The Honey Pot BL Product for Zope
Provides access to the Project Honeypot Blacklist (http:BL) from Zope.
Bots and (comment-)spammers abound. They are almost everywhere and any slightly more visible webserver will be pounded by them. Project Honeypot is an effort to catch bots, classify them, and lately to give you access to the data to block them.
The IP addresses of visitors are checked against the database of Project Honeypot using a DNS lookup. If the visitor is listed as a known comment spammer, email harvester / scraper, or has shown significant "suspicious" (i.e. mailicious bot like) behavior, access is denied.
This product makes access to the http:BL blacklist from Project Honeypot from within Zope code possible. Deciding if this is a good idea is left for you - some people might prefer an apache module, some have no choice, some might prefer to make lookups not on every access, but only on relevant ones.
Once you have properly set up your site, bots whose IP is recognized by Project Honeypot will receive an error response with a 403 status code. Instead of your content (which they plan to scrape for email addresses or fill up with spam comments) they get a short text notice to go away.
If your CMS does a lot of work to dynamically render pages, testing the http:BL early in the process will spare you a lot of processor cycles, disk access and bandwith.
Not all bot IPs are known by Project Honeypot, but the reduction in malicious traffic is quite impressive. Many of the known bot IPs belong to "botnets" on broadband access IPs that are hard to block by range. Another tool for your defense in depth.
You can prepare a "whitelisting" mechanism: If a real human being receives the "go away" 403 message, they can whitelist themselves and continue to browse your site.
The product contains a readme, with information about basic installation and setup procedures. There's also a file with information about how to glue HoneyPotBL in with your Zope product. At the moment this has very few examples.
One important point: To actually test or use the code you will need an access key from Project Honeypot. To get the access key you will have to register and take part in the project, check out the Http:BL API Specification.
This code is in production use on my weblog. It has a couple of unit tests and should behave reasonable. I would consider it stable, but of course "your mileage may vary".
I use darcs for source code / revision control. When you have darcs installed you can check out the development version with one simple command:
darcs get -v http://repos.betabug.ch/HoneyPotBL
This checkout is like having your own branch of the code, with full revision history. You can make your own revisions, test out what you've got and you could even send me patches :-). The ZWiki project has a nice writeup about working with ZWiki:DarcsRepos.