Josh Sherman
Project Honey Pot is one of my favorite services. They offer an API that allows you to pull information on an IP address. This comes in very handy when vetting traffic coming to your website. I discovered the service a few years back after realizing that I had some spammers setting up profiles full of links to their Leeroy Vitton handbags and other knock offs.
My memory is fuzzy on whether or not there was a PHP library back then but I ended up rolling my own. Not sure what changed recently but my class for Project Honey Pot has been seeing an influx of downloads according to Packagist so I thought it would be cool to feature it on here.
Come to think of it, I think it may be cool to start featuring more PHP packages in these posts as I’m starting to run out of topics just from the core of PHP.
The library is pretty easy to use. You can install it by way of composer:
composer require "joshtronic/php-projecthoneypot:dev-master"
If you don’t have one already, you will need to obtain an API key from Project Honey Pot. You can sign up for free by going here. Once you have an API key you can get to hacking. All you need to do is create a new Project Honey Pot object and then query the IP address:
$project_honey_pot = new joshtronic\ProjectHoneyPot('_YOUR_API_KEY_');
$results = $project_honey_pot->query('1.2.3.4');
That will give you an associative array of information about the IP address in question. The information includes the last activity, threat score and an array of categories that classifies the IP address.
The threat score, according to Project Honey Pot, is a metric that describes how dangerous an IP address is based on its observed suspicious activity. The key they provide is that a rating of 25 is equivalent of someone sending 100 spam messages, 50 is 10,000 and 75 is 1,000,000. You will have to come up with your own logic as to how you want to deal with IP addresses of different threat scores.
You can find the source code to my Project Honey Pot library on GitHub. The documentation in the README provides additional information on how to simulate results for testing purposes.
On a side note, I’m really starting to think that perhaps I should be namespacing my PHP packages with PHPAve instead of my username. Thoughts?
