You are here

Home » API reference » http:BL 8 » HttpblEvaluator.php » HttpblEvaluator

public function HttpblEvaluator::httpbl_dnslookup in http:BL 8

Do http:BL DNS lookup at Project Honeypot Org

@todo Don't think anything is really capturing the response type values to store with the hosts. Use these?

Parameters

string $ip: The IP address to be checked.

string $key: The administrative access key.

Return value

array $values | FALSE

1 call to HttpblEvaluator::httpbl_dnslookup()
HttpblEvaluator::evaluateVisitor in src/HttpblEvaluator.php
Manages remote and local lookups on visiting host IPs, evaluates their remote status as safe or suspicious and determines a locally stored status (safe / white-listed, grey-listed, or blacklisted) which is used (by other functions) to determine an…

File

src/HttpblEvaluator.php, line 312

Class

HttpblEvaluator
HttpblEvaluator evaluates visitor/host page requests.

Namespace

Drupal\httpbl

Code

public function httpbl_dnslookup($ip, $key = NULL) {

  // Thanks to J.Wesley2 at
  // http://www.projecthoneypot.org/board/read.php?f=10&i=1&t=1
  if (!($ip = self::_httpbl_reverse_ip($ip))) {
    return FALSE;
  }

  // Make sure there is a valid access key before we proceed.
  if (!$key && !($key = \Drupal::state()
    ->get('httpbl.accesskey') ?: NULL)) {
    return FALSE;
  }
  $query = $key . '.' . $ip . '.dnsbl.httpbl.org.';
  $response = gethostbyname($query);
  if ($response == $query) {

    // if the domain does not resolve then it will be the same thing we passed to gethostbyname.
    return FALSE;
  }
  $values = array();
  $values['raw'] = $response;
  $response = explode('.', $response);
  if ($response[0] != '127') {

    // if the first octet is not 127, the response should be considered invalid
    $this->logTrapper
      ->trapWarning('DNS Lookup failed for @ip, response was @response', array(
      '@ip' => $ip,
      '@response' => $values['raw'],
    ));
    return FALSE;
  }

  // Lookup at Project Honey Pot was successful.
  $this->logTrapper
    ->trapDebug('DNS lookup results for @ip, response was @response', array(
    '@ip' => $ip,
    '@response' => $values['raw'],
  ));
  $values['last_activity'] = $response[1];
  $values['threat'] = $response[2];
  $values['type'] = $response[3];
  if ($response[3] == 0) {

    //if it's 0 then it's only a Search Engine
    $values['search_engine'] = TRUE;
  }
  if ($response[3] & 1) {

    //does it have the same bits as 1 set
    $values['suspicious'] = TRUE;
  }
  if ($response[3] & 2) {

    //does it have the same bits as 2 set
    $values['harvester'] = TRUE;
  }
  if ($response[3] & 4) {

    //does it have the same bits as 4 set
    $values['comment_spammer'] = TRUE;
  }
  return $values;
}