Skip to content

Latest commit

 

History

History
105 lines (69 loc) · 3.03 KB

README.rdoc

File metadata and controls

105 lines (69 loc) · 3.03 KB

Project Honeypot

Project Honeypot is a programmatic interface to the Project Honeypot HTTP:BL service for identifying suspicious ip addresses. This Gem was built to filter out spammers on www.tweetburner.com.

It is a handy thing to be able to identify spammers, harvesters, and other suspicious IP addresses if you’re worried about who might be abusing your service.

Requirements

This Gem requires that you have an Http:BL API key from Project Honeypot. You can get one at www.projecthoneypot.org/

Rails Support

Automatically block requests by environment or method (for example, POST, PUT, *PATCH, *DELETE) to prevent malicious behavior from known spammers and the spambots. Choose a threat tolerance, for example no_tolerance, or a customized level of tolerance based on the threat score (0-255, 255 being the most threatening) or the days since last activity. You can also specify the error status code, headers and message.

Setup

1) Add ‘’project-honeypot’, ‘`~> 0.1.4’‘ to your Gemfile and bundle install 2) Run `rails generate project_honeypot:install` to add an initializer to your application

Initializer Confirguration 

ProjectHoneypot.configure do |config|
  config.api_key = ENV['HONEYPOT_API_KEY'] # required
  config.methods = ['POST', 'PUT', 'PATCH', 'DELETE'] # default
  config.environments = ['production'] # default
  config.no_tolerance = true # default

  # - or -
  # config.no_tolerance = false
  # config.score_tolerance = 32  # greater than 32 threat score
  # config.last_activity_tolerance = 1000  # less than a 1000 days

  # config.error_status_code = 422
  # config.error_headers = {'Cache-Control' => 'no-cache'}
  # config.error_message = ["WARNING: This IP Address has been flagged for suspicious behavior. Be advised."]
end

Methods

HTTP:BL lookups through Project Honeypot result in a Url object that gives you the risk score, last activity, and types of offenses the ip address is listed for.

The score is worse the higher it is and the last_activity is in days.

Example #1: Suspicious IP Address

Given an api key of “abcdefghijkl”

@listing = ProjectHoneypot.lookup("abcdefghijkl", "192.168.1.1")
@listing.safe?
# => false

@listing.ip_address
# => "192.168.1.1"

@listing.score
# => 63

@listing.last_activity
# => 1

@listing.offenses
# => [:comment_spammer, :suspicious]

@listing.comment_spammer?
# => true

@listing.suspicious?
# => true

@listing.harvester?
# => false

Example #2: Safe IP Address 

@listing = ProjectHoneypot.lookup("abcdefghijkl", "192.168.1.1")
@listing.safe?
# => true

@listing.ip_address
# => "192.168.1.1"

@listing.score
# => 0

@listing.last_activity
# => nil

@listing.offenses
# => []

@listing.comment_spammer?
# => false

@listing.suspicious?
# => false

@listing.harvester?
# => false

To Do Items

  • Cache Responses from Project Honeypot

  • Allow ‘safe?’ to be configurable (algorithm based on recency and severity(score))

  • A .yml config file