project-honeypot 0.1.0

data/MIT-LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2010 Charles Max Wood chuck@teachmetocode.com
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,74 @@
+= Project Honeypot
+
+Project Honeypot is a programmatic interface to the Project Honeypot HTTP:BL service for identifying suspicious ip addresses.
+This Gem was built to filter out spammers on http://www.tweetburner.com.
+
+It is a handy thing to be able to identify spammers, harvesters, and other suspicious IP addresses if you're worried about who might be abusing your service.
+
+= Requirements
+
+This Gem requires that you have an Http:BL API key from Project Honeypot. You can get one at http://projecthhoneypot.org
+
+= Usage
+
+HTTP:BL lookups through Project Honeypot result in a Url object that gives you the risk score, last activity, and types of offenses the ip address is listed for.
+
+The score is worse the higher it is and the last_activity is in days.
+
+== Example #1: Suspicious IP Address
+
+Given an api key of "abcdefghijkl"
+
+  @listing = ProjectHoneypot.lookup("abcdefghijkl", "192.168.1.1")
+  @listing.safe?
+  # => false
+
+  @listing.ip_address
+  # => "192.168.1.1"
+
+  @listing.score
+  # => 63
+
+  @listing.last_activity
+  # => 1
+
+  @listing.offenses
+  # => [:comment_spammer, :suspicious]
+
+  @listing.comment_spammer?
+  # => true
+
+  @listing.suspicious?
+  # => true
+
+  @listing.harvester?
+  # => false
+
+== Example #2: Safe IP Address
+
+  @listing = ProjectHoneypot.lookup("abcdefghijkl", "192.168.1.1")
+  @listing.safe?
+  # => true
+
+  @listing.ip_address
+  # => "192.168.1.1"
+
+  @listing.score
+  # => 0
+
+  @listing.last_activity
+  # => nil
+
+  @listing.offenses
+  # => []
+
+  @listing.comment_spammer?
+  # => false
+
+  @listing.suspicious?
+  # => false
+
+  @listing.harvester?
+  # => false
+
+

data/lib/project_honeypot.rb

@@ -0,0 +1,10 @@
+require 'net/dns/resolver'
+require File.dirname(__FILE__) + "/project_honeypot/url.rb"
+require File.dirname(__FILE__) + "/project_honeypot/base.rb"
+
+module ProjectHoneypot
+  def self.lookup(api_key, url)
+    searcher = Base.new(api_key)
+    searcher.lookup(url)
+  end
+end

data/lib/project_honeypot/base.rb

@@ -0,0 +1,25 @@
+module ProjectHoneypot 
+  class Base
+    def initialize(api_key)
+      @api_key = api_key
+    end
+
+    def lookup(ip_address)
+      ip_address = url_to_ip(ip_address)
+      reversed_ip = ip_address.split(".").reverse.join(".")
+      honeypot_score = extract_ip_address(Net::DNS::Resolver.start("#{@api_key}.#{reversed_ip}.dnsbl.httpbl.org"))
+      Url.new(ip_address, honeypot_score)
+    end
+
+    private 
+
+    def url_to_ip(url)
+      return url if url.match(/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)
+      extract_ip_address(Net::DNS::Resolver.start(url))
+    end
+
+    def extract_ip_address(dns_response)
+      dns_response.answer.first.to_s.split.last
+    end
+  end
+end

data/lib/project_honeypot/url.rb

@@ -0,0 +1,52 @@
+module ProjectHoneypot
+  class Url
+    attr_reader :ip_address, :last_activity, :score, :offenses
+    def initialize(ip_address, honeypot_response)
+      @ip_address = ip_address
+      @safe = honeypot_response.nil?
+      process_score(honeypot_response)
+    end
+
+    def safe?
+      @safe
+    end
+
+    def comment_spammer?
+      @offenses.include?(:comment_spammer)
+    end
+
+    def harvester?
+      @offenses.include?(:harvester)
+    end
+
+    def suspicious?
+      @offenses.include?(:suspicious)
+    end
+
+    private
+
+    def process_score(honeypot_response)
+      if honeypot_response.nil?
+        @last_activity = nil
+        @score = 0
+        @offenses = []
+      else
+        hp_array = honeypot_response.split(".")
+        @last_activity = hp_array[1].to_i
+        @score = hp_array[2].to_i
+        @offenses = set_offenses(hp_array[3])
+      end
+    end
+
+    def set_offenses(offense_code)
+      offense_code = offense_code.to_i
+      offenses = []
+      offenses << :comment_spammer if offense_code/4 == 1
+      offense_code = offense_code % 4
+      offenses << :harvester if offense_code/2 == 1
+      offense_code = offense_code % 2
+      offenses << :suspicious if offense_code == 1
+      offenses
+    end
+  end
+end

metadata

@@ -0,0 +1,84 @@
+--- !ruby/object:Gem::Specification 
+name: project-honeypot
+version: !ruby/object:Gem::Version 
+  hash: 27
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Charles Max Wood
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-10-22 00:00:00 -06:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: net-dns
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id001
+description: Project-Honeypot provides a programatic interface to the Project Honeypot services. It can be used to identify spammers, bogus commenters, and harvesters. You will need a FREE api key from http://projecthoneypot.org
+email: chuck@teachmetocode.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- README.rdoc
+- MIT-LICENSE
+- lib/project_honeypot.rb
+- lib/project_honeypot/url.rb
+- lib/project_honeypot/base.rb
+has_rdoc: true
+homepage: http://teachmetocode.com/
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Project-Honeypot provides a programatic interface to the Project Honeypot services.
+test_files: []
+