NAME
WWW::httpBL - Perl interface to Project Honeypot's Http:BL Service
SYNOPSIS
use WWW::httpBL;
my $h = WWW::httpBL->new( { access_key => $ENV{'HTTPBL_ACCESS_KEY'} });
$h->fetch('127.1.1.6');
# Is this IP associated with email harvesting?
$h->is_harvester();
# How about comment spamming?
$h->is_comment_spammer();
# Is it a search engine?
$h->is_search_engine();
# Is this IP just suspicious, as opposed to known evil?
$h->is_suspicious();
# What is the threat score?
$h->threat_score();
# How many days since the last actvity?
$h->days_since_last_activity();
DESCRIPTION
You will need an API key to get started, they are available here:
http://www.projecthoneypot.org/
Once you have that, you can use this to determine whether a particular IP falls into one or more of these categories:
Search Engine
Suspected Comment Spammer
Suspected Email Harvester
Known Comment Spammer
Known Email Harvester
METHODS
- $h->fetch();
-
When given a valid IP, this method executes a lookup against Project Honeypot's http:BL service. Does not accept a domain name, IP addr only.
- $h->is_harvester();
-
Returns 1 if the IP in question is associated with email harvesting, otherwise returns undef.
- $h->is_comment_spammer();
-
Returns 1 if the IP in question is associated with comment spamming, otherwise returns undef.
- $h->is_search_engine();
-
Returns the search engine name if the IP in question is a known search engine, otherwise returns undef. Supported search engines at this point are:
- * Undocumented
- * Alta Vista
- * Ask
- * Baidu
- * Excite
- * Looksmart
- * Lycos
- * MSN
- * Yahoo
- * InfoSeek
- * Miscellaneous
- $h->is_suspicious();
-
Returns 1 if the IP in question is deemed suspicious, otherwise returns undef. "Suspicious" means observed acting like a malicious bot, but so far not observed being malicious -- for example, caught harvesting emails but not yet caught spamming those addresses.
An important nuance is that once an IP is actually observed to be malicious, it is no longer considered "suspicious" which means this method will return undef. Put another way, undef sometimes indicates a higher grade of evil than the 1 this method will often return.
- $h->threat_score();
-
Returns an integer between 0-255 representing the threat score for this IP. This is an indicator of how dangerous an IP is, based on it's observed activity to date. The scale is logarithmic, which means high numbers are extremely rare (and evil). See the Project Honeypot documentation for more info.
- $h->days_since_last_actvity();
-
Returns an integer between 0-255 representing the number of days since the IP was last observed on the project's network. This is an indicator of how active the IP currently is.
SEE ALSO
API keys and more detail on Project Honeypot are available at http://www.projecthoneypot.org/.
Spam sucks. Please support Project Honeypot.
AUTHOR
Chris Mills, <cmills@cpan.org<gt>
COPYRIGHT AND LICENSE
Copyright (C) 2010 by Chris Mills
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.
13 POD Errors
The following errors were encountered while parsing the POD:
- Around line 267:
Expected text after =item, not a bullet
- Around line 269:
Expected text after =item, not a bullet
- Around line 271:
Expected text after =item, not a bullet
- Around line 273:
Expected text after =item, not a bullet
- Around line 275:
Expected text after =item, not a bullet
- Around line 277:
Expected text after =item, not a bullet
- Around line 279:
Expected text after =item, not a bullet
- Around line 281:
Expected text after =item, not a bullet
- Around line 283:
Expected text after =item, not a bullet
- Around line 285:
Expected text after =item, not a bullet
- Around line 287:
Expected text after =item, not a bullet
- Around line 289:
Expected text after =item, not a bullet
- Around line 291:
Expected text after =item, not a bullet