Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Item12393: new plugin to filter incoming requests based on lookups of…
… project honeypot git-svn-id: http://svn.foswiki.org/trunk/HoneyPotPlugin@16534 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
- Loading branch information
CrawfordCurrie
authored and
CrawfordCurrie
committed
Feb 13, 2013
0 parents
commit 7dde4a5
Showing
9 changed files
with
473 additions
and
0 deletions.
There are no files selected for viewing
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
%META:TOPICPARENT{name="Plugins"}% | ||
<!-- | ||
* Set SHORTDESCRIPTION = %SHORTDESCRIPTION% | ||
--> | ||
---+!! Honey Pot Plugin | ||
|
||
%SHORTDESCRIPTION% | ||
|
||
%TOC% | ||
|
||
Public wiki sites are often plagued with spammers and other unwelcome visitors, | ||
such as search engine indexers that can suck the life out of an otherwise | ||
fast site. | ||
|
||
[[http://www.projecthoneypot.org][Project HoneyPot]] has been set up to | ||
record data about IP addresses that constitute a threat to websites, either | ||
because they are an excessive drain on the resources of the sites | ||
or because they are known sources of spam. | ||
|
||
This plugin checks incoming requests against the honeypot database and | ||
rejects operations from IP addresses found there. | ||
|
||
The admin has full control over the operations that are checked, and the | ||
nature of the checks. Configuration is done using the =%SCRIPTURL{configure}%= | ||
interface. | ||
|
||
---++ REST handler | ||
The plugin also publishes a REST handler that can be used to check an IP | ||
address against the database. The handler is called =check= and is passed | ||
the parameters =ip= (the IP address to check) and =tests= (a comma-separated | ||
list of tests to perform). If any of the tests fails, the handler will respond | ||
with a 403 (forbidden) with the name of the failing test in the response body. | ||
For example, | ||
<verbatim> | ||
http://my.foswiki/rest/HoneyPotPlugin/check?ip=12.34.56.78&tests=is_search_engine,is_harvester | ||
</verbatim> | ||
A description of the available tests can be found at http://search.cpan.org/dist/WWW-Honeypot-httpBL/lib/WWW/Honeypot/httpBL.pm | ||
|
||
---++ API | ||
There is also an API that other plugins can use when this plugin is loaded: | ||
|
||
=Foswiki::Plugins::HoneyPotPlugin::check($domain, $tests) -> $result= | ||
* =$domain= - domain name or IP address to check | ||
* =$tests= - either an array of predicate names or a comma-separated | ||
string list of predicates to perform e.g. 'is_comment_spammer,is_search_engine' | ||
|
||
---++ Installation | ||
%$INSTALL_INSTRUCTIONS% | ||
|
||
---++ Info | ||
|
||
| Author: | Foswiki:Main.CrawfordCurrie | | ||
| Copyright: | © 2013, Foswiki Contributors | | ||
| License: | GPL ([[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]) | | ||
| Release: | %$RELEASE% | | ||
| Version: | %$VERSION% | | ||
| Change History: | <!-- versions below in reverse order --> | | ||
| 1.0.0 (13 Feb 2013): | Initial version | | ||
| Home: | http://foswiki.org/Extensions/%TOPIC% | | ||
| Support: | http://foswiki.org/Support/%TOPIC% | | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,176 @@ | ||
# See bottom of file for default license and copyright information | ||
|
||
=begin TML | ||
---+ package Foswiki::Plugins::HoneyPotPlugin | ||
=cut | ||
|
||
package Foswiki::Plugins::HoneyPotPlugin; | ||
|
||
# Always use strict to enforce variable scoping | ||
use strict; | ||
use warnings; | ||
|
||
use Foswiki::Func (); | ||
use Foswiki::Plugins (); | ||
use WWW::Honeypot::httpBL (); | ||
|
||
use version; our $VERSION = version->declare("v1.0.0"); | ||
use Error ':try'; | ||
|
||
our $RELEASE = '2013-02-13'; | ||
our $SHORTDESCRIPTION = | ||
'Use Project !HoneyPot to detect and filter operations initiated from suspected spammers, search engines etc.'; | ||
our $NO_PREFS_IN_TOPIC = 1; | ||
our $honeypotChecked = 0; | ||
|
||
sub initPlugin { | ||
my ( $topic, $web, $user, $installWeb ) = @_; | ||
Foswiki::Func::registerRESTHandler( 'check', \&rest_check ); | ||
|
||
# We have called all the handlers that are used in honeypot | ||
# checking. Reset the globvar for subsequent calls. | ||
$honeypotChecked = 0; | ||
return 1; | ||
} | ||
|
||
# This preload handler is only called in Foswiki 1.2.0 and later. Prior | ||
# to that, the earlyInitHandler is the earliest we can do the honeypot | ||
# check. | ||
sub earlyInitPlugin { | ||
unless ($honeypotChecked) { | ||
preload($Foswiki::Plugins::SESSION); | ||
} | ||
return 0; | ||
} | ||
|
||
# preload handler, called way before anything exciting happens | ||
sub preload { | ||
my ($session) = @_; | ||
|
||
# get the request | ||
my $request = $session->{request}; | ||
if ( $request->can('remote_addr') ) { | ||
my $ipad = $request->remote_addr(); | ||
my $action = $request->action(); | ||
my $conditions = | ||
$Foswiki::cfg{Plugins}{HoneyPotPlugin}{Conditions}{$action}; | ||
if ($conditions) { | ||
my $status = check( $ipad, $conditions ); | ||
if ($status) { | ||
|
||
# Can't use Foswiki logs because they may not be set up yet | ||
# So use the web server log instead. | ||
my $mess = | ||
"Foswiki: HoneyPot rejected '$action' from $ipad: $status"; | ||
print STDERR $mess; | ||
throw Foswiki::EngineException( 403, $mess ); | ||
} | ||
} | ||
} | ||
$honeypotChecked = 1; | ||
} | ||
|
||
=begin TML | ||
---++ StaticMethod check($domain, $tests) -> $result | ||
* =$domain= - domain name or IP address to check | ||
* =$tests= - either an array of predicate names or a comma-separated | ||
string list of predicates to perform e.g. | ||
'is_comment_spammer,is_search_engine' | ||
Check Project Honeypot for the given domain (or IP address string). | ||
If it's OK, return '', otherwise return the name of the check that | ||
failed. | ||
Note that if the domain name can't be resolved to a valid IP address, | ||
then the honeypot will *not* reject it. | ||
=cut | ||
|
||
sub check { | ||
my ( $domain, $hp_rej ) = @_; | ||
my $hp_key = $Foswiki::cfg{Plugins}{HoneyPotPlugin}{APIKey}; | ||
return '' unless ( $hp_key && $hp_rej ); | ||
unless ( ref($hp_rej) ) { | ||
$hp_rej = [ split( /[,\s]+/, $hp_rej ) ]; | ||
} | ||
return '' unless ( $hp_rej && scalar(@$hp_rej) ); | ||
|
||
my $ipad; | ||
if ( $domain =~ /^\d+\.\d+\.\d+\.\d+$/ ) { | ||
|
||
# Already an IP address | ||
$ipad = $domain; | ||
} | ||
else { | ||
|
||
# Get IP address | ||
my $packed_ip = gethostbyname($domain); | ||
$ipad = $packed_ip ? Socket::inet_ntoa($packed_ip) : undef; | ||
} | ||
|
||
# No IP address to check | ||
return '' unless $ipad; | ||
|
||
return '' if $ipad eq '127.0.0.1'; | ||
|
||
my $honeypot = WWW::Honeypot::httpBL->new( { access_key => $hp_key } ); | ||
$honeypot->fetch($ipad); | ||
foreach my $criterium (@$hp_rej) { | ||
|
||
# is_harvester is_comment_spammer is_search_engine is_suspicious | ||
if ( $honeypot->can($criterium) && $honeypot->$criterium() ) { | ||
return $criterium; # reject! | ||
} | ||
} | ||
return ''; | ||
} | ||
|
||
sub rest_check { | ||
my ( $session, $subject, $verb, $response ) = @_; | ||
my $query = Foswiki::Func::getCgiQuery(); | ||
unless ($query) { | ||
print CGI::header( -status => 500 ); | ||
return undef; | ||
} | ||
my $ip = $query->param('ip'); | ||
my $tests = $query->param('tests'); | ||
my $result = ''; | ||
if ( $ip && $tests ) { | ||
$result = check( $ip, $tests ); | ||
} | ||
my $status = $result ? 403 : 200; | ||
$response->header( | ||
-status => $status, | ||
-type => 'text/plain', | ||
-charset => 'UTF-8' | ||
); | ||
$response->body($result); | ||
return undef; | ||
} | ||
|
||
1; | ||
|
||
__END__ | ||
Foswiki - The Free and Open Source Wiki, http://foswiki.org/ | ||
Author: CrawfordCurrie | ||
Copyright (C) 2013 Foswiki Contributors. Foswiki Contributors | ||
are listed in the AUTHORS file in the root of this distribution. | ||
NOTE: Please extend that file, not this notice. | ||
This program is free software; you can redistribute it and/or | ||
modify it under the terms of the GNU General Public License | ||
as published by the Free Software Foundation; either version 2 | ||
of the License, or (at your option) any later version. For | ||
more details read LICENSE in the root of this distribution. | ||
This program is distributed in the hope that it will be useful, | ||
but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
As per the GPL, removal of this notice is prohibited. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# ---+ Extensions | ||
# ---++ HoneyPotPlugin | ||
# **STRING 40** | ||
# Your Project Honeypot http:BL API key (if you have one; if not, register at <a href='http://www.projecthoneypot.org'>http://www.projecthoneypot.org</a> and get one). Leave blank if honeypot checking is not required. | ||
$Foswiki::cfg{Plugins}{HoneyPotPlugin}{APIKey} = ''; | ||
|
||
# **PERL** | ||
# Lists of conditions to test against the honeypot for different actions e.g. | ||
# view, attach, save, edit. Each list is a list of names of predicates e.g. | ||
# <tt>is_comment_spammer,is_suspicious</tt>. Visit <a href='http://search.cpan.org/dist/WWW-Honeypot-httpBL/lib/WWW/Honeypot/httpBL.pm'>http://search.cpan.org/dist/WWW-Honeypot-httpBL/lib/WWW/Honeypot/httpBL.pm</a> | ||
# for more details on the available predicates. If the IP address of the | ||
# source of the save request triggers any of these predicates, then the | ||
# save will be rejected. | ||
$Foswiki::cfg{Plugins}{HoneyPotPlugin}{Conditions} = { | ||
'save' => [ 'is_comment_spammer', 'is_suspicious' ], | ||
'attach' => [ 'is_comment_spammer', 'is_suspicious' ], | ||
'view' => [ 'is_harvester' ], | ||
'edit' => [ 'is_search_engine', 'is_harvester', 'is_suspicious' ], | ||
'rest' => [ 'is_comment_spammer', 'is_search_engine', 'is_harvester', 'is_suspicious' ], | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
WWW::Honeypot::httpBL,>0,perl,required |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
!noci | ||
data/System/HoneyPotPlugin.txt 0644 Documentation page | ||
lib/Foswiki/Plugins/HoneyPotPlugin.pm 0444 Perl module | ||
lib/Foswiki/Plugins/HoneyPotPlugin/Config.spec 0444 Configuration |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
#!/usr/bin/perl -w | ||
# | ||
# Example build class. Copy this file to the equivalent place in your | ||
# plugin or contrib and edit. | ||
# | ||
# Read the comments at the top of lib/Foswiki/Contrib/Build.pm for | ||
# details of how the build process works, and what files you | ||
# have to provide and where. | ||
# | ||
# Requires the environment variable FOSWIKI_LIBS (a colon-separated path | ||
# list) to be set to point at the build system and any required dependencies. | ||
# Usage: ./build.pl [-n] [-v] [target] | ||
# where [target] is the optional build target (build, test, | ||
# install, release, uninstall), test is the default. | ||
# Two command-line options are supported: | ||
# -n Don't actually do anything, just print commands | ||
# -v Be verbose | ||
# | ||
|
||
# Standard preamble | ||
use strict; | ||
use warnings; | ||
|
||
BEGIN { unshift @INC, split( /:/, $ENV{FOSWIKI_LIBS} ); } | ||
|
||
use Foswiki::Contrib::Build; | ||
|
||
# Create the build object | ||
my $build = new Foswiki::Contrib::Build('HoneyPotPlugin'); | ||
|
||
# Build the target on the command line, or the default target | ||
$build->build( $build->{target} ); | ||
|
||
=begin TML | ||
You can do a lot more with the build system if you want; for example, to add | ||
a new target, you could do this: | ||
<verbatim> | ||
{ | ||
package MyModuleBuild; | ||
our @ISA = qw( Foswiki::Contrib::Build ); | ||
sub new { | ||
my $class = shift; | ||
return bless( $class->SUPER::new( "MyModule" ), $class ); | ||
} | ||
sub target_mytarget { | ||
my $this = shift; | ||
# Do other build stuff here | ||
} | ||
} | ||
# Create the build object | ||
my $build = new MyModuleBuild(); | ||
</verbatim> | ||
You can also specify a different default target server for uploads. | ||
This can be any web on any accessible Foswiki installation. | ||
These defaults will be used when expanding tokens in .txt | ||
files, but be warned, they can be overridden at upload time! | ||
<verbatim> | ||
# name of web to upload to | ||
$build->{UPLOADTARGETWEB} = 'Extensions'; | ||
# Full URL of pub directory | ||
$build->{UPLOADTARGETPUB} = 'http://foswiki.org/pub'; | ||
# Full URL of bin directory | ||
$build->{UPLOADTARGETSCRIPT} = 'http://foswiki.org/bin'; | ||
# Script extension | ||
$build->{UPLOADTARGETSUFFIX} = ''; | ||
</verbatim> | ||
=cut | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# See bottom of file for license and copyright information | ||
package HoneyPotPluginSuite; | ||
|
||
use strict; | ||
use warnings; | ||
|
||
use Unit::TestSuite; | ||
our @ISA = 'Unit::TestSuite'; | ||
|
||
sub name { 'HoneyPotPluginSuite' } | ||
|
||
sub include_tests { qw(HoneyPotPluginTests) } | ||
|
||
1; | ||
__END__ | ||
Foswiki - The Free and Open Source Wiki, http://foswiki.org/ | ||
Author: CrawfordCurrie | ||
Copyright (C) 2008-2011 Foswiki Contributors. Foswiki Contributors | ||
are listed in the AUTHORS file in the root of this distribution. | ||
NOTE: Please extend that file, not this notice. | ||
This program is free software; you can redistribute it and/or | ||
modify it under the terms of the GNU General Public License | ||
as published by the Free Software Foundation; either version 2 | ||
of the License, or (at your option) any later version. For | ||
more details read LICENSE in the root of this distribution. | ||
This program is distributed in the hope that it will be useful, | ||
but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
As per the GPL, removal of this notice is prohibited. |
Oops, something went wrong.