Permalink
Browse files

Use url hidden filed as honey pot for spammers, and add to blacklist …

…if anything entered
  • Loading branch information...
1 parent 950ad62 commit 50098cbf81d93353fbcf28761ebea269c6ad2e9e @wolfmanjm committed Nov 10, 2011
@@ -1,6 +1,6 @@
$(document).ready(function() {
$("a#leave_email").click(function(event){
- $("#guest_url").toggle();
+ //$("#guest_url").toggle();
$("#guest_email").toggle();
event.preventDefault();
});
@@ -1,3 +1,4 @@
+include Blacklist
class CommentsController < ApplicationController
before_filter :ensure_authenticated, :except => [:index, :create]
@@ -11,6 +12,13 @@ def create
return
end
+ unless params[:comment][:url].blank?
+ # this is spam if it is filled out
+ add_to_blacklist(request)
+ redirect_to root_path
+ return
+ end
+
@post= Post[params[:postid]]
if @post.nil?
logger.error "post #{params[:postid]} not found for comment"
View
@@ -1,5 +1,7 @@
class Comment < Sequel::Model
plugin :timestamps, :update_on_create => true
+ plugin :validation_helpers
+
many_to_one :post
def validate
View
@@ -1,4 +1,6 @@
class Static < Sequel::Model
+ plugin :validation_helpers
+
def validate
super
validates_presence [:title, :body]
@@ -9,14 +9,14 @@
%td
= f.text_field :name, :size => 20
%small
- %a#leave_email{ :href => '#' } (leave url/email &#187;)
+ %a#leave_email{ :href => '#' } (leave email &#187;)
%tr#guest_url{ :style => "display:none;" }
%td
- %p= f.label :url, "Your blog"
+ %p= f.label :url, "Your blog (do not fill out!)"
%td= f.text_field :url
%tr#guest_email{ :style => "display:none;" }
%td
- %p= f.label :email, "Your email"
+ %p= f.label :email, "Your email (Will not be displayed)"
%td= f.text_field :email
%tr
%td
View
@@ -25,7 +25,7 @@ class Application < Rails::Application
# -- all .rb files in that directory are automatically loaded.
# Custom directories with classes and modules you want to be autoloadable.
- # config.autoload_paths += %W(#{config.root}/extras)
+ config.autoload_paths += %W(#{config.root}/lib/utils)
# Only load the plugins named here, in the order given (default is alphabetical).
# :all can be used as a placeholder for all plugins not explicitly named.
@@ -49,7 +49,7 @@ class Application < Rails::Application
config.encoding = "utf-8"
# Configure sensitive parameters which will be filtered from the log file.
- config.filter_parameters += [:password]
+ #config.filter_parameters += [:password]
# it seems to be causing problems
config.action_controller.allow_forgery_protection = false
@@ -0,0 +1,14 @@
+begin
+ $redis= nil
+ r= Redis.new(:thread_safe => true)
+ if r.ping == 'PONG'
+ puts "setup redis"
+ $redis= r
+ else
+ puts "no redis found"
+ end
+
+rescue
+ puts "no redis server found: #{$!}"
+end
+
View
@@ -0,0 +1,14 @@
+# handles the redis backed blacklist
+module Blacklist
+ def add_to_blacklist(req)
+ ip= req.ip.to_s
+ logger.info "adding #{ip} to blacklist"
+ if $redis
+ $redis.set ip, "H"
+ end
+ end
+
+ module_function :add_to_blacklist
+
+end
+

0 comments on commit 50098cb

Please sign in to comment.