Class: Trackguard::DetectSuspiciousVisitorsJob

Inherits:
ApplicationJob
  • Object
show all
Defined in:
app/jobs/trackguard/detect_suspicious_visitors_job.rb

Constant Summary collapse

HARD_FLAG_THRESHOLD = 
50
HIGH_VOLUME_MIN = 
20
MEDIUM_VOLUME_MIN = 
10
FLAG_SCORE_THRESHOLD = 
6
MIN_VIEWS = 
3
WEIGHTS = 
{
  high_volume: 4,
  medium_volume: 2,
  no_session: 3,
  no_referer: 2
}.freeze

Instance Method Summary collapse

Instance Method Details

#performObject 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'app/jobs/trackguard/detect_suspicious_visitors_job.rb', line 18

def perform
  recent_cutoff = 24.hours.ago

  flag_shared_trace_id_visitors(recent_cutoff)

  views_by_visitor = PageView
                     .where(created_at: recent_cutoff..)
                     .joins(:visitor)
                     .merge(Visitor.unflagged)
                     .preload(visitor: :whitelisted_ip)
                     .select(:visitor_id, :session_id, :referer, :path, :trace_id)
                     .group_by(&:visitor)

  return if views_by_visitor.empty?

  views_by_visitor.each do |visitor, views|
    analyze_visitor(visitor, views)
  end
end