On Sun, Sep 26, 2010 at 4:47 AM, Michael Warchut <mwarchut@...:
> I have a website that has a contact page on it that can reach out 20k or so
> members individually. Lately spammers have been posting to that page to
> each member individually. It is always the same message to each of them.
> Is there an easy way to block this restricting it to the know posting URL
> and by scanning the posting for a know value that shows up every time. Like
> an email address per se.
Say for example the email address was attacker@..., something like
the following rule should work:
SecRule ARGS "attacker@..."
You could further tighten this up to only look in the appropriate parameter
name as well.