The antispam gem helps prevent spam in your Rails applications by providing tools that check spam against powerful spam-prevention databases, accessible for free.
The first feature checks against an IP database of spam, allowing you to stop spammers who are prolific and have been detected on other websites. It relies on the lightning-quick httpbl from Project Honey Pot.
The second feature allows you to submit user-provided content to a spam checking service that uses machine learning and a database of content to determine whether the user's submitted content is spam. It uses the blazing fast Defendium API I created to quickly determine if submitted content is spam or not. Defendium's pricing is free for up to 1,000 API calls per day, which should be sufficient for 99% of users.
The two features are optional, and you can use either one without the other.
result = Antispam::Checker.check(content: @comment.body)
if result.is_spam?
redirect_to "/access_denied"
else
@comment.save
end
The gem is used by adding this to your ApplicationController.rb
before_action do
check_ip_against_database(ip_blacklists: {default: 'your_api_key_here'}, verbose: true)
end
API Keys can be obtained by visiting the httpbl at projecthoneypot.org
Once the filter is setup, everything else is handled for your application. By default the gem will run during any request that is not a GET request.
When a POST/PATCH/ETC (non-GET) request comes in, the IP blacklist is checked to see if the poster is on a spam blacklist. If the poster is on the blacklist then the request is automatically blocked and redirected to a captcha page. A real user can then enter the captcha to bypass the block. In the future other captcha options may be supported, such as mechanical (hashing) captcha and other types of invisible captcha.
Eventually configurable settings may be in place to give other options when a spammy IP is detected, but the current defaults are set to only block spam in cases where the blacklist is quite certain the IP is only doing spam.
You can change the filter to run during other requests.
before_action do
check_ip_against_database(ip_blacklists: {default: 'yourcodehere'}, methods: [:get,:post,:put,:patch,:delete])
end
Blacklist database lookups are cached for 24 hours, and cached results won't need to slowdown your app by additional http requests on the backend.
The gem needs to create some database tables to function; these store the cached blacklist database lookups, and any actions caused by the gem.
You need to add this to your routes.rb
mount Antispam::Engine => "/antispam"
You can see what IP addresses have been blocked by going to /antispam/blocks
but your ApplicationController.rb must respond to is_admin?
function.
Add this line to your application's Gemfile:
gem 'antispam'
And then execute:
$ bundle
Or install it yourself as:
$ gem install antispam
$ rails antispam:install:migrations
$ rails db:migrate SCOPE=antispam
The gem depends on image_processing, which depends on vips. We are using vips to generate captcha images.
sudo apt install libvips-tools
You need to add this to your routes.rb
mount Antispam::Engine => "/antispam"
Then add to your application controller:
before_action do
check_ip_against_database(ip_blacklists: {default: 'your_api_key_here'}, verbose: true)
end
After checking out the repo, run bin/setup
to install dependencies. Then, run rake spec
to run the tests. You can also run bin/console
for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install
. To release a new version, update the version number in version.rb
, and then run bundle exec rake release
, which will create a git tag for the version, push git commits and tags, and push the .gem
file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/ryankopf/antispam. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.
The gem is available as open source under the terms of the MIT License.
Everyone interacting in the Antispam project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.
THE SUBJECT SOFTWARE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY THAT THE SUBJECT SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR FREEDOM FROM INFRINGEMENT, ANY WARRANTY THAT THE SUBJECT SOFTWARE WILL BE ERROR FREE, OR ANY WARRANTY THAT DOCUMENTATION, IF PROVIDED, WILL CONFORM TO THE SUBJECT SOFTWARE. THIS SOFTWARE IS PROVIDED "AS IS." IF YOUR JURISDICTION DOES NOT ALLOW THESE LIMITATIONS THEN YOU MAY NOT USE THE SOFTWARE.