in Rails

Typo trackback Spam

Taking a look at lib/spam_protection.rb, and scan_uri called when adding a trackback, scan_uri only checks against the RBL database.

So I’ve added the following to scan_uri:

# Pattern scanning
BlacklistPattern.find_all.each do |pattern|
  logger.info(“[SP] Scanning domain for #{pattern.class} #{pattern.pattern}”)

  if pattern.kind_of?(RegexPattern)
    throw :hit, “Regex #{pattern.pattern} matched on host” if domain.join(‘.’).match(/#{pattern.pattern}/)
  else
    throw :hit, “String #{pattern.pattern} matched on host” if domain.join(‘.’).match(/\b#{Regexp.quote(pattern.pattern)}\b/)
  end
end

Ultimately, this code should be factored out and called from scan_text and scan_uri.
So here’s the full version:

def scan_uri(host)
return scan_ip(host) if host =~ Format::IP_ADDRESS

host_parts = host.split(‘.’).reverse
domain = Array.new

# Check for two level TLD
(SECOND_LEVEL.include?(host_parts[1]) ? 3:2).times do
  domain.unshift(host_parts.shift)
end

# Pattern scanning
BlacklistPattern.find_all.each do |pattern|
  logger.info(“[SP] Scanning domain for #{pattern.class} #{pattern.pattern}”)

  if pattern.kind_of?(RegexPattern)
    throw :hit, “Regex #{pattern.pattern} matched on host” if domain.join(‘.’).match(/#{pattern.pattern}/)
  else
    throw :hit, “String #{pattern.pattern} matched on host” if domain.join(‘.’).match(/\b#{Regexp.quote(pattern.pattern)}\b/)
  end
end
logger.info(“[SP] Scanning domain #{domain.join(‘.’)}”)
query_rbls(HOST_RBLS, host, domain.join(‘.’))
end

I’ll run this for a few days, and if it works, I will add a patch to the typo trac database.

So far, with the right pattern in the blacklist, it has been able to fend off one attack. So far, so good :)

[SP] Scanning for StringPattern HIDDEN
[SP] Scanning for StringPattern HIDDEN
[SP] Scanning IP 193.219.28.245
[SP] Scanning domain for StringPattern HIDDEN
[SP] Hit: String HIDDENmatched on host

I’ve replaced the pattern with HIDDEN just not to give this guy more publicity than he deserves.