project-honeypot2 0.1.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 6f20a0fb494a34ce5f43d1857db64cc9cf199e50a1d7d36a1a2d874ec67da797
+  data.tar.gz: 14dbc23b7c5d184df0388604d79516a8c004ad357cd3ef63d08bbafbe06f6ffc
+SHA512:
+  metadata.gz: acff98b758143d37d25d723b675cddc8133b8b204aa43ac07d3ec6956218f086d600b125de07cade79db5d168554d084c24eff1dcb073bb7eb760c708f5eee34
+  data.tar.gz: 6109454bbc10f74d78e9cb7e4081f24946423ca251968a70c24fe9e0ee0565fc27562b6956e7180919ed54b089f2a2dff343238bc1d0f0e2135b637dced7d507

data/MIT-LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2010 Charles Max Wood chuck@teachmetocode.com
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,80 @@
+= Project Honeypot
+
+Project Honeypot is a programmatic interface to the Project Honeypot HTTP:BL service for identifying suspicious ip addresses.
+This Gem was built to filter out spammers on http://www.tweetburner.com.
+
+It is a handy thing to be able to identify spammers, harvesters, and other suspicious IP addresses if you're worried about who might be abusing your service.
+
+= Requirements
+
+This Gem requires that you have an Http:BL API key from Project Honeypot. You can get one at http://www.projecthoneypot.org/
+
+= Usage
+
+Add 'project-honeypot2' to your Gemfile.
+
+HTTP:BL lookups through Project Honeypot result in a Url object that gives you the risk score, last activity, and types of offenses the ip address is listed for.
+
+The score is worse the higher it is and the last_activity is in days.
+
+== Example #1: Suspicious IP Address
+
+Given an api key of "abcdefghijkl"
+
+  @listing = ProjectHoneypot.lookup("abcdefghijkl", "192.168.1.1")
+  @listing.safe?
+  # => false
+
+  @listing.ip_address
+  # => "192.168.1.1"
+
+  @listing.score
+  # => 63
+
+  @listing.last_activity
+  # => 1
+
+  @listing.offenses
+  # => [:comment_spammer, :suspicious]
+
+  @listing.comment_spammer?
+  # => true
+
+  @listing.suspicious?
+  # => true
+
+  @listing.harvester?
+  # => false
+
+== Example #2: Safe IP Address
+
+  @listing = ProjectHoneypot.lookup("abcdefghijkl", "192.168.1.1")
+  @listing.safe?
+  # => true
+
+  @listing.ip_address
+  # => "192.168.1.1"
+
+  @listing.score
+  # => 0
+
+  @listing.last_activity
+  # => nil
+
+  @listing.offenses
+  # => []
+
+  @listing.comment_spammer?
+  # => false
+
+  @listing.suspicious?
+  # => false
+
+  @listing.harvester?
+  # => false
+
+= To Do Items
+
+- Cache Responses from Project Honeypot
+- Allow 'safe?' to be configurable (algorithm based on recency and severity(score))
+- A .yml config file

data/lib/project-honeypot.rb

@@ -0,0 +1,10 @@
+require 'net/dns'
+require File.dirname(__FILE__) + "/project_honeypot/url.rb"
+require File.dirname(__FILE__) + "/project_honeypot/base.rb"
+
+module ProjectHoneypot
+  def self.lookup(api_key, url)
+    searcher = Base.new(api_key)
+    searcher.lookup(url)
+  end
+end

data/lib/project_honeypot/base.rb

@@ -0,0 +1,25 @@
+module ProjectHoneypot 
+  class Base
+    def initialize(api_key)
+      @api_key = api_key
+    end
+
+    def lookup(ip_address)
+      ip_address = url_to_ip(ip_address)
+      reversed_ip = ip_address.split(".").reverse.join(".")
+      honeypot_score = extract_ip_address(Net::DNS::Resolver.start("#{@api_key}.#{reversed_ip}.dnsbl.httpbl.org"))
+      Url.new(ip_address, honeypot_score)
+    end
+
+    private 
+
+    def url_to_ip(url)
+      return url if url.match(/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)
+      extract_ip_address(Net::DNS::Resolver.start(url))
+    end
+
+    def extract_ip_address(dns_response)
+      dns_response.answer.first.to_s.split.last
+    end
+  end
+end

data/lib/project_honeypot/url.rb

@@ -0,0 +1,52 @@
+module ProjectHoneypot
+  class Url
+    attr_reader :ip_address, :last_activity, :score, :offenses
+    def initialize(ip_address, honeypot_response)
+      @ip_address = ip_address
+      @safe = honeypot_response.nil?
+      process_score(honeypot_response)
+    end
+
+    def safe?
+      @safe
+    end
+
+    def comment_spammer?
+      @offenses.include?(:comment_spammer)
+    end
+
+    def harvester?
+      @offenses.include?(:harvester)
+    end
+
+    def suspicious?
+      @offenses.include?(:suspicious)
+    end
+
+    private
+
+    def process_score(honeypot_response)
+      if honeypot_response.nil?
+        @last_activity = nil
+        @score = 0
+        @offenses = []
+      else
+        hp_array = honeypot_response.split(".")
+        @last_activity = hp_array[1].to_i
+        @score = hp_array[2].to_i
+        @offenses = set_offenses(hp_array[3])
+      end
+    end
+
+    def set_offenses(offense_code)
+      offense_code = offense_code.to_i
+      offenses = []
+      offenses << :comment_spammer if offense_code/4 == 1
+      offense_code = offense_code % 4
+      offenses << :harvester if offense_code/2 == 1
+      offense_code = offense_code % 2
+      offenses << :suspicious if offense_code == 1
+      offenses
+    end
+  end
+end

metadata

@@ -0,0 +1,64 @@
+--- !ruby/object:Gem::Specification
+name: project-honeypot2
+version: !ruby/object:Gem::Version
+  version: 0.1.3
+platform: ruby
+authors:
+- Charles Max Wood
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-07-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: net-dns2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Project-Honeypot provides a programatic interface to the Project Honeypot
+  services. It can be used to identify spammers, bogus commenters, and harvesters.
+  You will need a FREE api key from http://projecthoneypot.org
+email: chuck@teachmetocode.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.rdoc
+- lib/project-honeypot.rb
+- lib/project_honeypot/base.rb
+- lib/project_honeypot/url.rb
+homepage: http://teachmetocode.com/
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.7
+signing_key: 
+specification_version: 4
+summary: Project-Honeypot provides a programatic interface to the Project Honeypot
+  services.
+test_files: []