honeypot

Catch bad guys when they stick their hands in the honey.

rails 3 only

uses rack

honeypot models

honeypots (aka requestables like User, Vote, etc.) should define #actor

class User < ActiveRecord::Base
  has_many :votes
  include Honeypot
  def actor; self; end
end

class Vote < ActiveRecord::Base
  belongs_to :user
  include Honeypot
  def actor; user; end
end

usage in controllers

when somebody touches a honeypot, make sure to log it:

class UsersController < ApplicationController
  def create
    # [...]
    @user.log_remote_request(request)
    # [...]
  end
end

class VotesController < ApplicationController
  def create
    # [...]
    @vote.log_remote_request(request)
    # [...]
  end
end

and be creative…

class SessionController < ApplicationController
  # notice when a User logs in
  def create
    # [...]
    current_user.log_remote_request(request)
    # [...]
  end
end

migration

create_table "remote_hosts" do |t|
  t.string   "ip_address"
  t.string   "hostname"
  t.datetime "created_at"
  t.datetime "updated_at"
  t.float    "latitude"
  t.float    "longitude"
  t.string   "city"
  t.string   "country_code"
  t.string   "state_name"
end
add_index "remote_hosts", ["ip_address"], :name => "index_remote_hosts_on_ip_address"
create_table "remote_requests" do |t|
  t.integer  "requestable_id"
  t.string   "requestable_type"
  t.integer  "remote_host_id"
  t.integer  "hits"
  t.string   "last_http_referer"
  t.string   "last_request_uri"
  t.datetime "created_at"
  t.datetime "updated_at"
end
add_index "remote_requests", ["remote_host_id"], :name => "index_remote_requests_on_remote_host_id"
add_index "remote_requests", ["requestable_type", "requestable_id"], :name => "index_remote_requests_on_requestable"

Acknowledgements

in production use at brighterplanet.com

Copyright © 2010 Seamus Abshere. See LICENSE for details.