Ban bots or attackers filtered by requested URL.
I had a big attack by bots that want to fetch sensitive data from the application. I had to block them by IP address. But they were using a lot of IP addresses, so I decided to block them by requested URL. This simple gem is a result of my work with having honeypot for 3 years and what they would like to scan and download.
The list was created specifically for Ruby/Rails apps. Sites using PHP, for example, may be falsely banned. Install the gem and add it to the application's gemfile by executing it:
$ bundle add url_ban_list
or manually by adding gem 'url_ban_list' into your Gemfile.
When you are using Rack-Attack gem, you can add the following code to your config/initializers/rack_attack.rb file:
# config/initializers/rack_attack.rb
class Rack::Attack
# block bots targeting suspicious URLS - ban for 24 hours
blocklist('ban-suspicious-url') do |req|
Rack::Attack::Allow2Ban.filter("ban-get-#{req.ip}-#{OpenSSL::Digest::SHA256.hexdigest(req.user_agent.to_s)}",
maxretry: 0,
findtime: 1.minute,
bantime: 24.hours) do
::UrlBanList::URLS.include?(req.path)
end
end
end
Then restart the app and check the logs in your console when requesting for example:
After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and the created tag, and push the .gem file to rubygems.org.
The gem is available as open source under the terms of the MIT License.
FAQs
Unknown package
We found that url_ban_list demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.