Admin Tools

Sunday, 10 April 2011 06:22 CDT

Randy Prue

Good day, all. I have entered my blacklist key from Project Honey Pot (HTTP:BL) (into Admin Tools on) a couple of sites. Obviously, I also installed the script and the bait code.

Today I have two instances on one site of bad behavior (repeated 4 times each). One of the IPs is blacklisted on 4 lists. The other is not BL anywhere (using the lists at whatismyipaddress.com). Both were from Germany.

Is it possible that traffic generated by honeypot can be interpreted as bad behavior?

Also, when I use Admin Tools as the interface to Honey Pot, can I ignore the section on their site about how to connect to them to compare to their black lists? It seems to me that this is what Admin. Tools is doing.

Edited by Randy Prue on 2011-04-10 06:24 CDT

Sunday, 10 April 2011 07:13 CDT

nicholas

The Bad Behavior integrates with HTTP:BL automagically. If an incoming IP is in the black list and has a high ranking (practically this means it's a confirmed hacker/spammer) the access is denied and logged in Admin Tools' log as "Bad Behavior". You do not need to do anything further to integrate Project Honeypot's HTTP:BL.

Regarding how Bad Bheavior works, as I mention in the documentation and have written countless times in this forum, it merely integrates the Bad Behavior library from io-error.us. If the third party library thinks that the request looks like a spam attack, it gets blocked. That's all.

On retrospect, this integration has caused so many support requests that I am seriously considering of completely removing it from Admin Tools 2.1. I came to the conclusion that the minimal protection it adds to the site is worth the time I spend on trying to support this third party library integration.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 10 April 2011 07:55 CDT

slaes

hey nicholas,

thumbs up on that. (removing it) Lets face it, any hacker/spamer capable of causing any serious breaches on a tight site and box is going to be working with dynamic and new ip's or proxys anyway. as soon as they make it to io-error and etc they move on.

it's outa hand and your skills would be much better put towards some good seo tools. Make some serp country specifi stuff and maybe even some easy meta stuff for quick article insertion. right now i joomla is the only decient things and aside from a convience point of view aint that good and is worth 100 odd bucks.

You could smack it!!

Go nicholas!! Do you need to get a patition happening? lol

Edited by slaes on 2011-04-10 07:55 CDT

Sunday, 10 April 2011 08:00 CDT

nicholas

Thanks, man! I fully agree about the pointless nature of IP blocks. No petition necessary, I have quite a few good ideas and little time to make them happen - but I'm working on them!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 10 April 2011 08:21 CDT

slaes

Sounds great man.

Seriously, a 1000 position serp with keyword logging / history tracking to see improvment / drop would be awesome and solve many peoples querries. Google alone would be plenty however ive no doubt you would probably integrate others. County would be important.

As would a simple one page article integrator for keywords, meta titles and descriptions.

Sunday, 10 April 2011 10:55 CDT

Randy Prue

I rather enjoy the features. I have implemented both of them. But then I am not as skilled or informed as you (two) are.

I figured out that "their" IP addresses are VERY short-lived. Disposable.

Support

#9826 Connection to Project Honey Pot

This is a public ticket

Environment Information