Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cedric/spamtrap

This is a simple spamtrap to fight spamdexing. You can create bogus form fields (honeypots) that will be filled-in by spambots. When these forms are submitted, the content will be discarded while still returning a 200 response.
https://github.com/cedric/spamtrap

Last synced: 26 days ago
JSON representation

Host: GitHub
URL: https://github.com/cedric/spamtrap
Owner: cedric
Created: 2010-10-19T23:31:42.000Z (about 14 years ago)
Default Branch: master
Last Pushed: 2018-09-05T14:56:21.000Z (over 6 years ago)
Last Synced: 2024-09-19T13:50:52.851Z (3 months ago)
Language: Ruby
Homepage: https://github.com/cedric/spamtrap
Size: 28.3 KB
Stars: 12
Watchers: 2
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.rdoc

Awesome Lists containing this project

awesome-honeypot - **9**星 - in by spambots. When these forms are submitted, the content will be discarded while still returning a 200 response. (<a id="a53d22b9c5d09dc894413453f4755658"></a>未分类)

README

{}[http://badge.fury.io/rb/spamtrap]
{ Build Status }[https://travis-ci.org/cedric/spamtrap]
{}[https://codeclimate.com/github/cedric/spamtrap]

== Spamtrap

This is a simple {spamtrap}[http://en.wikipedia.org/wiki/Spamtrap] to fight {spamdexing}[http://en.wikipedia.org/wiki/Spamdexing]. You can create bogus form fields ({honeypots}[http://en.wikipedia.org/wiki/Honeypot_%28computing%29]) that will be filled-in by spambots. When these forms are submitted, the content will be discarded while still returning a 200 response.

=== Installation

In Rails 2.3, add the following to your environment.rb:

config.gem 'spamtrap'

In Rails 3+ (or if using Bundler), add the following to your Gemfile:

gem 'spamtrap'

=== Example

Declare the controller actions you want the spamtrap enabled for:

class CommentsController < ApplicationController
spamtrap :sarah_palin_walks_with_dinosaurs, only: %i(create update)
end

In your views, add a call to the "spamtrap" form builder to your forms to output the honeypot fields:

- form_for @comment do |f|
= f.spamtrap :sarah_palin_walks_with_dinosaurs, class: 'reindeer_jerky'
%fieldset
= f.label :body
= f.text_area :body
= f.submit

Now you just need to hide the spamtrap from your real users by adding this to your CSS:

.reindeer_jerky { display: none; }

The spamtrap mix-in can also take an optional block, where you can do more advance things -- like swapping the honeypot with a real form parameter.

=== To Do

- Add a cryptographic nonce to prevent replay attacks. It would probably be an MD5 hash consisting of a timestamp, ip address and a secret token. The timeout would be configurable.
- Consider field name mutation throughout form.
- Write some tests. Ack!

=== License

(The MIT License)

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
'Software'), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.