Project Honey Pot is one of my favorite services. They offer an API that allows
you to pull information on an IP address. This comes in very handy when vetting
traffic coming to your website. I discovered the service a few years back after
realizing that I had some spammers setting up profiles full of links to their
Leeroy Vitton handbags and other knock offs.
My memory is fuzzy on whether or not there was a PHP library back then but I
ended up rolling my own. Not sure what changed recently but my class for
Project Honey Pot has been seeing an influx of downloads according to
Packagist so I thought it would be cool to feature it on here.
Come to think of it, I think it may be cool to start featuring more PHP
packages in these posts as I’m starting to run out of topics just from the core
of PHP.
The library is pretty easy to use. You can install it by way of composer:
composer require "joshtronic/php-projecthoneypot:dev-master"
If you don’t have one already, you will need to obtain an API key from Project
Honey Pot. You can sign up for free by going here. Once you have an API
key you can get to hacking. All you need to do is create a new Project Honey
Pot object and then query the IP address:
$project_honey_pot = new joshtronicProjectHoneyPot('_YOUR_API_KEY_'
$results = $project_honey_pot->query('1.2.3.4'
That will give you an associative array of information about the IP address in
question. The information includes the last activity, threat score and an array
of categories that classifies the IP address.
The threat score, according to Project Honey Pot, is a metric that describes
how dangerous an IP address is based on its observed suspicious activity. The
key they provide is that a rating of 25 is equivalent of someone sending 100
spam messages, 50 is 10,000 and 75 is 1,000,000. You will have to come up with
your own logic as to how you want to deal with IP addresses of different threat
scores.
You can find the source code to my Project Honey Pot library on GitHub.
The documentation in the README provides additional information on how to
simulate results for testing purposes.
On a side note, I’m really starting to think that perhaps I should be
namespacing my PHP packages with PHPAve instead of my username. Thoughts?