project-honeypot 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +22 -0
- data/README.rdoc +74 -0
- data/lib/project_honeypot.rb +10 -0
- data/lib/project_honeypot/base.rb +25 -0
- data/lib/project_honeypot/url.rb +52 -0
- metadata +84 -0
data/MIT-LICENSE
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2010 Charles Max Wood chuck@teachmetocode.com
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person
|
4
|
+
obtaining a copy of this software and associated documentation
|
5
|
+
files (the "Software"), to deal in the Software without
|
6
|
+
restriction, including without limitation the rights to use,
|
7
|
+
copy, modify, merge, publish, distribute, sublicense, and/or sell
|
8
|
+
copies of the Software, and to permit persons to whom the
|
9
|
+
Software is furnished to do so, subject to the following
|
10
|
+
conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be
|
13
|
+
included in all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
16
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
|
17
|
+
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
18
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
19
|
+
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
20
|
+
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
21
|
+
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
22
|
+
OTHER DEALINGS IN THE SOFTWARE.
|
data/README.rdoc
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
= Project Honeypot
|
2
|
+
|
3
|
+
Project Honeypot is a programmatic interface to the Project Honeypot HTTP:BL service for identifying suspicious ip addresses.
|
4
|
+
This Gem was built to filter out spammers on http://www.tweetburner.com.
|
5
|
+
|
6
|
+
It is a handy thing to be able to identify spammers, harvesters, and other suspicious IP addresses if you're worried about who might be abusing your service.
|
7
|
+
|
8
|
+
= Requirements
|
9
|
+
|
10
|
+
This Gem requires that you have an Http:BL API key from Project Honeypot. You can get one at http://projecthhoneypot.org
|
11
|
+
|
12
|
+
= Usage
|
13
|
+
|
14
|
+
HTTP:BL lookups through Project Honeypot result in a Url object that gives you the risk score, last activity, and types of offenses the ip address is listed for.
|
15
|
+
|
16
|
+
The score is worse the higher it is and the last_activity is in days.
|
17
|
+
|
18
|
+
== Example #1: Suspicious IP Address
|
19
|
+
|
20
|
+
Given an api key of "abcdefghijkl"
|
21
|
+
|
22
|
+
@listing = ProjectHoneypot.lookup("abcdefghijkl", "192.168.1.1")
|
23
|
+
@listing.safe?
|
24
|
+
# => false
|
25
|
+
|
26
|
+
@listing.ip_address
|
27
|
+
# => "192.168.1.1"
|
28
|
+
|
29
|
+
@listing.score
|
30
|
+
# => 63
|
31
|
+
|
32
|
+
@listing.last_activity
|
33
|
+
# => 1
|
34
|
+
|
35
|
+
@listing.offenses
|
36
|
+
# => [:comment_spammer, :suspicious]
|
37
|
+
|
38
|
+
@listing.comment_spammer?
|
39
|
+
# => true
|
40
|
+
|
41
|
+
@listing.suspicious?
|
42
|
+
# => true
|
43
|
+
|
44
|
+
@listing.harvester?
|
45
|
+
# => false
|
46
|
+
|
47
|
+
== Example #2: Safe IP Address
|
48
|
+
|
49
|
+
@listing = ProjectHoneypot.lookup("abcdefghijkl", "192.168.1.1")
|
50
|
+
@listing.safe?
|
51
|
+
# => true
|
52
|
+
|
53
|
+
@listing.ip_address
|
54
|
+
# => "192.168.1.1"
|
55
|
+
|
56
|
+
@listing.score
|
57
|
+
# => 0
|
58
|
+
|
59
|
+
@listing.last_activity
|
60
|
+
# => nil
|
61
|
+
|
62
|
+
@listing.offenses
|
63
|
+
# => []
|
64
|
+
|
65
|
+
@listing.comment_spammer?
|
66
|
+
# => false
|
67
|
+
|
68
|
+
@listing.suspicious?
|
69
|
+
# => false
|
70
|
+
|
71
|
+
@listing.harvester?
|
72
|
+
# => false
|
73
|
+
|
74
|
+
|
@@ -0,0 +1,10 @@
|
|
1
|
+
require 'net/dns/resolver'
|
2
|
+
require File.dirname(__FILE__) + "/project_honeypot/url.rb"
|
3
|
+
require File.dirname(__FILE__) + "/project_honeypot/base.rb"
|
4
|
+
|
5
|
+
module ProjectHoneypot
|
6
|
+
def self.lookup(api_key, url)
|
7
|
+
searcher = Base.new(api_key)
|
8
|
+
searcher.lookup(url)
|
9
|
+
end
|
10
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module ProjectHoneypot
|
2
|
+
class Base
|
3
|
+
def initialize(api_key)
|
4
|
+
@api_key = api_key
|
5
|
+
end
|
6
|
+
|
7
|
+
def lookup(ip_address)
|
8
|
+
ip_address = url_to_ip(ip_address)
|
9
|
+
reversed_ip = ip_address.split(".").reverse.join(".")
|
10
|
+
honeypot_score = extract_ip_address(Net::DNS::Resolver.start("#{@api_key}.#{reversed_ip}.dnsbl.httpbl.org"))
|
11
|
+
Url.new(ip_address, honeypot_score)
|
12
|
+
end
|
13
|
+
|
14
|
+
private
|
15
|
+
|
16
|
+
def url_to_ip(url)
|
17
|
+
return url if url.match(/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)
|
18
|
+
extract_ip_address(Net::DNS::Resolver.start(url))
|
19
|
+
end
|
20
|
+
|
21
|
+
def extract_ip_address(dns_response)
|
22
|
+
dns_response.answer.first.to_s.split.last
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
module ProjectHoneypot
|
2
|
+
class Url
|
3
|
+
attr_reader :ip_address, :last_activity, :score, :offenses
|
4
|
+
def initialize(ip_address, honeypot_response)
|
5
|
+
@ip_address = ip_address
|
6
|
+
@safe = honeypot_response.nil?
|
7
|
+
process_score(honeypot_response)
|
8
|
+
end
|
9
|
+
|
10
|
+
def safe?
|
11
|
+
@safe
|
12
|
+
end
|
13
|
+
|
14
|
+
def comment_spammer?
|
15
|
+
@offenses.include?(:comment_spammer)
|
16
|
+
end
|
17
|
+
|
18
|
+
def harvester?
|
19
|
+
@offenses.include?(:harvester)
|
20
|
+
end
|
21
|
+
|
22
|
+
def suspicious?
|
23
|
+
@offenses.include?(:suspicious)
|
24
|
+
end
|
25
|
+
|
26
|
+
private
|
27
|
+
|
28
|
+
def process_score(honeypot_response)
|
29
|
+
if honeypot_response.nil?
|
30
|
+
@last_activity = nil
|
31
|
+
@score = 0
|
32
|
+
@offenses = []
|
33
|
+
else
|
34
|
+
hp_array = honeypot_response.split(".")
|
35
|
+
@last_activity = hp_array[1].to_i
|
36
|
+
@score = hp_array[2].to_i
|
37
|
+
@offenses = set_offenses(hp_array[3])
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def set_offenses(offense_code)
|
42
|
+
offense_code = offense_code.to_i
|
43
|
+
offenses = []
|
44
|
+
offenses << :comment_spammer if offense_code/4 == 1
|
45
|
+
offense_code = offense_code % 4
|
46
|
+
offenses << :harvester if offense_code/2 == 1
|
47
|
+
offense_code = offense_code % 2
|
48
|
+
offenses << :suspicious if offense_code == 1
|
49
|
+
offenses
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
metadata
ADDED
@@ -0,0 +1,84 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: project-honeypot
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
hash: 27
|
5
|
+
prerelease: false
|
6
|
+
segments:
|
7
|
+
- 0
|
8
|
+
- 1
|
9
|
+
- 0
|
10
|
+
version: 0.1.0
|
11
|
+
platform: ruby
|
12
|
+
authors:
|
13
|
+
- Charles Max Wood
|
14
|
+
autorequire:
|
15
|
+
bindir: bin
|
16
|
+
cert_chain: []
|
17
|
+
|
18
|
+
date: 2010-10-22 00:00:00 -06:00
|
19
|
+
default_executable:
|
20
|
+
dependencies:
|
21
|
+
- !ruby/object:Gem::Dependency
|
22
|
+
name: net-dns
|
23
|
+
prerelease: false
|
24
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ">="
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
hash: 3
|
30
|
+
segments:
|
31
|
+
- 0
|
32
|
+
version: "0"
|
33
|
+
type: :runtime
|
34
|
+
version_requirements: *id001
|
35
|
+
description: Project-Honeypot provides a programatic interface to the Project Honeypot services. It can be used to identify spammers, bogus commenters, and harvesters. You will need a FREE api key from http://projecthoneypot.org
|
36
|
+
email: chuck@teachmetocode.com
|
37
|
+
executables: []
|
38
|
+
|
39
|
+
extensions: []
|
40
|
+
|
41
|
+
extra_rdoc_files: []
|
42
|
+
|
43
|
+
files:
|
44
|
+
- README.rdoc
|
45
|
+
- MIT-LICENSE
|
46
|
+
- lib/project_honeypot.rb
|
47
|
+
- lib/project_honeypot/url.rb
|
48
|
+
- lib/project_honeypot/base.rb
|
49
|
+
has_rdoc: true
|
50
|
+
homepage: http://teachmetocode.com/
|
51
|
+
licenses: []
|
52
|
+
|
53
|
+
post_install_message:
|
54
|
+
rdoc_options: []
|
55
|
+
|
56
|
+
require_paths:
|
57
|
+
- lib
|
58
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
59
|
+
none: false
|
60
|
+
requirements:
|
61
|
+
- - ">="
|
62
|
+
- !ruby/object:Gem::Version
|
63
|
+
hash: 3
|
64
|
+
segments:
|
65
|
+
- 0
|
66
|
+
version: "0"
|
67
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
68
|
+
none: false
|
69
|
+
requirements:
|
70
|
+
- - ">="
|
71
|
+
- !ruby/object:Gem::Version
|
72
|
+
hash: 3
|
73
|
+
segments:
|
74
|
+
- 0
|
75
|
+
version: "0"
|
76
|
+
requirements: []
|
77
|
+
|
78
|
+
rubyforge_project:
|
79
|
+
rubygems_version: 1.3.7
|
80
|
+
signing_key:
|
81
|
+
specification_version: 3
|
82
|
+
summary: Project-Honeypot provides a programatic interface to the Project Honeypot services.
|
83
|
+
test_files: []
|
84
|
+
|