[users@httpd] Blacklists & similar to avoid e.g. forum spam

Mon, 11 Feb 2008 09:56:02 -0800 

Dear Experts,
Would anyone like to share any strategies for blocking forum spam and similar nastiness? 


I have a couple of forums which were totally filled with spam when I 
was once on holiday.  When I got back I had to take them down for ages 
to clean them up, and then added a "captcha" mechanism to prevent 
further attacks.  This seems to have worked (fingers crossed).  
However, I still see vast numbers of attempted attacks: so much so that 
these accesses dominate the sites' bandwidth usage.  It's not a huge 
problem at present, but it's clear that e.g. a ten-fold increase could 
easily happen overnight and would start to get expensive.



I've also started to see sites that just download large files over and 
over again, and I'm writing this message now because an address in 
Indonesia has downloaded one largish file 1664 times in the last two 
hours.  Again, the bandwith is not yet a problem, but I think I need to 
do something - or at least know what I could do - before it becomes one.



I guess that the accesses come from "botnets" of compromised Windows 
machines.  The IP addresses that I have checked look like DSL lines.



So, I was wondering whether there are IP blocklists that I could apply 
- that strategy seems to work well for email.  But there are a few obstacles:



- For email filtering, the prevalent view seems to be to not identify 
individual compromised home computers, but rather to block the entire 
IP ranges of DSL providers.  This is fine for email but obviously isn't 
appropriate for the web.



- For email, the latency of doing a DNS blocklist lookup per connection 
is acceptable.  But for a web server, latency is more undesirable.  I 
imagine that it would be satisfactory to reject connections only if 
they were blocked by a locally cached blocklist entry, and to check new 
connections in the background.


- Finally, I don't see any support for this sort of thing in Apache.

Perhaps people have other strategies?

Many thanks for any suggestions.

Phil.





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to