asp.net http module for project honey pot http IP blacklist
Posted on Mar 31, 2008 by
Paul WhiteAny Honest Webmaster will tell you that Zombie computers, and Spam Bots, make a small percentage of your daily traffic. Sometimes you end up upgrading your
hosting just to accomadate what you think are real visitors when its really Spam Bots. These Bots try to Post comments and links back to the sites they make money on. You will probably notice in your event viewer all the failed viewstates on your login pages. 99% of the time this is from spambots. The guys over at Project Honey Pot have started up a Blacklist of IPs with a bad History. When I got my API key I didn't notice anyone with an
ASP.NET Module so I decided to create one.
First before you get too far.
Visit
https://www.projecthoneypot.org/httpbl_apiAnd read up on the HTTP Blacklist, and how it works. Then sign up for an API key.
I have included plenty of comments to help explain the code.
To use this module simply create a App_Code Folder within your root directory
Then place this code into notepad, and save as IpBlackList.cs
FTP your IpBlackList.cs to your Website's App_Code Folder
Add the HTTP Module entry to your web.config ( see below )
If you get any errors just change your Web.config, and delete the module, so your site is not down while you work out any bugs.
Let me know what you guys thinks.
///////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// This Module was created to protect your website from roque IPs
// This Module makes a call to http://www.projecthoneypot.org's HTTP Blacklist
// You must signup for an API key at http://www.projecthoneypot.org/httpbl_api
// If the IP that is making the request matches, the user is redirected
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
using System;
using System.Web;
using System.Net;
using System.Data;
using System.Data.Odbc;
using System.Configuration;
using System.Collections.Specialized;
namespace IpBlackListModule
{
public class IpBlackList : IHttpModule{
public IpBlackList() { }
// start up module
public void Init(HttpApplication application){
application.BeginRequest += (new EventHandler(this.Application_BeginRequest));
}
// module code
private void Application_BeginRequest(Object source, EventArgs e) {
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// Modify only these Variables
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
// The URL you want to redirect bad IPs to
string redirectURL="http://www.projecthoneypot.org";
// Your Project Honey Pot API key
string ApiKey="YourAPIKeyGoesHere";
// Suspicious IPs will have a value between 0 and 255. IP must have higher value than threatValue
int threatValue=0;
// max number of days since last reported abuse
int threatDays=255;
//////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////
HttpApplication app = (HttpApplication)source;
HttpContext ctext = app.Context;
// get current IP
string IPAddr = ctext.Request.ServerVariables["REMOTE_ADDR"];
string [] wordIP = IPAddr.Split(new char []{'.'});
string ipaddress=wordIP[3]+"."+wordIP[2]+"."+wordIP[1]+"."+wordIP[0];
string mydomain=ApiKey+"."+ipaddress+".dnsbl.httpbl.org";
try{
// make DNS call to HTTP:BL
IPHostEntry GetIPHost = Dns.GetHostByName(mydomain);
string responseIP="";
foreach(IPAddress ip in GetIPHost.AddressList){
responseIP = ip.ToString();
}
string [] respIP = responseIP.Split(new char []{'.'});
// if 127 then good request
int num1=Convert.ToInt32(respIP[0]);
// days since last activity
int num2=Convert.ToInt32(respIP[1]);
// threat type
int num3=Convert.ToInt32(respIP[2]);
// threat score
int num4=Convert.ToInt32(respIP[3]);
// is response valid
if(num1==127){
// has there been a report within threatDays ( days )
if(num20){
// if the threat value is greater than our min
if(num4==0){
//ignore Search Engines
}
if(num4>threatValue){
// If you have a SQL DB this is where you would
// want to Log the event
// Now Kick the Spammer
ctext.Response.Redirect(redirectURL);
}
}
}
}
}
// if the IP is not found on the blacklist then get catch the exception
catch{}
}
// Nothing to dispose
public void Dispose(){}
}
}
And Finally your web.config should look like this
<configuration>
<system.web>
<httpModules>
<add name="IpBlackList" type="IpBlackListModule.IpBlackList"/>
</httpModules>
</system.web>
</configuration>
This should be as simple as Drag and Drop after you make a few small changes to personalize your code.
I've created something very similar.
http://code.google.com/p/blacklistprotector/
See what you think