Luigi is a passionate software developer working in Java since 2000. In 2001 he co-founded the Java User Group Torino, the first local JUG in Italy. Quickly after that, many other JUGs have born in Italy following JUG Torino's example. Since some years now, he is working as free lance software consultant between Italy, Germany, UK and Switzerland, on several industries. His personal interests include software, science fiction books and movies, traveling, photography and good food. Luigi is a DZone MVB and is not an employee of DZone and has posted 19 posts at DZone. You can read more from them at their website. View Full User Profile

How to Query HTTP:BL for Spamming IP Addresses

05.07.2012
| 3200 views |
  • submit to reddit
If you don’t know Project Honey Pot, go and have a look.

They offer a service for querying IP addresses and check if they are listed in those involving in spamming or threatening activities. So, if your visitor has a black listed IP you can block him from accessing or doing something sensitive.

Since it is missing a Java library to use the service, I implemented a Spike following the HTTP:BL API specifications.

This is not production code, is just some (ugly) code I wrote to test how it works.

import static java.lang.Integer.parseInt;
import static java.lang.System.out;

import java.net.InetAddress;
import java.net.UnknownHostException;

// see: http://www.projecthoneypot.org/httpbl_api.php
public class HttpBlackListChecker {

	public static void main(String[] args) throws Exception {
		if (args.length == 0) help();
		String ip = args[0];
		out.println("Querying HTTP:BL for IP: " + ip);
		String reversed = reversed(ip);
		// get your own key at http://www.projecthoneypot.org/httpbl_configure.php
		String accessKey = "abcdefghijkl";
		String domain = "dnsbl.httpbl.org";
		String lookup = accessKey + "." + reversed + "." + domain;
		out.println("Lookup for: "+ lookup);
	    try {
	    	String addr = InetAddress.getByName(lookup).getHostAddress();
	    	translate(addr);
		} catch (UnknownHostException e) {
			out.println("The IP specified is not listed in HTTP:BL");
		}
	}

	private static void help() {
		out.println("Please specify an ip address to check");
		System.exit(1);
	}

	private static void translate(String addr) {
		String[] split = split(addr);
		out.println("Response Code: " + addr);
		out.println("Result: " + (split[0].equals("127") ? "found" : "error"));
		out.println("Days since last activity: " + split[1]);
		out.println("Treat score (0..255): " + split[2]);
		out.print("Type of visitor: ");
		int type  = parseInt(split[3]);
		switch (type) {
		case 0:
			out.println("Search Engine");
			break;
		case 1:
			out.println("Suspicious");
			break;
		case 2:
			out.println("Harvester");
			break;
		case 3:
			out.println("Suspicious & Harvester");
			break;
		case 4:
			out.println("Comment Spammer");
			break;
		case 5:
			out.println("Suspicious & Comment Spammer");
			break;
		case 6:
			out.println("Harvester & Comment Spammer");
			break;
		case 7:
			out.println("Suspicious & Harvester & Comment Spammer");
			break;
		default:
			out.println("Unknown");
			break;
		}
	}

	private static String reversed(String ip) {
		String[] split = split(ip);
		String reversed = null;
		for (String chunk : split)
			reversed = (reversed == null) ?
						chunk :
						chunk + "." + reversed;
		return reversed;
	}

	private static String[] split(String ip) {
		return ip.split("\\.");
	}
}

This code won’t work if you don’t request an API key from here and replace it at line #16.

Sample output specifying one spamming IP (91.207.8.78):

Querying HTTP:BL for IP: 91.207.8.78
Lookup for: abcdefghijkl.78.8.207.91.dnsbl.httpbl.org
Response Code: 127.1.61.5
Result: found
Days since last activity: 1
Treat score (0..255): 61
Type of visitor: Suspicious & Comment Spammer

Notice that some ISP DNS server redirect to a “courtesy page” of the ISP itself, when you specify a non-existent host. In this case you’ll get some wrong repose code when the IP is not listed. You’ll see “Result: error” in the output, instead of “The IP specified is not listed in HTTP:BL”. The fault in this case if of your ISP.

 

 

Published at DZone with permission of Luigi Viggiano, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)