Skip to Content

According to the recent spamometer survey undertaken by Ipswitch Inc., 93% of all email received is spam. This is huge, certainly when in the same period of the previous year, ‘only’ 62% of all mails received was spam. Another study by IDC (IDC #206038) warned that 40 billion spam messages will be sent this year.

I’ve already published some web logs concerning (the prevention) of spam on:

  Die Mensch-Maschine

  A Simulation of Semaphores

And my favourite

  Mr Spamman, don’t bring me a dream

The latter describes the Honeypot project. The primary goal in this project is to understand the spam cycle. It is a distributed system of decoy email addresses website administrators can include on their sites in order to gather information about the robots and spiders that spammers use. The project collates data on how addresses are harvested, distributed, and eventually spammed in order to fight these spammers in court with all the legal resources available.  As you know, I’ve made a BSP port for this project.

With the launch of the honeypot project, the people of this project promised to help stop spammers before they got to your e-mail address. It took a while, but they’ve kept their promise by launching http:BL, a free module for Apache 2 that automatically blocks known comment spammers, harvesters, and other suspicious visitors from accessing your site.

It’s a kind of DNS blacklist, but instead of the traditional focus on mail servers, it concentrates on web servers.

It isn’t  that easy to implement the above within the SAP environment. Sure, you might configure  the Apache Web Server as the intermediary server , but it’s a bit of a hassle  in order to have the http:BL up and running. Outside the SAP world, people  don’t always have the possibility to install a module (server is owned by  provider, etc.). Therefore a description of the http:BL specifications have  been published in order that people can write their own ‘module’. So I wanted  to continue my effort to make things available in BSP and made a ‘port’.

Here is a step by step explanation on how to install it.

 

5 easy steps installation

Step 1:

          Request an access key. Access keys are granted  to active members of Project Honey Pot. The first step in getting an access key  is to create an account . Everything is free.

 

Step 2:

Create an external command.
The whole http:BL-mechanism is based on DNS queries. The 2 common ways to do this on a Unix machine are DIG and NSLOOKUP. Since NSLOOKUP is also available on Windows, we are going to create an external command for this.
Just start the transaction SM69 and create a new external command.
Fill in the following fields.

Command name:                         ZNSLOOKUP
Operating system command :            nslookup
Additional Parameters allowed:        checked

 

Step 3:

Use the code below. In this implementation it is defined as an application class method, but you can choose to implement it in another way (e.g. page fragment) if desired.

method HTTP_BL.
  data: param TYPE char255, result_table TYPE zeu_t_btcxpm, ip type string,
  itab TYPE TABLE OF string, idx type i,  result type string.
  param = key.
  split remote at '.' into TABLE itab.
  idx = 4.
  do 4 times.
  read table itab index idx into ip.
  concatenate param '.' ip into param.
  idx = idx - 1.
  enddo.
  concatenate param '.dnsbl.httpbl.org' into param.
  CALL FUNCTION 'SXPG_COMMAND_EXECUTE'
  EXPORTING
  commandname                   = 'ZNSLOOKUP'
  additional_parameters         = param
  operatingsystem               = sy-opsys
  terminationwait               = 'X'
  TABLES
  exec_protocol                 = result_table
  EXCEPTIONS
  no_permission                 = 1
  command_not_found             = 2
  parameters_too_long           = 3
  security_risk                 = 4
  wrong_check_call_interface    = 5
  program_start_error           = 6
  program_termination_error     = 7
  x_error                       = 8
  parameter_expected            = 9
  too_many_parameters           = 10
  illegal_command               = 11
  wrong_asynchronous_parameters = 12
  cant_enq_tbtco_entry          = 13
  jobcount_generation_error     = 14
  OTHERS                        = 15.
  if sy-subrc gt 0.
    rc = 99.
  else.
    if lines( result_table ) gt 4.
        read table result_table index 6 into result.
        condense result NO-GAPS.
        split result at ':' into TABLE itab.
        read table itab index 2 into result.
        split result at '.' into TABLE itab.
        read table itab index 4 into rc.
    else.
        rc = 0.
    endif.
  endif.
endmethod.

I wil explain the code in a next blog.

 

Step 4: <br>
            call the  class method</p>
          <pre><%@page language=”abap” %>
   <% data: remote type string.
             remote = request->get_header_field( ‘~remote_addr’ ).%>
   <%= application->http_bl( key = ‘enter here  your key’ remote = remote )%></pre>
          <p> </p>
          <p>You need to  replace ‘enter here your key’ with the key you’ve requested in step 1. Now it’s  up to you what you want to do with the result of the method. In this example I  just show the code. You can choose to test on the returning value and redirect  the user to an error page if it happens to be a malicious one.</p>
          <p> </p>
          <p>
Step 5:

activate and run

 

Conclusion

As you can  see, there is not much to it. It’s really easy to install and use. If you’re  interested in how it works, you can have a look in my other Honey, I shrank the spam. Part II: How does it work? concerning  this matter.

P.S. Which type of SDN Ubergeek/BPX suit are Which type of SDN Ubergeek/BPX suit are you??</p>

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Marcel Salein
    Hi Eddy,

    this is a very interessting blog. I also have a private root server for my private websites and the sites of friends. I use Spamassassin for filtering spammails. Your blog is another point of view to the spam problem. You want to protect the email addresses, which are displayed on websites, from spammers. I think this protection with blacklists, which are also used in spamassassin, for protecting the emails is very interessting.

    My company uses a SAP Portal for the external websites and there are also displayed email addresses of employees. I think we should use your idea in our case.

    Thanks for the great blog! I hope I hear more from this project.

    Best Regards,

    Marcel 

    (0) 
    1. Eddy De Clercq Post author
      Hi Marcel,

      Glad to see that you like it as much as I do. There will be a follow up web log, which explains things more in detail.

      Eddy

      (0) 

Leave a Reply