Re: [Httpbl-beta] Server+Mod running, tests incomplete?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> woot, mod_httpbl is running on my server :-)

Very cool! What platform are you running it on (OS version,  
processor, etc.) and what version of Apache?

> Like Erich posted on
> http://sourceforge.net/tracker/index.php? 
> func=detail&aid=1711506&group_id=194880&atid=951201
> before, I only have access to the diagnostics page.
>
> [ + ]   Write to the log directory (/var/log/apache2/)
> [ + ]   Write to the repos directory (/usr/lib64/apache2/logs/)
> [ + ]   Resolve and reach the RBL domain (www.projecthoneypot.org)
> [ * ]   Authenticate with the Project Honey Pot RBL  
> (*.dave.httpbl.org)
> [ * ]   Submit 404 data to the server
> (http://192.168.3.100:11000/record_404.php)
> [ * ]   Submit POST data to the server
> (http://192.168.3.100:11000/record_post.php)
> [ * ]   Query for honeypots (http://hpr1.projecthoneypot.org/cgi/ 
> serve.php)
>
> Is it alright that the authenticate and further tests are not  
> performed?

Yes. Right now the first three tests are key, the remaining tests are  
for features that have not been implemented yet -- but will be soon!

To give you some sneak previews:

- Authenticate with Project Honey Pot RBL
Checks that your Access Key is valid. Currently this check is not  
enabled.

- Submit 404 Data
One of the ways that "script kiddies" look for exploits is by trying  
random URLs on your server and seeing if you have vulnerable software  
installed. For the most part, this results in 404 (page not found)  
errors. By recording these 404 errors we can look for patterns and  
add the IPs that are clearly out to find exploits to the http:BL. If  
you'd prefer to not share this data with us, you can turn it off  
through a directive.

- Submit POST data to server
Checks that we can POST to a remote server and receive a response.  
Critical for a number of functions, including virtual honey pots.  
We're still testing this internally, but expect to release a copy of  
the code with it enabled soon.

- Query for Honey Pot
Checks to see if you can enable a virtual honey pot. This allows you  
to define a URL that will act as a honey pot. The honey pot receives  
data from our central servers, including, potentially, specially  
tagged email addresses, trap forms, and other tests of bots. Data  
from the honey pot is then transmitted back to Project Honey Pot to,  
where appropriate, be included in http:BL.

Thanks for your help testing this on a number of platforms. We should  
have a new version with James's patch and more features out soon. If  
anyone is feeling ambitious and wants to try and port this over to  
Apache1.x, that's something we have a long range plan for, and we  
consider important, but is not high on our internal priority list.

Thanks!
Matthew.