Project Honeypot

WAF: Project Honeypot

Project Honeypot allows you to integrate with Project Honeypot's spam fighting services. Project Honeypot is a collective effort to detect spammers, email harversters and crackers. Its HTTP:BL service allows participants to query the IP addresses of their visitors and figure out if it is a malicious user behind it. If you enable this feature, Admin Tools will check the IP address of each visitor and, if it is a malicious user, it will block them.


Enabling Project Honeypot integration helps you fight spam but it's not a silver bullet against spammers! Some spammers will get past it. We recommend also using Akismet or any similar spam prevention service for best protection.

Finally note that Project Honeypot only blocks spammers coming to your site. If you are using a third party comments service such as Disqus or Facebook this protection will NOT apply to your spams in most cases (if they are managed through an IFRAME or third party JavaScript) for the simple reasons that the spammers do not interact with your site to post comments, they interact with the third party service outside of your site. This should be fairly obvious.

Enable HTTP:BL filtering

Turns the entire feature on and off

Project Honeypot HTTP:BL key

Enter your HTTP:BL key. You can sign up for Project Honeypot and get your key at

Minimum Threat Rating to block (0-255, default 25)

Project Honeypot uses a logarithmic "threat rating" to rank the possibility of a specific IP being a spammer. This options defines the minimum threat level an IP must have before it's blocked. A value of 25 means that this IP has submitted 100 spam messages on Project Honeypot's spam catching honeypots and is usually a safe indication that it belongs to a spammer. Do note that the rating is logarithmic. A value of 50 means 1,000 spam messages and a value of 75 means one million spam messages. Do not set it to values over 50, as you will most likely never block any spammer at all.

Maximum age of accepted HTTP:BL results

Project Honeypot reports when was the last time this IP was caught sending spam messages. The older this is (the higher the age is), the less likely is that this IP is still used by a spammer. You can chose here what will be the maximum reported age that will be blocked. The default value of 30 means that IPs which have submitted a spam message in the last 30 days will be blocked.

Also block suspicious IPs, not just confirmed spammers

Sometimes Project Honeypot is not sure if an IP belongs to a spammer or it's a hapless chap who clicked on the wrong link. In this case the IP is marked as "suspicious". The default behaviour is to not block these IPs. However, if you are receiving a lot of spam it's a good idea to enable this feature and block even "suspicious" IPs. Ultimately, some unfortunate users will be inadvertently blocked, so use this option with caution!