Documentation
¶
Overview ¶
Package httpbl connects to the Project Honey Pot http:BL API.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrMissingAccessKey = errors.New("httpbl: missing access key") ErrInvalidKey = errors.New("httpbl: malformed access key") ErrInvalidIP = errors.New("httpbl: ip is not a valid IPv4 address") ErrInvalidResponse = errors.New("httpbl: dns response does not match expected format") )
Predefined error values
Functions ¶
func ValidateAccessKey ¶
ValidateAccessKey validates the structure of an access key. Access keys consist of 12 lower-case letters and can be found at https://www.projecthoneypot.org/httpbl_configure.php
Types ¶
type Context ¶
type Context struct {
// AccessKey is the http:BL access key from Project Honey Pot.
// Access keys should be provided by the user, as sharing an
// access key is against the terms of service.
//
// An access key can be requested at this page:
// https://www.projecthoneypot.org/httpbl_configure.php
AccessKey string
// Resolver is the DNS resolver to use. If it is nil,
// net.DefaultResolver will be used instead.
Resolver *net.Resolver
}
Context is the base type for authenticated http:BL requests.
func (*Context) Lookup ¶
Lookup queries the http:BL DNSBL and returns a *Result. If the IP address is not listed in http:BL, this method returns nil, nil.
Possible errors:
ErrInvalidIP:
ip is not an IPv4 address. Only IPv4 is currently supported.
ErrInvalidKey:
The AccessKey field is unset or malformed. This does not check the validity of the address key, only its layout.
ErrInvalidResponse:
The DNS response did not match the format expected from the http:BL API. This may signify a bug in this library or a misconfiguration of the DNS resolver.
Errors from the DNS resolver may also be returned by this method.
type KnownSearchEngine ¶
type KnownSearchEngine uint8
KnownSearchEngine is the identified search engine type.
const ( SEUndocumented KnownSearchEngine = 0 SEAltaVista KnownSearchEngine = 1 SEAsk KnownSearchEngine = 2 SEBaidu KnownSearchEngine = 3 SEExcite KnownSearchEngine = 4 SEGoogle KnownSearchEngine = 5 SELooksmart KnownSearchEngine = 6 SELycos KnownSearchEngine = 7 SEMSN KnownSearchEngine = 8 SEYahoo KnownSearchEngine = 9 SECuil KnownSearchEngine = 10 SEInfoSeek KnownSearchEngine = 11 SEMiscellaneous KnownSearchEngine = 12 )
Search engines
func (KnownSearchEngine) String ¶
func (se KnownSearchEngine) String() string
KnownSearchEngine returns a string representation of the enum value.
type Result ¶
type Result struct {
// Type is a bitfield holding the types of threats recently observed
// from the queried IP address. If Type is SearchEngine, the
// SearchEngine field is valid. Otherwise, the Days and Threat fields
// are valid.
Type ResultType
// Days is the number of days since Project Honey Pot last saw activity
// from the queried IP address. You may wish to ignore results older
// than a certain threshold of days as "stale".
Days uint8
// Threat is a logarithmic rating of how dangerous an IP is based on
// its observed activity.
//
// A threat rating of 25 can be interpreted as the equivalent of
// sending 100 spam messages to a honey pot trap. 50 corresponds to
// the equivalent of 10,000 spam messages, and 75 corresponds to
// 1,000,000. Due to the logarithmic scale, it is unlikely that this
// number will rise above 200.
//
// A threat rating of 0 means no threat score has been assigned.
Threat uint8
// SearchEngine is the identified search engine type for the queried IP
// address.
SearchEngine KnownSearchEngine
}
Result holds the response from http:BL. A nil *Result signifies an NXDOMAIN response, meaning that the IP was not recently seen by Project Honey Pot.
Accessing fields of a nil *Result will panic, but calling methods on a nil *Result is allowed.
func (*Result) CheckThreatLevel ¶
CheckThreatLevel returns true if the Result is a threat type (i.e. not a search engine) and the threat rating is greater than or equal to min.
func (*Result) SeenWithinDays ¶
SeenWithinDays returns true if the Result is a threat type (i.e. not a search engine) and the IP's last observed activity was less than or equal to max days ago.
type ResultType ¶
type ResultType uint8
ResultType is a bitfield of threat types.
const ( // SearchEngine is mutually exclusive with the other types. If a search // engine IP is found to be participating in spamming, it will cease to // be listed as a search engine IP. SearchEngine ResultType = 0 // Suspicious IPs have been seen engaging in behavior that is // consistent with a malicious bot, but malicious behavior has not yet // necessarily been observed. For example, some harvesters wait nearly // a week before sending any spam messages to addresses they have // collected. // // Behavior considered supicious includes accessing many honey pots in // a short period of time and ignoring robots.txt. Suspicious ResultType = 1 << 0 // Harvester IPs are bots that found a honey pot email address which // later received an email. Harvester ResultType = 1 << 1 // CommentSpammer IPs are bots that attempted to leave comments on the // fake blog comment form served by some honey pots. CommentSpammer ResultType = 1 << 2 )
func (ResultType) CommentSpammer ¶
func (t ResultType) CommentSpammer() bool
CommentSpammer returns true if the "comment spammer" bit is set.
func (ResultType) Harvester ¶
func (t ResultType) Harvester() bool
Harvester returns true if the "harvester" bit is set.
func (ResultType) SearchEngine ¶
func (t ResultType) SearchEngine() bool
SearchEngine returns true if the result type is "search engine".
func (ResultType) String ¶
func (t ResultType) String() string
String returns a string representation of the bitfield. This is mostly useful for debugging. There is no guarantee whatsoever to the format of the returned string.
func (ResultType) Suspicious ¶
func (t ResultType) Suspicious() bool
Suspicious returns true if the "suspicious" bit is set.
Source Files