
    Simply said: if a spammer never sees your comment form, then it will also not submit anything against it. So this plugin is more radically in the frontline.

    @Mark: I rewrote and enhanced a cfc found on http://www.mximize.com/fighting-comment-spam-with-project-honeypot, and am planning to create a blog post about the cfc itself as well in the near future. This plugin can be used together with cfformprotect, no problem. See reply to Sami. I would encourage everyone to use the cfformprotect plugin btw, because it has soo much more checks to filter out spam.
    Thanks for the compliment, and I indeed saw and download your plugin. Only thing for me was, that it uses the exact 9 example html pieces which are given by Project Honeypot, and I am convinced that a good harvester bot writer would be able to filter those 9 strings out of any html. Therefor, I wrote a new "Project Honeypot Link Generator": http://www.coldfusiondeveloper.nl/post.cfm/link-generator-coldfusion-project-honeypot, which makes the links more random. Maybe, if you have time, you could incorporate that into your plugin? Then I would sure use it :-)

    Thanks for the comments!
    Reply
  4. Mark Aplet

    #4 by Mark Aplet - June 30, 2010 at 4:16 PM

    Thanks for the response. I like your random link generator. I will take a look at it some more and see about incorporating it into my mango blog plugin. I had similar thoughts about the link becoming stale too, but figured the project honeypot folks would have already considered that. But I guess not. I will look into it and see what I can do.
    Reply
  5. Sami Hoda

    #5 by Sami Hoda - June 30, 2010 at 6:00 PM

    @Paul,

    Good stuff. Can't wait to try it out!
    Reply
  6. Paul Klinkenberg

    #6 by Paul Klinkenberg - July 1, 2010 at 11:52 PM

    Well Sami, download and use it I'd say :-)
    Reply
  7. Mark Aplet

    #7 by Mark Aplet - July 8, 2010 at 11:39 PM

    Just an FYI, the link you provide does not work with the auto install feature of Mango Blog. When I downloaded the file to my local system, the folder was also named "HoneypotSpamBlocker-v1.0" when It should be "HoneypotSpamBlocker" in order to work with the Mango Blog architecture. It was easy to fix of course, but not as friendly as the auto install url.
    Reply
  8. Paul Klinkenberg

    #8 by Paul Klinkenberg - July 9, 2010 at 1:39 PM

    Oh?! Hmm, didn't know about that. I would have suspected that the plugin-installer would look at the actual package name in the plugin.xml file, and name the directory after that.
    But good to know; I will change it shortly!
    Reply
  9. Laura

    #9 by Laura - July 9, 2010 at 9:56 PM

    The installer would actually use the "name" of the plugin, so the name of the zip won't matter. I believe your link has some kind of redirect or something that makes the cfhttp request not work properly. I put the zip (of your rememberLogin plugin) on a different server and it worked.
    Reply
  10. Paul Klinkenberg

    #10 by Paul Klinkenberg - July 9, 2010 at 11:30 PM

    Thanks for the clarification Laura! There is no redirect though; I just checked it with the Live HTTP Headers add-on, and it's just a regular 200 OK.
    Curious to find out what the problem is, but no clue how to find it out, since I haven't faced the problem :-/
    Reply
  11. Mark Aplet

    #11 by Mark Aplet - July 10, 2010 at 1:01 AM

    The name of the zip does not matter, however as my understanding of the system it looks for the plugin.xml and copies over the enclosing folder. In this case, your folder (once unzipped) was named "HoneypotSpamBlocker-v1.0" when It should be "HoneypotSpamBlocker" as that is the folder your plugin.xml was referencing. I could be totally wrong here, but I believe the solution would be to rename the enclosing folder to just "HoneypotSpamBlocker" naming the zip anything you wish.

    Am I right about this Laura?
    Reply
  12. Laura

    #12 by Laura - July 10, 2010 at 3:51 AM

    Mark,
    The installer changes the name of the folder with the name of the plugin, so it doesn't matter what the expanded folder looks in the beginning.

    Paul,
    One way to check would be to make a cfhttp request and see what the content and headers are.
    Reply
  13. Sami Hoda

    #13 by Sami Hoda - July 22, 2010 at 9:46 PM

    I also cannot auto-install due to svn redirect issue.
    Reply
  14. Paul Klinkenberg

    #14 by Paul Klinkenberg - July 22, 2010 at 11:21 PM

    Hi there, I checked what the problem was, and it turned out that there was also some content written with cfhtmlhead. I guess that was the first problem.
    Now, I just switched my hostname from coldfusiondeveloper.nl to railodeveloper.com, so if you copied the download path in this post, and if Mangoblog does not allow redirects while downloading a plugin, then that was the problem.
    I'd say: try again, with this link: http://www.railodeveloper.com/svn.cfm?repositorypath=honeypotSpamBlocker/HoneypotSpamBlocker.zip:96&download=1

    If it doesn't work, let me know! I did check it, and I just get a "200 OK" with the zip data.
    Reply
  15. WebmasterAlex

    #15 by WebmasterAlex - August 11, 2010 at 7:00 PM

    Hi Paul and All,

    Great Plugin! Congrads!

    All though PHP(Project Honeypot) is a very good source for checking the IPs against it, I have been doing some research on this for over a year of logs on my install of Mango. PHP Database is not updated as often as other community Databases, like StopForumSpam for example, but that is besides the point.

    One thing that cuts down a lot of Running to the other network to check is to check if CGI.SERVER_PROTOCOL of the incoming request is HTTP/1.0, and if so throw a CAPTCHA at the visitor before checking the IP against PHP or other source.

    Most of Comment spammers are using Proxies to do the dirty job and are not really Humans, but Bots. They do pass CFID and CFTOCKEN though.

    And If the question is Answered properly, Set a UNIQUE Cookie for the USER and let the User in. This logic could go into OnRequestStart method in Application.cfc.

    I find it that cuts down on about 95% of the need to call BAD IP Validation scripts.

    There are legitimate USE of HTTP/1.0 and is utilized by some SPIDERS like Slurp and Corporate Proxy servers that run via SQUID, but if the Captcha presented properly, Users understand. Some of the Mobile Devices run via HTTP/1.0 as well.

    But the Cookie does the Job pretty well.

    Just A thought.

    Alex
    Reply
  16. Paul Klinkenberg

    #16 by Paul Klinkenberg - August 11, 2010 at 9:11 PM

    @Laura and @Mark: the issue with not being able to install the plugin by using the url I am providing, turns out to be a bug in Railo's implementation of isValid("url", ..). I just filed a bug report, so that will soon be fixed I hope... https://jira.jboss.org/browse/RAILO-906
    Reply
  17. Paul Klinkenberg

    #17 by Paul Klinkenberg - August 11, 2010 at 9:13 PM

    Hi WebmasterAlex, thanks for the tips! I never thought about checking for HTTP/1.0, but will remember it for other projects.
    This particular project is stopping spammers at the front door, not when submitting a comment. So giving http-1.0-visitors a captcha image instead of the actual website would be a bit much ;-)
    Thanks again for the tips, Paul
    Reply
  18. kristof polleunis

    #18 by kristof polleunis - February 6, 2011 at 1:13 AM

    Have you looked at Hashcash? I use it on WordPress together with Akismet and both stop virtually all spam.

    http://devnulled.com/software/cfakismet/
    http://wordpress-plugins.feifei.us/hashcash/
    Reply
  19. Paul Klinkenberg

    #19 by Paul Klinkenberg - February 6, 2011 at 1:50 PM

    Hi Kristof, hadn't heard about hashcash in a while, but good to see the idea is now used to create a new anti-commentspam measure. The plugin cfformprotect would be the perfect project to include this, even though they already use a lot of anti-spam measures which work out pretty well. You might want to give the hashcash link to them at http://cfformprotect.riaforge.org/
    Cheers, Paul
    Reply
(will not be published)
Leave this field empty

removed-superheterodyne