Project

antispam

0.0
The project is in a healthy, maintained state
Antispam checks DNS blacklists and helps prevent spam on your site.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
 Dependencies

Development

Runtime

>= 6.1.0
 Project Readme

Antispam

The antispam gem helps prevent spam in your Rails applications by providing tools that check spam against powerful spam-prevention databases, accessible for free.

The first feature checks against an IP database of spam, allowing you to stop spammers who are prolific and have been detected on other websites. It relies on the lightning-quick httpbl from Project Honey Pot.

The second feature allows you to submit user-provided content to a spam checking service that uses machine learning and a database of content to determine whether the user's submitted content is spam. It uses the blazing fast Defendium API I created to quickly determine if submitted content is spam or not. Defendium's pricing is free for up to 1,000 API calls per day, which should be sufficient for 99% of users.

The two features are optional, and you can use either one without the other.

Spam Content Checking - Usage

result = Antispam::Checker.check(content: @comment.body)
if result.is_spam?
  redirect_to "/access_denied"
else
  @comment.save
end

Bad IP Checking - Usage

The gem is used by adding this to your ApplicationController.rb

before_action do
  check_ip_against_database(ip_blacklists: {default: 'yourcodehere'}, verbose: true)
end

Codes are from the httpbl at projecthoneypot.org

Once the filter is setup, everything else is handled for your application. By default the gem will run during any request that is not a GET request.

When a POST/PATCH/ETC (non-GET) request comes in, the IP blacklist is checked to see if the poster is on a spam blacklist. If the poster is on the blacklist then the request is automatically blocked and redirected to a captcha page. A real user can then enter the captcha to bypass the block. In the future other captcha options may be supported, such as mechanical (hashing) captcha and other types of invisible captcha.

Eventually configurable settings may be in place to give other options when a spammy IP is detected, but the current defaults are set to only block spam in cases where the blacklist is quite certain the IP is only doing spam.

You can change the filter to run during other requests.

before_action do
  check_ip_against_database(ip_blacklists: {default: 'yourcodehere'}, methods: [:get,:post,:put,:patch,:delete])
end

Blacklist database lookups are cached for 24 hours, and cached results won't need to slowdown your app by additional http requests on the backend.

The gem needs to create some database tables to function; these store the cached blacklist database lookups, and any actions caused by the gem.

You need to add this to your routes.rb

  mount Antispam::Engine => "/antispam"

You can see what IP addresses have been blocked by going to /antispam/blocks but your ApplicationController.rb must respond to is_admin? function.

Installation

Add this line to your application's Gemfile:

gem 'antispam'

And then execute:

$ bundle

Or install it yourself as:

$ gem install antispam
$ rails antispam:install:migrations
$ rails db:migrate SCOPE=antispam

The gem depends on image_processing, which depends on vips. We are using vips to generate captcha images.

sudo apt install libvips-tools

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/ryankopf/antispam. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the Antispam project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.

NO WARRANTY

THE SUBJECT SOFTWARE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY THAT THE SUBJECT SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR FREEDOM FROM INFRINGEMENT, ANY WARRANTY THAT THE SUBJECT SOFTWARE WILL BE ERROR FREE, OR ANY WARRANTY THAT DOCUMENTATION, IF PROVIDED, WILL CONFORM TO THE SUBJECT SOFTWARE. THIS SOFTWARE IS PROVIDED "AS IS." IF YOUR JURISDICTION DOES NOT ALLOW THESE LIMITATIONS THEN YOU MAY NOT USE THE SOFTWARE.