Skip to content

The antispam gem helps prevent spam in your Rails applications by providing tools that check spam against powerful spam-prevention databases, accessible for free.

License

Notifications You must be signed in to change notification settings

ryankopf/antispam

Repository files navigation

Antispam

The antispam gem helps prevent spam in your Rails applications by providing tools that check spam against powerful spam-prevention databases, accessible for free.

The first feature checks against an IP database of spam, allowing you to stop spammers who are prolific and have been detected on other websites. It relies on the lightning-quick httpbl from Project Honey Pot.

The second feature allows you to submit user-provided content to a spam checking service that uses machine learning and a database of content to determine whether the user's submitted content is spam. It uses the blazing fast Defendium API I created to quickly determine if submitted content is spam or not. Defendium's pricing is free for up to 1,000 API calls per day, which should be sufficient for 99% of users.

The two features are optional, and you can use either one without the other.

Spam Content Checking - Usage

result = Antispam::Checker.check(content: @comment.body)
if result.is_spam?
  redirect_to "/access_denied"
else
  @comment.save
end

Bad IP Checking - Usage

The gem is used by adding this to your ApplicationController.rb

before_action do
  check_ip_against_database(ip_blacklists: {default: 'your_api_key_here'}, verbose: true)
end

API Keys can be obtained by visiting the httpbl at projecthoneypot.org

Once the filter is setup, everything else is handled for your application. By default the gem will run during any request that is not a GET request.

When a POST/PATCH/ETC (non-GET) request comes in, the IP blacklist is checked to see if the poster is on a spam blacklist. If the poster is on the blacklist then the request is automatically blocked and redirected to a captcha page. A real user can then enter the captcha to bypass the block. In the future other captcha options may be supported, such as mechanical (hashing) captcha and other types of invisible captcha.

Eventually configurable settings may be in place to give other options when a spammy IP is detected, but the current defaults are set to only block spam in cases where the blacklist is quite certain the IP is only doing spam.

You can change the filter to run during other requests.

before_action do
  check_ip_against_database(ip_blacklists: {default: 'yourcodehere'}, methods: [:get,:post,:put,:patch,:delete])
end

Blacklist database lookups are cached for 24 hours, and cached results won't need to slowdown your app by additional http requests on the backend.

The gem needs to create some database tables to function; these store the cached blacklist database lookups, and any actions caused by the gem.

You need to add this to your routes.rb

  mount Antispam::Engine => "/antispam"

You can see what IP addresses have been blocked by going to /antispam/blocks but your ApplicationController.rb must respond to is_admin? function.

Installation

Add this line to your application's Gemfile:

gem 'antispam'

And then execute:

$ bundle

Or install it yourself as:

$ gem install antispam
$ rails antispam:install:migrations
$ rails db:migrate SCOPE=antispam

The gem depends on image_processing, which depends on vips. We are using vips to generate captcha images.

sudo apt install libvips-tools

You need to add this to your routes.rb

  mount Antispam::Engine => "/antispam"

Then add to your application controller:

before_action do
  check_ip_against_database(ip_blacklists: {default: 'your_api_key_here'}, verbose: true)
end

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/ryankopf/antispam. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the Antispam project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.

NO WARRANTY

THE SUBJECT SOFTWARE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY THAT THE SUBJECT SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR FREEDOM FROM INFRINGEMENT, ANY WARRANTY THAT THE SUBJECT SOFTWARE WILL BE ERROR FREE, OR ANY WARRANTY THAT DOCUMENTATION, IF PROVIDED, WILL CONFORM TO THE SUBJECT SOFTWARE. THIS SOFTWARE IS PROVIDED "AS IS." IF YOUR JURISDICTION DOES NOT ALLOW THESE LIMITATIONS THEN YOU MAY NOT USE THE SOFTWARE.

About

The antispam gem helps prevent spam in your Rails applications by providing tools that check spam against powerful spam-prevention databases, accessible for free.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published