class Splam::Rules::Httpbl

Liberally copied from github.com/bpalmen/httpbl/blob/master/lib/httpbl.rb

Constants

SystemTimer

Attributes

api_key[RW]

Public Class Methods

check_blacklist(ip) click to toggle source
# File lib/splam/rules/httpbl.rb, line 28
def self.check_blacklist(ip)
  # @cache = REDIS if defined?(REDIS)
  # result = @cache && @cache["ip.#{ip}"]
  # result ||= resolve(ip)
  # if @cache
  #   @cache.set "ip.#{ip}", result if @cache
  #   @cache.expire "ip.#{ip}", 1.week
  # end
  result = resolve(ip)
  response = result.split(".").collect!(&:to_i)
  
  # responses:
  # a, b, c, d
  # a = 127 if success
  # b = days since last activity
  # c = threat score, 0..255 (0 is not threat)
  # d = type of visitor
  raise "Bad httpbl request format!" if response[0] != 127
  return response[3] > 0 || response[2] > 100
end
resolve(ip) click to toggle source
# File lib/splam/rules/httpbl.rb, line 49
def self.resolve(ip)
  query = "#{@@api_key}.#{ip.split('.').reverse.join('.')}.dnsbl.httpbl.org"
  SystemTimer::timeout(0.5) do
    begin
      Resolv::DNS.new.getaddress(query).to_s
    rescue Resolv::ResolvError
      "127.0.0.0"
    end
  end
rescue Errno::ECONNREFUSED
  # derp
end

Public Instance Methods

run() click to toggle source
# File lib/splam/rules/httpbl.rb, line 17
def run
  return unless @request # no ip available
  return unless @request[:remote_ip] # no ip available
  
  ip = @request[:remote_ip]
  
  if result = self.class.check_blacklist(ip)
    add_score 250, "IP address (#{ip}) appears in ProjectHoneypot blacklist. (#{result.inspect})"
  end
end