class Splam::Rules::Httpbl
Liberally copied from github.com/bpalmen/httpbl/blob/master/lib/httpbl.rb
Constants
- SystemTimer
Attributes
api_key[RW]
Public Class Methods
check_blacklist(ip)
click to toggle source
# File lib/splam/rules/httpbl.rb, line 28 def self.check_blacklist(ip) # @cache = REDIS if defined?(REDIS) # result = @cache && @cache["ip.#{ip}"] # result ||= resolve(ip) # if @cache # @cache.set "ip.#{ip}", result if @cache # @cache.expire "ip.#{ip}", 1.week # end result = resolve(ip) response = result.split(".").collect!(&:to_i) # responses: # a, b, c, d # a = 127 if success # b = days since last activity # c = threat score, 0..255 (0 is not threat) # d = type of visitor raise "Bad httpbl request format!" if response[0] != 127 return response[3] > 0 || response[2] > 100 end
resolve(ip)
click to toggle source
# File lib/splam/rules/httpbl.rb, line 49 def self.resolve(ip) query = "#{@@api_key}.#{ip.split('.').reverse.join('.')}.dnsbl.httpbl.org" SystemTimer::timeout(0.5) do begin Resolv::DNS.new.getaddress(query).to_s rescue Resolv::ResolvError "127.0.0.0" end end rescue Errno::ECONNREFUSED # derp end
Public Instance Methods
run()
click to toggle source
# File lib/splam/rules/httpbl.rb, line 17 def run return unless @request # no ip available return unless @request[:remote_ip] # no ip available ip = @request[:remote_ip] if result = self.class.check_blacklist(ip) add_score 250, "IP address (#{ip}) appears in ProjectHoneypot blacklist. (#{result.inspect})" end end