Block spammers in vBulletin through Project Honey Pot

Forums are popular targets of spammers. Besides the automatic bots and robots which are usually blocked through different techniques like captcha scripts, there are many human spammers. Project Honey Pot provides an enormous database with IPs from which spam attacks have been performed.

You can integrate their script in your vBulletin forum and block all access from suspicious and malicious IPs. Follow these steps to complete the integration:

1. Sign up at the Project Honey Pot web site.

2. Get your personal httpBL API key.

3. Open your vBulletin admin area > Styles & Templates > Style Manager. Pick the “Edit Templates” option from the drop-down menu next to your default style and click on “Go“. Pick the “header” option from the left drop-down menu and click on “Edit“. Paste the following line at the top of the source code:

$projecthp

and save changes.

4. Navigate to Plugins & Products > Add New Plugin. Change the following options:

Hook Location: global_start

Title: Insert PHP For Project Honey Pot Block

Plugin PHP code:

ob_start();
include('projecthp.php');
$projecthp = ob_get_contents();
ob_end_clean();

Plugin is Active : Yes

Save the configuration.

5. Use a text editor like NotePad and create the projecthp.php file.

Enter the following code in it:

<?php
require_once('./httpbl.php');
?>

Upload the file in the root folder of your forum.

For example, if your forum is located at forum.yourdomainname.com and the absolute path to it is /home/user/public_html/forum/, upload the file in the forum subfolder.

You can find more details on how to upload files in this FTP tutorial.

6. Create httpbl.php and enter the following code in it:

<?php
/*
Script Name: Simple PHP http:BL implementation
Description: Simple script to check an IP against Project Honey Pot's database and let only legitimate users access your script
*/

/*** EDIT LINE 22 WITH YOUR OWN HTTP:BL ACCESS KEY ! ***/

if ($_COOKIE['notabot']) {
ozh_httpbl_logme(false, $_SERVER['REMOTE_ADDR']);
} else {
ozh_httpbl_check();
}

function ozh_httpbl_check() { // your http:BL key
$apikey = 'YOUR_API_KEY';
// IP to test
$ip = $_SERVER['REMOTE_ADDR'];
// build the lookup DNS query
// Example : for '127.9.1.2' you should query 'abcdefghijkl.2.1.9.127.dnsbl.httpbl.org'
$lookup = $apikey . '.' . implode('.', array_reverse(explode ('.', $ip ))) . '.dnsbl.httpbl.org';
// check query response
$result = explode( '.', gethostbyname($lookup));
if ($result[0] == 127) {
// query successful !
$activity = $result[1];
$threat = $result[2];
$type = $result[3];
if ($type & 0) $typemeaning .= 'Search Engine, ';
if ($type & 1) $typemeaning .= 'Suspicious, ';
if ($type & 2) $typemeaning .= 'Harvester, ';
if ($type & 4) $typemeaning .= 'Comment Spammer, ';
$typemeaning = trim($typemeaning,', ');
// echo "$type : $typemeaning of level $threat ";
// Now determine some blocking policy
if (
($type >= 4 && $threat > 0) // Comment spammer with any threat level
||
($type < 4 && $threat > 20) // Other types, with threat level greater than 20
) {
$block = true;
}
if ($block) {
ozh_httpbl_logme($block,$ip,$type,$threat,$activity);
ozh_httpbl_blockme();
die();
}
}
}

function ozh_httpbl_logme($block = false, $ip='', $type='',$threat='',$activity='') {
$log = fopen('./block.log','a');
$stamp = date('Y-m-d :: H-i-s');
// Some stuff you could log for further analysis
$page = $_SERVER['REQUEST_URI'];
$ua = $_SERVER["HTTP_USER_AGENT"];
if ($block) {
fputs($log,"$stamp :: BLOCKED $ip :: $type :: $threat :: $activity :: $page :: $uan");
} else {
fputs($log,"$stamp :: UNBLCKD $ip :: $page :: $uan");
}
fclose($log);
}

function ozh_httpbl_blockme() {
header('HTTP/1.0 403 Forbidden');
echo <<<HTML
<script type="text/javascript">
function setcookie( name, value, expires, path, domain, secure ) {
// set time, it's in milliseconds
var today = new Date();
today.setTime( today.getTime() );
if ( expires ) {
expires = expires * 1000 * 60 * 60 * 24;
}
var expires_date = new Date( today.getTime() + (expires) );
} function letmein() {
setcookie('notabot','true',1,'/', '', '');
location.reload(true);
}
</script>
<h1>Forbidden</h1>
<p>Sorry. You are using a suspicious IP.</p>
<p>If you are NOT a bot of any kind please <a href="javascript:letmein()">click here</a> to access the page.</p>
HTML;
}

?>

Change “YOUR_API_KEY” in the $apikey = ‘YOUR_API_KEY’; line with your httpBL API key.

Upload the file in the same folder as projecthp.php.

7. The blocked connections along with the IPs will be stored in the block.log file under the forum root folder.

You can check the IPs listed in this file at http://www.projecthoneypot.org/search_ip.php

There you will see the reason for the IP blocking.