How to Query HTTP:BL for Spamming IP Addresses
by
Join the DZone community and get the full member experience.
Join For FreeThey offer a service for querying IP addresses and check if they are listed in those involving in spamming or threatening activities. So, if your visitor has a black listed IP you can block him from accessing or doing something sensitive.
Since it is missing a Java library to use the service, I implemented a Spike following the HTTP:BL API specifications.
This is not production code, is just some (ugly) code I wrote to test how it works.
import static java.lang.Integer.parseInt;
import static java.lang.System.out;
import java.net.InetAddress;
import java.net.UnknownHostException;
// see: http://www.projecthoneypot.org/httpbl_api.php
public class HttpBlackListChecker {
public static void main(String[] args) throws Exception {
if (args.length == 0) help();
String ip = args[0];
out.println("Querying HTTP:BL for IP: " + ip);
String reversed = reversed(ip);
// get your own key at http://www.projecthoneypot.org/httpbl_configure.php
String accessKey = "abcdefghijkl";
String domain = "dnsbl.httpbl.org";
String lookup = accessKey + "." + reversed + "." + domain;
out.println("Lookup for: "+ lookup);
try {
String addr = InetAddress.getByName(lookup).getHostAddress();
translate(addr);
} catch (UnknownHostException e) {
out.println("The IP specified is not listed in HTTP:BL");
}
}
private static void help() {
out.println("Please specify an ip address to check");
System.exit(1);
}
private static void translate(String addr) {
String[] split = split(addr);
out.println("Response Code: " + addr);
out.println("Result: " + (split[0].equals("127") ? "found" : "error"));
out.println("Days since last activity: " + split[1]);
out.println("Treat score (0..255): " + split[2]);
out.print("Type of visitor: ");
int type = parseInt(split[3]);
switch (type) {
case 0:
out.println("Search Engine");
break;
case 1:
out.println("Suspicious");
break;
case 2:
out.println("Harvester");
break;
case 3:
out.println("Suspicious & Harvester");
break;
case 4:
out.println("Comment Spammer");
break;
case 5:
out.println("Suspicious & Comment Spammer");
break;
case 6:
out.println("Harvester & Comment Spammer");
break;
case 7:
out.println("Suspicious & Harvester & Comment Spammer");
break;
default:
out.println("Unknown");
break;
}
}
private static String reversed(String ip) {
String[] split = split(ip);
String reversed = null;
for (String chunk : split)
reversed = (reversed == null) ?
chunk :
chunk + "." + reversed;
return reversed;
}
private static String[] split(String ip) {
return ip.split("\\.");
}
}
This code won’t work if you don’t request an API key from here and replace it at line #16.
Sample output specifying one spamming IP (91.207.8.78):
Querying HTTP:BL for IP: 91.207.8.78 Lookup for: abcdefghijkl.78.8.207.91.dnsbl.httpbl.org Response Code: 127.1.61.5 Result: found Days since last activity: 1 Treat score (0..255): 61 Type of visitor: Suspicious & Comment Spammer
Notice that some ISP DNS server redirect to a “courtesy page” of the ISP itself, when you specify a non-existent host. In this case you’ll get some wrong repose code when the IP is not listed. You’ll see “Result: error” in the output, instead of “The IP specified is not listed in HTTP:BL”. The fault in this case if of your ISP.
Published at DZone with permission of Luigi Viggiano, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments