Http Blacklist - Apache Implementation V2

Refer Project Http Blacklist - Apache Implementation Project.

The modules have now been installed.

V2 is to configure query settings(with input from myself)test working (i.e blocking appropriately), and ensure I understand how to change settings.

Part of the Http:BL API Specification below.

Query Responses

The DNS response provides details about the activity of the IP address being checked. Queries return IPv4 results with three of the four octets containing data to provide you information about the visitor to your site. The intention is for this to allow you flexibility in how you treat the visitor rather than a simple black and white response (e.g., you may want to treat known harvesters differently than known comment spammers: blocking the former from seeing email addresses while blocking the later from POSTing to forms).

Below is an example of a hypothetical query and hypothetical response which will be referenced throughout the rest of this section:

Query: [url removed, login to view]


Each octet, other than the first octet, in the IPv4 response has a meaning. The first octet (127 in the example above) is always 127 and is pre-defined to not have a specified meaning related to the particular visitor. If the first octet in the response is not 127 it means an error condition has occurred and your query may not have been formatted correctly.

The second octet (3 in the example above) represents the number of days since last activity. In the example above, it has been 3 days since the last time the queried IP address saw activity on the Project Honey Pot network. This value ranges from 0 days to 255 days. This value is useful in helping you assess how "stale" the information provided by http:BL is and therefore the extent to which you should rely on it.

The third octet (5 in the example above) represents a threat score for IP. This score is assigned internally by Project Honey Pot based on a number of factors including the number of honey pots the IP has been seen visiting, the damage done during those visits (email addresses harvested or forms posted to), etc. The range of the score is from 0 to 255, where 255 is extremely threatening and 0 indicates no threat score has been assigned. In the example above, the IP queried has a threat score of "5", which is relatively low. While a rough and imperfect measure, this value may be useful in helping you assess the threat posed by a visitor to your site.

The fourth octet (1 in the example above) represents the type of visitor. Defined types include: "search engine," "suspicious," "harvester," and "comment spammer." Because a visitor may belong to multiple types (e.g., a harvester that is also a comment spammer) this octet is represented as a bitset with an aggregate value from 0 to 255. In the example above, the type is listed as 1, which means the visitor is merely "suspicious." A chart outlining the different types appears below. This value is useful because it allows you to treat different types of robots differently.

Value Meaning

0 Search Engine

1 Suspicious

2 Harvester

4 Comment Spammer

8 [Reserved for Future Use]

16 [Reserved for Future Use]

32 [Reserved for Future Use]

64 [Reserved for Future Use]

128 [Reserved for Future Use]

Because the fourth octet is a bitset, visitors that have identified as falling into multiple categories may be represented. See the following table for an explanation of the current possible values.

Value Meaning

0 Search Engine (0)

1 Suspicious (1)

2 Harvester (2)

3 Suspicious & Harvester (1+2)

4 Comment Spammer (4)

5 Suspicious & Comment Spammer (1+4)

6 Harvester & Comment Spammer (2+4)

7 Suspicious & Harvester & Comment Spammer (1+2+4)

>7 [Reserved for Future Use]

Taidot: Linux, Komentosarjan asennus, Järjestelmänvalvoja

Näytä lisää: rest specification, range query, g network, search http, part time input data, dns org, v2, the harvester, Network Implementation, measure, last seen, ipv4, http://, http, http search, honey, email blacklist, blacklist ip, bl, assess, apache network, aggregate, data harvester, network range specification, api response time

Tietoa työnantajasta:
( 65 arvostelua ) Wellington, New Zealand

Projektin tunnus: #426794