httpbl Plugin Project Honeypot Blocklists 1.0
Blocks malware robots (email harversters, comment spammers...) by comparing their IPs to project Honeypot Blocklists
|
00001 <?php 00013 // no direct access 00014 defined( '_JEXEC' ) or die( 'Restricted access' ); 00015 00016 jimport( 'joomla.plugin.plugin' ); 00017 00018 00023 class plgSystemHttpbl extends JPlugin { 00032 public function __construct( &$subject, $params ) { 00033 parent::__construct( $subject, $params ); 00034 } 00035 00045 function onAfterInitialise() { 00049 var $plg_name = "httpbl"; 00053 var $mainframe= &JFactory::getApplication(); 00057 var $session = &JFactory::getSession(); 00058 00059 // Assign paths 00060 $sitePath = JPATH_SITE; 00061 $siteUrl = substr(JURI::root(), 0, -1); 00062 00063 // Check if plugin is enabled 00064 if(JPluginHelper::isEnabled('system',$plg_name)==false) return; 00065 00066 // Loads the plugin language file the proper way 00067 if($mainframe->isAdmin()){ 00068 JPlugin::loadLanguage( 'plg_system_'.$plg_name ); 00069 } else { 00070 JPlugin::loadLanguage( 'plg_system_'.$plg_name, 'administrator' ); 00071 } 00072 00073 // Get plugin parameters 00074 00075 // Outside Parameters 00076 00077 if(!$params) $params = new JParameter(null); 00081 var $plugin =& JPluginHelper::getPlugin('system',$plg_name); 00085 var $pluginParams = new JParameter( $plugin->params ); 00089 var $apikey = ($params->get('api_key')) ? $params->get('api_key') : $pluginParams->get('api_key'); 00090 00091 //either log an already checked IP, or check an ip 00092 00093 if (isset($_COOKIE['notabot']) && $session->has('httpbl')) { 00094 $this->httpbl_logme(); 00095 if ($_SESSION['httpbl']['activity']<8) { 00096 $this->httpbl_infected(); // Only display infection banner if last spam was less than 8 days ago. 00097 } 00098 } else { 00099 $this->httpbl_check($apikey); 00100 } 00101 } 00102 00115 function httpbl_check($apikey) { 00116 00117 $ip = $_SERVER['REMOTE_ADDR']; 00118 // build the lookup DNS query 00119 // Example : for '127.9.1.2' you should query 'abcdefghijkl.2.1.9.127.dnsbl.httpbl.org' 00120 $lookup = $apikey . '.' . implode('.', array_reverse(explode ('.', $ip ))) . '.dnsbl.httpbl.org'; 00121 // check query response 00122 $result = explode( '.', gethostbyname($lookup)); 00123 00124 //$this->httpbl_blockme(); die('Restricted access'); 00125 00126 if ($result[0] == 127) { 00127 // We have a result 00128 $a = array('activity'=>$result[1], 'threat'=>$result[2], 'type'=>$result[3]); 00129 $typemeaning=''; 00130 if ($a['type'] & 0) $typemeaning .= 'Search Engine, '; 00131 if ($a['type'] & 1) $typemeaning .= 'Suspicious, '; 00132 if ($a['type'] & 2) $typemeaning .= 'Harvester, '; 00133 if ($a['type'] & 4) $typemeaning .= 'Comment Spammer, '; 00134 $a['typemeaning'] = trim($typemeaning,', '); 00135 00136 // Now determine some blocking policy 00137 // First set the block as NOT blocked 00138 $a['block']=0; 00139 00140 // Assess The threat 00141 if ( ($a['type'] >= 4 && $a['threat'] > 0) || ($a['type'] < 4 && $a['threat'] > 20)) { 00142 $a['block'] = 1; // set a block 00143 } 00144 00145 // store the info into the session (joomla style) 00146 $session = &JFactory::getSession(); 00147 $session->set('httpbl', $a); 00148 // store the info into the session (php style) 00149 // $_SESSION['httpbl']=$a; 00150 00151 if ($a['block']!=0) { 00152 $this->httpbl_logme(); // log the information 00153 $this->httpbl_blockme(); // Block the user 00154 die(); // kill the rest of execution 00155 } 00156 } 00157 } 00158 00166 function httpbl_logme() { 00167 $log = fopen($_SERVER["DOCUMENT_ROOT"].'/httpbl.txt','a'); 00168 $stamp = date('Y-m-d :: H-i-s'); 00169 $page = $_SERVER['REQUEST_URI']; 00170 $ua = $_SERVER["HTTP_USER_AGENT"]; 00171 if (!isset($_COOKIE['notabot'])) { 00172 fputs($log,"$stamp :: BLOCKED ".$_SERVER['REMOTE_ADDR']." :: ".$_SESSION['httpbl']['type']." :: ".$_SESSION['httpbl']['threat']." :: ".$_SESSION['httpbl']['activity']." :: $page :: $ua\n"); 00173 } else { 00174 fputs($log,"$stamp :: UNBLCKD ".$_SERVER['REMOTE_ADDR']." :: $page :: $ua\n"); 00175 } 00176 fclose($log); 00177 } 00178 00190 function httpbl_blockme() { 00191 header('HTTP/1.0 403 Forbidden'); 00192 echo '<html><body>'; 00193 $this->httpbl_infected(); // inform the user that he might be infected 00194 // write the javascript needed to let the user in and later log it. 00195 $js='<script type="text/javascript"> 00196 function setcookie( name, value, expires, path, domain, secure ) { 00197 00198 // set time, in milliseconds 00199 var today = new Date(); 00200 today.setTime( today.getTime() ); 00201 if ( expires ) { 00202 expires = expires * 1000 * 60 * 60 * 24; 00203 } 00204 var expires_date = new Date( today.getTime() + (expires) ); 00205 00206 document.cookie = name + "=" +escape( value ) + 00207 ( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) + 00208 ( ( path ) ? ";path=" + path : "" ) + 00209 ( ( domain ) ? ";domain=" + domain : "" ) + 00210 ( ( secure ) ? ";secure" : "" ); 00211 } 00212 function letmein() { 00213 setcookie("notabot","true",1,"/", "", ""); 00214 location.reload(true); 00215 } 00216 </script> 00217 <br />'; 00218 //output the body 00219 echo $js.JText::_('HTTPBL_LET_ME_IN');; 00220 } 00221 00231 function httpbl_infected() { 00232 $ip = $_SERVER['REMOTE_ADDR']; 00233 $days = $_SESSION['httpbl']['activity']; 00234 $httpbl_css = JURI::root()."plugins/system/httpbl/css/httpbl.css"; 00235 $infected_msg = JText::_('HTTPBL_INFECTED'); 00236 $httpbl_warning = '<style type="text/css" media="all">@import "'.$httpbl_css.'";</style>'.$infected_msg; 00237 echo $httpbl_warning; 00238 } 00239 00240 }