Class: Splam::Rules::Httpbl

Inherits:
Splam::Rule show all
Defined in:
lib/splam/rules/httpbl.rb

Overview

Liberally copied from github.com/bpalmen/httpbl/blob/master/lib/httpbl.rb

Constant Summary collapse

SystemTimer = 
Timeout

Class Attribute Summary collapse

Attributes inherited from Splam::Rule

#body, #reasons, #score, #suite, #weight

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Splam::Rule

#add_score, inherited, #initialize, #line_safe?, #name, run

Constructor Details

This class inherits a constructor from Splam::Rule

Class Attribute Details

.api_keyObject

Returns the value of attribute api_key.



14
15
16
 
# File 'lib/splam/rules/httpbl.rb', line 14

def api_key
  @api_key
end

Class Method Details

.check_blacklist(ip) ⇒ Object 



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/splam/rules/httpbl.rb', line 28

def self.check_blacklist(ip)
  # @cache = REDIS if defined?(REDIS)
  # result = @cache && @cache["ip.#{ip}"]
  # result ||= resolve(ip)
  # if @cache
  #   @cache.set "ip.#{ip}", result if @cache
  #   @cache.expire "ip.#{ip}", 1.week
  # end
  result = resolve(ip)
  response = result.split(".").collect!(&:to_i)
  
  # responses:
  # a, b, c, d
  # a = 127 if success
  # b = days since last activity
  # c = threat score, 0..255 (0 is not threat)
  # d = type of visitor
  raise "Bad httpbl request format!" if response[0] != 127
  return response[3] > 0 || response[2] > 100
end

.resolve(ip) ⇒ Object 



49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/splam/rules/httpbl.rb', line 49

def self.resolve(ip)
  query = "#{@@api_key}.#{ip.split('.').reverse.join('.')}.dnsbl.httpbl.org"
  SystemTimer::timeout(0.5) do
    begin
      Resolv::DNS.new.getaddress(query).to_s
    rescue Resolv::ResolvError
      "127.0.0.0"
    end
  end
rescue Errno::ECONNREFUSED
  # derp
end

Instance Method Details

#runObject 



17
18
19
20
21
22
23
24
25
26
 
# File 'lib/splam/rules/httpbl.rb', line 17

def run
  return unless @request # no ip available
  return unless @request[:remote_ip] # no ip available
  
  ip = @request[:remote_ip]
  
  if result = self.class.check_blacklist(ip)
    add_score 250, "IP address (#{ip}) appears in ProjectHoneypot blacklist. (#{result.inspect})"
  end
end