View on
MetaCPAN is shutting down
For details read Perl NOC. After June 25th this page will redirect to
Chris Mills > WWW-Honeypot-httpBL-0.01 > WWW::Honeypot::httpBL



Annotate this POD


New  1
Open  0
View/Report Bugs
Module Version: 0.01   Source  


WWW::Honeypot::httpBL - Perl interface to Project Honeypot's Http:BL Service


  use WWW::Honeypot::httpBL;

  my $h = WWW::Honeypot::httpBL->new( { access_key => $ENV{'HTTPBL_ACCESS_KEY'} });

  # Is this IP associated with email harvesting?

  # How about comment spamming?

  # Is it a search engine?  

  # Is this IP just suspicious, as opposed to known evil?

  # What is the threat score?

  # How many days since the last actvity?


You will need an API key to get started, they are available here:

Once you have that, you can use this to determine whether a particular IP falls into one or more of these categories:



When given a valid IP, this method executes a lookup against Project Honeypot's http:BL service. Does not accept a domain name, IP addr only.


Returns 1 if the IP in question is associated with email harvesting, otherwise returns undef.


Returns 1 if the IP in question is associated with comment spamming, otherwise returns undef.


Returns the search engine name if the IP in question is a known search engine, otherwise returns undef. Supported search engines at this point are:

* Undocumented
* Alta Vista
* Ask
* Baidu
* Excite
* Google
* Looksmart
* Lycos
* Yahoo
* InfoSeek
* Miscellaneous

Returns 1 if the IP in question is deemed suspicious, otherwise returns undef. "Suspicious" means observed acting like a malicious bot, but so far not observed being malicious -- for example, caught harvesting emails but not yet caught spamming those addresses.

An important nuance is that once an IP is actually observed to be malicious, it is no longer considered "suspicious" which means this method will return undef. Put another way, undef sometimes indicates a higher grade of evil than the 1 this method will often return.


Returns an integer between 0-255 representing the threat score for this IP. This is an indicator of how dangerous an IP is, based on it's observed activity to date. The scale is logarithmic, which means high numbers are extremely rare (and evil). See the Project Honeypot documentation for more info.


Returns an integer between 0-255 representing the number of days since the IP was last observed on the project's network. This is an indicator of how active the IP currently is.


API keys and more detail on Project Honeypot are available at

Spam sucks. Please support Project Honeypot.


Chris Mills, <<gt>


Copyright (C) 2010 by Chris Mills

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.

syntax highlighting: