project_honeypot 0.3.1

data/.gitignore

@@ -0,0 +1,6 @@
+*.gem
+Gemfile.lock
+tmp
+
+.*.swp
+*~

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in project-honeypot.gemspec
+gemspec

data/MIT-LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2010 Charles Max Wood chuck@teachmetocode.com
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,87 @@
+= Project Honeypot
+
+Project Honeypot is a programmatic interface to the Project Honeypot HTTP:BL service for identifying suspicious ip addresses.
+
+It is a handy thing to be able to identify spammers, harvesters, and other suspicious IP addresses if you're worried about who might be abusing your service.
+
+== Requirements
+
+This Gem requires that you have an Http:BL API key from Project Honeypot. You can get one at http://projecthhoneypot.org
+
+== Configuration
+
+  ProjectHoneypot.configure do
+    @api_key = 'api_key'
+    @score = 42
+    @last_activity = 10
+    @offenses = [:comment_spammer, :suspicious, :harvester]
+  end
+
+== Usage
+
+  require 'project_honeypot'
+
+HTTP:BL lookups through Project Honeypot result in a Url object that gives you the risk score, last activity, and types of offenses the ip address is listed for.
+
+The score is worse the higher it is and the last_activity is in days.
+
+
+=== Example #1: Suspicious IP Address
+
+  @listing = ProjectHoneypot.lookup("<ip_address>", "<api_key>")
+  @listing.safe?
+  # => false
+
+  @listing.safe?(score: 64, last_activity: 10, offenses: [:comment_spammer])
+  # => true
+
+  @listing.ip_address
+  # => "192.168.1.1"
+
+  @listing.score
+  # => 63
+
+  @listing.last_activity
+  # => 1
+
+  @listing.offenses
+  # => [:comment_spammer, :suspicious]
+
+  @listing.comment_spammer?
+  # => true
+
+  @listing.suspicious?
+  # => true
+
+  @listing.harvester?
+  # => false
+
+  @listing.search_engine?
+  # => false
+
+=== Example #2: Safe IP Address
+
+  @listing = ProjectHoneypot.lookup("<ip_address>")
+  @listing.safe?
+  # => true
+
+  @listing.ip_address
+  # => "192.168.1.1"
+
+  @listing.score
+  # => 0
+
+  @listing.last_activity
+  # => nil
+
+  @listing.offenses
+  # => []
+
+  @listing.comment_spammer?
+  # => false
+
+  @listing.suspicious?
+  # => false
+
+  @listing.harvester?
+  # => false

data/lib/project_honeypot.rb

@@ -0,0 +1,29 @@
+require 'net/dns'
+require "project_honeypot/url"
+require "project_honeypot/base"
+require "project_honeypot/rack/header"
+require "project_honeypot/rack/forbidden"
+
+module ProjectHoneypot
+  class << self
+    attr_accessor :api_key, :score, :last_activity, :offenses
+
+    def api_key
+      raise "ProjectHoneypot really needs its api_key set to work" unless @api_key
+      @api_key
+    end
+
+    def configure(&block)
+        class_eval(&block)
+    end
+  end
+
+  def self.lookup(url, api_key=nil)
+    api_key ||= ProjectHoneypot.api_key
+
+    raise ArgumentError, 'Must specify an API key' unless api_key
+
+    searcher = Base.new(api_key)
+    searcher.lookup(url)
+  end
+end

data/lib/project_honeypot/base.rb

@@ -0,0 +1,25 @@
+module ProjectHoneypot
+  class Base
+    def initialize(api_key)
+      @api_key = api_key
+    end
+
+    def lookup(ip_address)
+      ip_address = url_to_ip(ip_address)
+      reversed_ip = ip_address.split(".").reverse.join(".")
+      honeypot_score = extract_ip_address(Net::DNS::Resolver.start("#{@api_key}.#{reversed_ip}.dnsbl.httpbl.org"))
+      Url.new(ip_address, honeypot_score)
+    end
+
+    private
+
+    def url_to_ip(url)
+      return url if url.match(/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)
+      extract_ip_address(Net::DNS::Resolver.start(url))
+    end
+
+    def extract_ip_address(dns_response)
+      dns_response.answer.first.to_s.split.last
+    end
+  end
+end

data/lib/project_honeypot/rack/forbidden.rb

@@ -0,0 +1,21 @@
+module ProjectHoneypot::Rack
+  class Forbidden
+    def initialize(app, options={})
+      @app = app
+
+      raise ArgumentError, 'Must specify an API key' unless options[:api_key]
+      ProjectHoneypot.api_key = options[:api_key]
+    end
+
+    def call(env)
+      request = ::Rack::Request.new(env)
+      url = ProjectHoneypot.lookup(request.ip)
+
+      if url.safe?
+        @app.call(request.env)
+      else
+        [403, {"Content-Type" => "text/html"}, ["Forbidden"]]
+      end
+    end
+  end
+end

data/lib/project_honeypot/rack/header.rb

@@ -0,0 +1,19 @@
+module ProjectHoneypot::Rack
+  class Header
+    def initialize(app, options={})
+      @app = app
+
+      raise ArgumentError, 'Must specify an API key' unless options[:api_key]
+      ProjectHoneypot.api_key = options[:api_key]
+    end
+
+    def call(env)
+      request = ::Rack::Request.new(env)
+      url = ProjectHoneypot.lookup(request.ip)
+
+      env['PROJECT_HONEYPOT_SAFE'] = url.safe?
+
+      @app.call(request.env)
+    end
+  end
+end

data/lib/project_honeypot/url.rb

@@ -0,0 +1,98 @@
+module ProjectHoneypot
+  class Url
+    SEARCH_ENGINES = %w(
+      Undocumented
+      AltaVista
+      Ask
+      Baidu
+      Excite
+      Google
+      Looksmart
+      Lycos
+      MSN
+      Yahoo
+      Cuil
+      InfoSeek
+      Miscellaneous
+    )
+
+    attr_reader :ip_address, :last_activity, :score, :offenses, :search_engine
+    def initialize(ip_address, honeypot_response)
+      @ip_address = ip_address
+      @safe = honeypot_response.nil?
+      process_score(honeypot_response)
+    end
+
+    def safe?(hash = {})
+      score = hash[:score] || ProjectHoneypot.score
+      last_activity = hash[:last_activity] || ProjectHoneypot.last_activity
+
+      forbidden_offenses = hash[:offenses] ||
+                            ProjectHoneypot.offenses ||
+                            [:comment_spammer, :harvester, :suspicious]
+
+      detected_offenses = forbidden_offenses & @offenses
+
+      @safe ||
+        detected_offenses.length == 0 ||
+        !(
+          last_activity.nil? && score.nil? ||
+          !score.nil? && self.score >= score ||
+          !last_activity.nil? && self.last_activity >= last_activity
+        )
+    end
+
+    def search_engine?
+      @offenses.include?(:search_engine)
+    end
+
+    def comment_spammer?
+      @offenses.include?(:comment_spammer)
+    end
+
+    def harvester?
+      @offenses.include?(:harvester)
+    end
+
+    def suspicious?
+      @offenses.include?(:suspicious)
+    end
+
+    private
+
+    def process_score(honeypot_response)
+      if honeypot_response.nil?
+        @last_activity = nil
+        @score = 0
+        @offenses = []
+      else
+        hp_array = honeypot_response.split(".")
+
+        if hp_array[3].to_i == 0
+          # search engine
+          @last_activity = nil
+          @score = 0
+          @offenses = [:search_engine]
+          @search_engine = (hp_array[2].to_i < SEARCH_ENGINES.length ?
+                            SEARCH_ENGINES[hp_array[2].to_i] :
+                            SEARCH_ENGINES[0])
+        else
+          @last_activity = hp_array[1].to_i
+          @score = hp_array[2].to_i
+          @offenses = set_offenses(hp_array[3])
+        end
+      end
+    end
+
+    def set_offenses(offense_code)
+      offense_code = offense_code.to_i
+      offenses = []
+      offenses << :comment_spammer if offense_code/4 == 1
+      offense_code = offense_code % 4
+      offenses << :harvester if offense_code/2 == 1
+      offense_code = offense_code % 2
+      offenses << :suspicious if offense_code == 1
+      offenses
+    end
+  end
+end

data/lib/project_honeypot/version.rb

@@ -0,0 +1,3 @@
+module ProjectHoneypot
+    VERSION = "0.3.1"
+end

data/project_honeypot.gemspec

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'project_honeypot/version'
+
+Gem::Specification.new do |s|
+  s.name = %q{project_honeypot}
+  s.version = ProjectHoneypot::VERSION
+  s.authors = ["Charles Max Wood", "Guillaume DOTT"]
+  s.email = ["chuck@teachmetocode.com", "guillaume+github@dott.fr"]
+  s.summary = %q{Project-Honeypot provides a programatic interface to the Project Honeypot services.}
+  s.description = %q{Project-Honeypot provides a programatic interface to the Project Honeypot services. It can be used to identify spammers, bogus commenters, and harvesters. You will need a FREE api key from http://projecthoneypot.org}
+  s.homepage = "https://github.com/gdott9/project_honeypot"
+
+  s.files = `git ls-files`.split($/)
+  s.executables = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'flexmock'
+
+  s.add_runtime_dependency 'net-dns', '~> 0.7.1'
+end

data/spec/base_spec.rb

@@ -0,0 +1,22 @@
+require "spec_helper"
+
+describe ProjectHoneypot::Base do
+  describe "with honeypot response" do
+    let(:base) { ProjectHoneypot::Base.new("abcdefghijklmnop") }
+    before(:each) do
+      flexmock(Net::DNS::Resolver, :start => flexmock("answer", :answer => ["somedomain.httpbl.org A Name 127.1.63.5"]))
+    end
+
+    it "returns a Url object" do
+      url = base.lookup("127.10.10.5")
+      url.should be_a ProjectHoneypot::Url
+      url.last_activity.should == 1
+      url.score.should == 63
+    end
+
+    it "looks up non-ip addresses" do
+      url = base.lookup("iamspam.com")
+      Net::DNS::Resolver.should_receive(:start).with("iamspam.com")
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+require "rubygems"
+require "bundler/setup"
+require "rspec"
+require "flexmock"
+require File.dirname(__FILE__) + "/../lib/project_honeypot"
+
+RSpec.configure do |config|
+  config.mock_with :flexmock
+end

data/spec/url_spec.rb

@@ -0,0 +1,52 @@
+require "spec_helper"
+
+describe ProjectHoneypot::Url do
+  describe "with honeypot response" do
+    let(:url) { ProjectHoneypot::Url.new("127.0.0.1", "127.1.63.3") }
+
+    it "is safe" do
+      url.should_not be_safe
+
+      url.safe?(score: 63).should be_false
+      url.safe?(score: 64).should be_true
+
+      url.safe?(last_activity: 1).should be_false
+      url.safe?(last_activity: 2).should be_true
+
+      url.safe?(last_activity: 2, score: 64).should be_true
+      url.safe?(last_activity: 1, score: 64).should be_false
+      url.safe?(last_activity: 2, score: 63).should be_false
+
+      url.safe?(offenses: [:comment_spammer]).should be_true
+      url.safe?(offenses: [:suspicious, :comment_spammer]).should be_false
+    end
+
+    it "has the correct latest activity" do
+      url.last_activity.should == 1
+    end
+
+    it "has the correct score" do
+      url.score.should == 63
+    end
+
+    it "has the correct offenses" do
+      url.offenses.should include(:suspicious)
+      url.offenses.should include(:harvester)
+      url.offenses.should_not include(:comment_spammer)
+      url.should be_suspicious
+      url.should be_harvester
+      url.should_not be_comment_spammer
+    end
+  end
+
+  describe "with search engine honeypot response" do
+    subject { ProjectHoneypot::Url.new("127.0.0.1", "127.0.9.0") }
+    it { should be_safe }
+    it { should be_search_engine }
+  end
+
+  describe "with nil honeypot response" do
+    subject { ProjectHoneypot::Url.new("127.0.0.1", nil) }
+    it { should be_safe }
+  end
+end

metadata

@@ -0,0 +1,115 @@
+--- !ruby/object:Gem::Specification
+name: project_honeypot
+version: !ruby/object:Gem::Version
+  version: 0.3.1
+  prerelease: 
+platform: ruby
+authors:
+- Charles Max Wood
+- Guillaume DOTT
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-01-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: flexmock
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: net-dns
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.7.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.7.1
+description: Project-Honeypot provides a programatic interface to the Project Honeypot
+  services. It can be used to identify spammers, bogus commenters, and harvesters.
+  You will need a FREE api key from http://projecthoneypot.org
+email:
+- chuck@teachmetocode.com
+- guillaume+github@dott.fr
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- MIT-LICENSE
+- README.rdoc
+- lib/project_honeypot.rb
+- lib/project_honeypot/base.rb
+- lib/project_honeypot/rack/forbidden.rb
+- lib/project_honeypot/rack/header.rb
+- lib/project_honeypot/url.rb
+- lib/project_honeypot/version.rb
+- project_honeypot.gemspec
+- spec/base_spec.rb
+- spec/spec_helper.rb
+- spec/url_spec.rb
+homepage: https://github.com/gdott9/project_honeypot
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Project-Honeypot provides a programatic interface to the Project Honeypot
+  services.
+test_files:
+- spec/base_spec.rb
+- spec/spec_helper.rb
+- spec/url_spec.rb