Over a million developers have joined DZone.

How to Query HTTP:BL for Spamming IP Addresses

DZone's Guide to

How to Query HTTP:BL for Spamming IP Addresses

· Java Zone ·
Free Resource

Get the Edge with a Professional Java IDE. 30-day free trial.

If you don’t know Project Honey Pot, go and have a look.

They offer a service for querying IP addresses and check if they are listed in those involving in spamming or threatening activities. So, if your visitor has a black listed IP you can block him from accessing or doing something sensitive.

Since it is missing a Java library to use the service, I implemented a Spike following the HTTP:BL API specifications.

This is not production code, is just some (ugly) code I wrote to test how it works.

import static java.lang.Integer.parseInt;
import static java.lang.System.out;

import java.net.InetAddress;
import java.net.UnknownHostException;

// see: http://www.projecthoneypot.org/httpbl_api.php
public class HttpBlackListChecker {

	public static void main(String[] args) throws Exception {
		if (args.length == 0) help();
		String ip = args[0];
		out.println("Querying HTTP:BL for IP: " + ip);
		String reversed = reversed(ip);
		// get your own key at http://www.projecthoneypot.org/httpbl_configure.php
		String accessKey = "abcdefghijkl";
		String domain = "dnsbl.httpbl.org";
		String lookup = accessKey + "." + reversed + "." + domain;
		out.println("Lookup for: "+ lookup);
	    try {
	    	String addr = InetAddress.getByName(lookup).getHostAddress();
		} catch (UnknownHostException e) {
			out.println("The IP specified is not listed in HTTP:BL");

	private static void help() {
		out.println("Please specify an ip address to check");

	private static void translate(String addr) {
		String[] split = split(addr);
		out.println("Response Code: " + addr);
		out.println("Result: " + (split[0].equals("127") ? "found" : "error"));
		out.println("Days since last activity: " + split[1]);
		out.println("Treat score (0..255): " + split[2]);
		out.print("Type of visitor: ");
		int type  = parseInt(split[3]);
		switch (type) {
		case 0:
			out.println("Search Engine");
		case 1:
		case 2:
		case 3:
			out.println("Suspicious & Harvester");
		case 4:
			out.println("Comment Spammer");
		case 5:
			out.println("Suspicious & Comment Spammer");
		case 6:
			out.println("Harvester & Comment Spammer");
		case 7:
			out.println("Suspicious & Harvester & Comment Spammer");

	private static String reversed(String ip) {
		String[] split = split(ip);
		String reversed = null;
		for (String chunk : split)
			reversed = (reversed == null) ?
						chunk :
						chunk + "." + reversed;
		return reversed;

	private static String[] split(String ip) {
		return ip.split("\\.");

This code won’t work if you don’t request an API key from here and replace it at line #16.

Sample output specifying one spamming IP (

Querying HTTP:BL for IP:
Lookup for: abcdefghijkl.
Response Code:
Result: found
Days since last activity: 1
Treat score (0..255): 61
Type of visitor: Suspicious & Comment Spammer

Notice that some ISP DNS server redirect to a “courtesy page” of the ISP itself, when you specify a non-existent host. In this case you’ll get some wrong repose code when the IP is not listed. You’ll see “Result: error” in the output, instead of “The IP specified is not listed in HTTP:BL”. The fault in this case if of your ISP.



Get the Java IDE that understands code & makes developing enjoyable. Level up your code with IntelliJ IDEA. Download the free trial.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}