Handling InvalidAuthenticityToken from bots

I’m using exception_notifier to get an email when a 500 error occurs
in production. Lately I’m seeing a lot of nonsensical POSTs show up
that cause an InvalidAuthenticityToken error. All the fields contain
random characters. (For instance, “search_title”=>“BHQWTZpjGeb”)

Is there a way to detect them and not send the email, while still
sending the email in all other cases? I don’t want to get used to
these emails and miss one that is an actual bug in production.

How about grabbing “HTTP_USER_AGENT” from the request?

HI Paul,

On Thu, Feb 17, 2011 at 9:01 AM, paul [email protected] wrote:

I’m using exception_notifier to get an email when a 500 error occurs
in production. Lately I’m seeing a lot of nonsensical POSTs show up
that cause an InvalidAuthenticityToken error. All the fields contain
random characters. (For instance, “search_title”=>“BHQWTZpjGeb”)

Is there a way to detect them and not send the email, while still
sending the email in all other cases? I don’t want to get used to
these emails and miss one that is an actual bug in production.

I’m not sure what the interplay with the exception_notifier would be
but a rescue_from before filter will let you specifically handle the
InvalidAuthenticityToken exceptions.

HTH,
Bill

Actually, I already have rescue_action_in_public. That’s how
exception_notifier sends the email.

But I just did a search and see a disturbing discussion:
https://rails.lighthouseapp.com/projects/8994/tickets/5444-rescue_action_in_public-no-longer-works

Anyway, it seems like rescue_action_in_public does work for me, so I’m
not sure I understand that, but in any case, the error message I get
from the bot reports the HTTP_USER_AGENT as “Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; SV1)”, so that isn’t a good indicator. I
haven’t seen anything in the error message that I can use to filter
on.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs