Excellent new blacklist service, now how to implement on pfblocker???
-
I just came across this- projecthoneypot.org
They are a collective honey pot, you can join in an active manner by giving them access to your honeypot, or simply utilize their DNSBL. They monitor websites that get scanned by harvester bots, and also comment forms on blogs/forums, and their system is pretty crafty in that it generates a unique email for every spammer that accesses the script, so they can track an entire spam botnet back to its source - its like killing the original vampire ;).
Looking at their stats, 245,722,827 contributing honey pot traps, it looks to have a wider reach than many of the other DNS blacklists I have seen.
http://www.projecthoneypot.org/statistics.phpThey have been active since 2004, so there are lots of contributors.
I am wondering if there is a way to integrate this in to a pfblocker source.
Their DNS lookups are like this with a reversed IP:
randomAPIkey.4.3.2.1.dnsbl.httpbl.orgwith the randomAPIkey being a key you need to sign up for (free). Does anyone know if this is possible on the current pfblocker package? I know there may be memory/speed limitations in the design of using a list like this, so more hardware may be needed to do that, but that can be a choice made by the user.
Their documentation is here:
https://www.projecthoneypot.org/httpbl_api.phpSome may say its just spam, but this tracks entire botnets that may be used for other malicious activity.