Over a million developers have joined DZone.

How to Query HTTP:BL for Spamming IP Addresses

DZone's Guide to

How to Query HTTP:BL for Spamming IP Addresses

· Java Zone ·
Free Resource

Delivering modern software? Atomist automates your software delivery experience.

If you don’t know Project Honey Pot, go and have a look.

They offer a service for querying IP addresses and check if they are listed in those involving in spamming or threatening activities. So, if your visitor has a black listed IP you can block him from accessing or doing something sensitive.

Since it is missing a Java library to use the service, I implemented a Spike following the HTTP:BL API specifications.

This is not production code, is just some (ugly) code I wrote to test how it works.

import static java.lang.Integer.parseInt;
import static java.lang.System.out;

import java.net.InetAddress;
import java.net.UnknownHostException;

// see: http://www.projecthoneypot.org/httpbl_api.php
public class HttpBlackListChecker {

	public static void main(String[] args) throws Exception {
		if (args.length == 0) help();
		String ip = args[0];
		out.println("Querying HTTP:BL for IP: " + ip);
		String reversed = reversed(ip);
		// get your own key at http://www.projecthoneypot.org/httpbl_configure.php
		String accessKey = "abcdefghijkl";
		String domain = "dnsbl.httpbl.org";
		String lookup = accessKey + "." + reversed + "." + domain;
		out.println("Lookup for: "+ lookup);
	    try {
	    	String addr = InetAddress.getByName(lookup).getHostAddress();
		} catch (UnknownHostException e) {
			out.println("The IP specified is not listed in HTTP:BL");

	private static void help() {
		out.println("Please specify an ip address to check");

	private static void translate(String addr) {
		String[] split = split(addr);
		out.println("Response Code: " + addr);
		out.println("Result: " + (split[0].equals("127") ? "found" : "error"));
		out.println("Days since last activity: " + split[1]);
		out.println("Treat score (0..255): " + split[2]);
		out.print("Type of visitor: ");
		int type  = parseInt(split[3]);
		switch (type) {
		case 0:
			out.println("Search Engine");
		case 1:
		case 2:
		case 3:
			out.println("Suspicious & Harvester");
		case 4:
			out.println("Comment Spammer");
		case 5:
			out.println("Suspicious & Comment Spammer");
		case 6:
			out.println("Harvester & Comment Spammer");
		case 7:
			out.println("Suspicious & Harvester & Comment Spammer");

	private static String reversed(String ip) {
		String[] split = split(ip);
		String reversed = null;
		for (String chunk : split)
			reversed = (reversed == null) ?
						chunk :
						chunk + "." + reversed;
		return reversed;

	private static String[] split(String ip) {
		return ip.split("\\.");

This code won’t work if you don’t request an API key from here and replace it at line #16.

Sample output specifying one spamming IP (

Querying HTTP:BL for IP:
Lookup for: abcdefghijkl.
Response Code:
Result: found
Days since last activity: 1
Treat score (0..255): 61
Type of visitor: Suspicious & Comment Spammer

Notice that some ISP DNS server redirect to a “courtesy page” of the ISP itself, when you specify a non-existent host. In this case you’ll get some wrong repose code when the IP is not listed. You’ll see “Result: error” in the output, instead of “The IP specified is not listed in HTTP:BL”. The fault in this case if of your ISP.



Start automating your delivery right there on your own laptop, today! Get the open source Atomist Software Delivery Machine.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}