httpbl-beta — mod_httpbl Beta Testers

[Httpbl-beta] CVS-Tree @ SF.net empty?!

[ZyanKLee <zya...@zy...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey you!

had a look for the new version of httpbl some minutes ago. The tree
was completely empty. What did you do? Why? What do you plan on doing?
Tell us ... PLEASE!

Greetz, Phillip aka ZyanKLee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGSPD4zm5dqFl4dvsRAi7oAJ4gf+c4SXpro2y5lLRBrG4PTNl9TQCgoGWo
SIqXn3nrwq0m9vxG/Py251s=
=cqti
-----END PGP SIGNATURE-----

Re: [Httpbl-beta] Server+Mod running, tests incomplete?

[jesse k. <je...@te...>]

thanks for the input!

On 5/3/07, Matthew Prince <ma...@ma...> wrote:
> Very cool! What platform are you running it on (OS version,
> processor, etc.) and what version of Apache?

geekosphere.org
- Athlon 64 3700+, 2GB DDR400 RAM on a 28Gbit Line in Germany
- 2.6.20-cks1-r1 x86_64
- <3 Gentoo Base System release 1.12.10 (gcc-4.1.2, glibc-2.5-r1)

apache 2.2.4 (16:53:11 20.04.2007)
- Flags: -debug -doc ldap -mpm-event -mpm-peruser -mpm-prefork
-mpm-worker -no-suexec -selinux ssl -static-modules -threads

We're running a wordpress blog with akismet (an antispam plugin).
today it captured about 3 spam comments instead of the usual 50. I'm
quite happy with that.

I like cutting-edge stuff and this seems like one of the best projects
on the spam topic ever. I'll gladly help testing any way I can.

good job guys!

Re: [Httpbl-beta] Server+Mod running, tests incomplete?

[ZyanKLee <zya...@zy...>]

Sounds nice.
> To give you some sneak previews:
>
> - Authenticate with Project Honey Pot RBL
> Checks that your Access Key is valid. Currently this check is not  
> enabled.
>
> - Submit 404 Data
> One of the ways that "script kiddies" look for exploits is by trying  
> random URLs on your server and seeing if you have vulnerable software  
> installed. For the most part, this results in 404 (page not found)  
> errors. By recording these 404 errors we can look for patterns and  
> add the IPs that are clearly out to find exploits to the http:BL. If  
> you'd prefer to not share this data with us, you can turn it off  
> through a directive.
>
> - Submit POST data to server
> Checks that we can POST to a remote server and receive a response.  
> Critical for a number of functions, including virtual honey pots.  
> We're still testing this internally, but expect to release a copy of  
> the code with it enabled soon.
>
> - Query for Honey Pot
> Checks to see if you can enable a virtual honey pot. This allows you  
> to define a URL that will act as a honey pot. The honey pot receives  
> data from our central servers, including, potentially, specially  
> tagged email addresses, trap forms, and other tests of bots. Data  
> from the honey pot is then transmitted back to Project Honey Pot to,  
> where appropriate, be included in http:BL.
>   
Have you made plans about using the output of mod_security to find those 
hosts that scan for known security-holes?
That might be a nice feature, too.

Phillip

Re: [Httpbl-beta] Server+Mod running, tests incomplete?

[Matthew P. <ma...@ma...>]

> woot, mod_httpbl is running on my server :-)

Very cool! What platform are you running it on (OS version,  
processor, etc.) and what version of Apache?

> Like Erich posted on
> http://sourceforge.net/tracker/index.php? 
> func=detail&aid=1711506&group_id=194880&atid=951201
> before, I only have access to the diagnostics page.
>
> [ + ]   Write to the log directory (/var/log/apache2/)
> [ + ]   Write to the repos directory (/usr/lib64/apache2/logs/)
> [ + ]   Resolve and reach the RBL domain (www.projecthoneypot.org)
> [ * ]   Authenticate with the Project Honey Pot RBL  
> (*.dave.httpbl.org)
> [ * ]   Submit 404 data to the server
> (http://192.168.3.100:11000/record_404.php)
> [ * ]   Submit POST data to the server
> (http://192.168.3.100:11000/record_post.php)
> [ * ]   Query for honeypots (http://hpr1.projecthoneypot.org/cgi/ 
> serve.php)
>
> Is it alright that the authenticate and further tests are not  
> performed?

Yes. Right now the first three tests are key, the remaining tests are  
for features that have not been implemented yet -- but will be soon!

To give you some sneak previews:

- Authenticate with Project Honey Pot RBL
Checks that your Access Key is valid. Currently this check is not  
enabled.

- Submit 404 Data
One of the ways that "script kiddies" look for exploits is by trying  
random URLs on your server and seeing if you have vulnerable software  
installed. For the most part, this results in 404 (page not found)  
errors. By recording these 404 errors we can look for patterns and  
add the IPs that are clearly out to find exploits to the http:BL. If  
you'd prefer to not share this data with us, you can turn it off  
through a directive.

- Submit POST data to server
Checks that we can POST to a remote server and receive a response.  
Critical for a number of functions, including virtual honey pots.  
We're still testing this internally, but expect to release a copy of  
the code with it enabled soon.

- Query for Honey Pot
Checks to see if you can enable a virtual honey pot. This allows you  
to define a URL that will act as a honey pot. The honey pot receives  
data from our central servers, including, potentially, specially  
tagged email addresses, trap forms, and other tests of bots. Data  
from the honey pot is then transmitted back to Project Honey Pot to,  
where appropriate, be included in http:BL.

Thanks for your help testing this on a number of platforms. We should  
have a new version with James's patch and more features out soon. If  
anyone is feeling ambitious and wants to try and port this over to  
Apache1.x, that's something we have a long range plan for, and we  
consider important, but is not high on our internal priority list.

Thanks!
Matthew.

Re: [Httpbl-beta] Server+Mod running, tests incomplete?

[David W. <djw...@gm...>]

Jesse,
   Tests which are not performed are okay.

   As of now, it means that the diagnostics page is not fully supported (the
code for those tests is not written or not complete).  In the future, it
will likely mean something slightly different.

   Tests 1-3 should all be green [test passed]; all other tests should be
blue [not tested].  This is true for revisions 1.1, 1.1.1.1, and 1.2.

   I plan on hiding the tests until they are implemented, which won't happen
until after version 1.2.

Dave




On 5/2/07, jesse keys <je...@te...> wrote:
>
> woot, mod_httpbl is running on my server :-)
>
> Like Erich posted on
>
> http://sourceforge.net/tracker/index.php?func=detail&aid=1711506&group_id=194880&atid=951201
> before, I only have access to the diagnostics page.
>
> [ + ]   Write to the log directory (/var/log/apache2/)
> [ + ]   Write to the repos directory (/usr/lib64/apache2/logs/)
> [ + ]   Resolve and reach the RBL domain (www.projecthoneypot.org)
> [ * ]   Authenticate with the Project Honey Pot RBL (*.dave.httpbl.org)
> [ * ]   Submit 404 data to the server
> (http://192.168.3.100:11000/record_404.php)
> [ * ]   Submit POST data to the server
> (http://192.168.3.100:11000/record_post.php)
> [ * ]   Query for honeypots (http://hpr1.projecthoneypot.org/cgi/serve.php
> )
>
> Is it alright that the authenticate and further tests are not performed?
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>



-- 
David Wortham
Senior Web Applications Developer
Unspam Technologies, Inc.
1901 Prospector Dr. #30
Park City, UT 84060
(435) 513-0672

[Httpbl-beta] Server+Mod running, tests incomplete?

[jesse k. <je...@te...>]

woot, mod_httpbl is running on my server :-)

Like Erich posted on
http://sourceforge.net/tracker/index.php?func=detail&aid=1711506&group_id=194880&atid=951201
before, I only have access to the diagnostics page.

[ + ]   Write to the log directory (/var/log/apache2/)
[ + ]   Write to the repos directory (/usr/lib64/apache2/logs/)
[ + ]   Resolve and reach the RBL domain (www.projecthoneypot.org)
[ * ]   Authenticate with the Project Honey Pot RBL (*.dave.httpbl.org)
[ * ]   Submit 404 data to the server
(http://192.168.3.100:11000/record_404.php)
[ * ]   Submit POST data to the server
(http://192.168.3.100:11000/record_post.php)
[ * ]   Query for honeypots (http://hpr1.projecthoneypot.org/cgi/serve.php)

Is it alright that the authenticate and further tests are not performed?

Re: [Httpbl-beta] Not compiling with apache 2.2.4 on gentoo

[Eric L. <er...@pr...>]

That's great news! We will work on incorporating them into the build.

Thank you Jesse for testing it and Thank you James for providing a patch!

 

-----Original Message-----
From: htt...@li...
[mailto:htt...@li...] On Behalf Of jesse keys
Sent: Wednesday, May 02, 2007 11:26 PM
To: mod_httpbl Beta Testers
Subject: Re: [Httpbl-beta] Not compiling with apache 2.2.4 on gentoo

it builds perfectly with James' patch :)

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express Download DB2 Express C - the
FREE version of DB2 express and take control of your XML. No limits. Just
data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Httpbl-beta mailing list
Htt...@li...
https://lists.sourceforge.net/lists/listinfo/httpbl-beta

Re: [Httpbl-beta] Not compiling with apache 2.2.4 on gentoo

[jesse k. <je...@te...>]

it builds perfectly with James' patch :)

[Httpbl-beta] APR 0.9 v. 1.2: apr_socket_create and APR_BRIGADE_FOREACH

[James B. <jmb...@ha...>]

> /opt/mod_httpbl.c: In function 'make_simple_http_request':
> /opt/mod_httpbl.c:5201: warning: passing argument 4 of
> 'apr_socket_create' makes integer from pointer without a cast
> /opt/mod_httpbl.c:5201: error: too few arguments to function 'apr_socket_create'
> /opt/mod_httpbl.c: In function 'replace_email_filter':
> /opt/mod_httpbl.c:7311: error: expected ';' before '{' token

I've also seen this on FC6.

If you're using APR 1.2, you'll need to change the invocation of
apr_socket_create and use alternatives to APR_BRIGADE_FOREACH:

diff -r1.1.1.1 mod_httpbl.c
5201c5201
<         rv = apr_socket_create(&s, sa->family, SOCK_STREAM, /*APR_PROTO_TCP, */mp); // it appears my version of APR has different parameters than my template code
---
>         rv = apr_socket_create(&s, sa->family, SOCK_STREAM, APR_PROTO_TCP, mp);
7310c7310,7311
<     APR_BRIGADE_FOREACH(e, bb)
---
>     for(e = APR_BRIGADE_FIRST(bb); e != APR_BRIGADE_SENTINEL(bb);
>       e = APR_BUCKET_NEXT(e))

0.9 has apr_socket_create and apr_socket_create_ex, the latter taking the extra param;
1.2 has apr_socket_create which is the 5-param version.

APR_BRIGADE_FOREACH is deprecated in 0.9 and gone in 1.2.

regards,
James
-- 
James Beckett <jm...@ha...> <http://www.hackery.net/jmb/>
F601 C085 1482 B92A C812  556C A985 1497 209B 4E65

Re: [Httpbl-beta] Not compiling with apache 2.2.4 on gentoo

[ZyanKLee <zya...@zy...>]

Ok, I saw recently, that there is no difference between 1.1 and 1.1.1.1
but somehow it is really strange - I'll have a look at it tomorrow with 
my test-system here (running gentoo, too)
with debian 3.1 it went all very smooth


jesse keys schrieb:
> thanks for the reply, got the same error unfortunately :(
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>   

Re: [Httpbl-beta] Not compiling with apache 2.2.4 on gentoo

[jesse k. <jes...@go...>]

thanks for the reply, got the same error unfortunately :(

Re: [Httpbl-beta] Not compiling with apache 2.2.4 on gentoo

[ZyanKLee <zya...@zy...>]

try this one:
http://httpbl.cvs.sourceforge.net/*checkout*/httpbl/mod_httpbl_for_apache_2.0/mod_httpbl_source/mod_httpbl.c?revision=1.1.1.1



jesse keys schrieb:
> Hi,
>
> ihr seid ja Deutsche ;-)
>
> I'll try in english as I'm not sure which is the official language here.
>
> My problem is that I just tried to compile
> http://httpbl.cvs.sourceforge.net/.../mod_httpbl.c?revision=1.1 with
> apxs2 which results in
>
> $ /usr/sbin/apxs2 -c -i -a /opt/mod_httpbl.c
> /usr/bin/libtool --silent --mode=compile x86_64-pc-linux-gnu-gcc
> -prefer-pic -O3 -march=athlon64 -falign-functions=64
> -fomit-frame-pointer -pipe  -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE
> -pthread -I/usr/include/apache2  -I/usr/include/apr-1
> -I/usr/include/apr-1 -I/usr/include/db4.5  -c -o /opt/mod_httpbl.lo
> /opt/mod_httpbl.c && touch /opt/mod_httpbl.slo
> /opt/mod_httpbl.c: In function 'make_simple_http_request':
> /opt/mod_httpbl.c:5201: warning: passing argument 4 of
> 'apr_socket_create' makes integer from pointer without a cast
> /opt/mod_httpbl.c:5201: error: too few arguments to function 'apr_socket_create'
> /opt/mod_httpbl.c: In function 'replace_email_filter':
> /opt/mod_httpbl.c:7311: error: expected ';' before '{' token
> apxs:Error: Command failed with rc=65536
>
>
> Some debugging information:
>
> $ apache2 -l
> Compiled in modules:
>   core.c
>   prefork.c
>   http_core.c
>   mod_so.c
>
> $ apache2 -V
> Server version: Apache/2.2.4 (Unix)
> Server built:   Apr 20 2007 16:50:54
> Server's Module Magic Number: 20051115:4
> Server loaded:  APR 1.2.8, APR-Util 1.2.8
> Compiled using: APR 1.2.8, APR-Util 1.2.8
> Architecture:   64-bit
> Server MPM:     Prefork
>   threaded:     no
>     forked:     yes (variable process count)
> Server compiled with....
>  -D APACHE_MPM_DIR="server/mpm/prefork"
>  -D APR_HAS_SENDFILE
>  -D APR_HAS_MMAP
>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>  -D APR_USE_SYSVSEM_SERIALIZE
>  -D APR_USE_PTHREAD_SERIALIZE
>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>  -D APR_HAS_OTHER_CHILD
>  -D AP_HAVE_RELIABLE_PIPED_LOGS
>  -D DYNAMIC_MODULE_LIMIT=128
>  -D HTTPD_ROOT="/usr"
>  -D SUEXEC_BIN="/usr/sbin/suexec2"
>  -D DEFAULT_PIDLOG="/var/run/httpd.pid"
>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>  -D DEFAULT_LOCKFILE="/var/run/accept.lock"
>  -D DEFAULT_ERRORLOG="logs/error_log"
>  -D AP_TYPES_CONFIG_FILE="/etc/mime.types"
>  -D SERVER_CONFIG_FILE="/etc/httpd.conf"
>
>
> I tried it on a friend's server (debian/testing) just for the heck of
> it (apache 2.2.3):
>
> mod_httpbl.c:7635: error: expected '=', ',', ';', 'asm' or
> '__attribute__' before 'httpbl_module'
> apxs:Break: Command failed with rc=1
>
>
> Thanks in advance!
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>   

[Httpbl-beta] Not compiling with apache 2.2.4 on gentoo

[jesse k. <je...@te...>]

Hi,

ihr seid ja Deutsche ;-)

I'll try in english as I'm not sure which is the official language here.

My problem is that I just tried to compile
http://httpbl.cvs.sourceforge.net/.../mod_httpbl.c?revision=1.1 with
apxs2 which results in

$ /usr/sbin/apxs2 -c -i -a /opt/mod_httpbl.c
/usr/bin/libtool --silent --mode=compile x86_64-pc-linux-gnu-gcc
-prefer-pic -O3 -march=athlon64 -falign-functions=64
-fomit-frame-pointer -pipe  -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE
-pthread -I/usr/include/apache2  -I/usr/include/apr-1
-I/usr/include/apr-1 -I/usr/include/db4.5  -c -o /opt/mod_httpbl.lo
/opt/mod_httpbl.c && touch /opt/mod_httpbl.slo
/opt/mod_httpbl.c: In function 'make_simple_http_request':
/opt/mod_httpbl.c:5201: warning: passing argument 4 of
'apr_socket_create' makes integer from pointer without a cast
/opt/mod_httpbl.c:5201: error: too few arguments to function 'apr_socket_create'
/opt/mod_httpbl.c: In function 'replace_email_filter':
/opt/mod_httpbl.c:7311: error: expected ';' before '{' token
apxs:Error: Command failed with rc=65536


Some debugging information:

$ apache2 -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c

$ apache2 -V
Server version: Apache/2.2.4 (Unix)
Server built:   Apr 20 2007 16:50:54
Server's Module Magic Number: 20051115:4
Server loaded:  APR 1.2.8, APR-Util 1.2.8
Compiled using: APR 1.2.8, APR-Util 1.2.8
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/usr"
 -D SUEXEC_BIN="/usr/sbin/suexec2"
 -D DEFAULT_PIDLOG="/var/run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/mime.types"
 -D SERVER_CONFIG_FILE="/etc/httpd.conf"


I tried it on a friend's server (debian/testing) just for the heck of
it (apache 2.2.3):

mod_httpbl.c:7635: error: expected '=', ',', ';', 'asm' or
'__attribute__' before 'httpbl_module'
apxs:Break: Command failed with rc=1


Thanks in advance!

Re: [Httpbl-beta] http:BL For Apache 1.3

[Eric L. <er...@pr...>]

Sam,

We hope to have an Apache 1.3 version of mod_httpbl. At this point we have
not ported the Apache 2 version back to 1.3. Anyone who would like to help
with the port is welcome!

Sorry for the confusion.

[Httpbl-beta] http:BL For Apache 1.3

[Sam C. <sa...@be...>]

Hey,

Thanks, well found the initial problem that i was using the 2.0 version 
but when i went to download the version for apache 1.3 all download 
links direct to the 2.0 version, viewing the revision 1.2 is fine but 
trying to download it just directs to 2.0.

http://httpbl.cvs.sourceforge.net/httpbl/mod_httpbl_for_apache_1.3/mod_httpbl_source/mod_httpbl.c?view=log

Any ideas?

-- 
Sam Cleaver

Re: [Httpbl-beta] Not Compiling

[Eric L. <er...@pr...>]

We plan to release an Apache 1.x version of mod_httpbl in the future, but
currently only have a version for Apache 2x available. 

Sorry for the confusion. The Apache 1 branch in CVS is only a place holder
at the moment.

-- Eric

Re: [Httpbl-beta] Not Compiling

[ZyanKLee <zya...@zy...>]

please do a "apache2 -version" or "apache -version" or "httpd -version"
one of them should work. post the output back to the maillist.

the version for 1.x is to be found at 
http://httpbl.cvs.sourceforge.net/httpbl/

good luck!


Sam Cleaver schrieb:
> Hey,
>
> Ich habe "mod_httpbl_for_apache_2.0" von http://tinyurl.com/29k2ha... 
> bah.
>
> Wo kann ich es für den neuesten Apache 1.x erhalten? (Ich denke, daß 
> ich 1.9… habe)
>
> (Mein Deutsch sind schrecklich, ich komme aus England... hehe)
>
> Danke!
>
> Sam
>

Re: [Httpbl-beta] Not Compiling

[ZyanKLee <zya...@zy...>]

Hey Sam,

Seems like you are missing some files - think they are in the -dev 
packages of apache
try installing them and after that try compiling again.

Or else:
what apache do you have? and which version of http:BL did you download? 
there are two of them - one for apache1.3 and the other for apache2, afaik

Greetz

Sam Cleaver schrieb:
> Hey,
>
> I've followed instructions exactly as they are in the beta test 
> instruction email sent out but i appear to have gotten a compile error, 
> anyone have any ideas how to fix?
>
> Compile Log: http://beaver.pastebin.co.uk/13916
>
> Regards,
>
>   

[Httpbl-beta] 404 at /httpbl_testing/

[ZyanKLee <zya...@zy...>]

had some correspondence with eric, yet.
below is my problem - his answer was:

 > It appears the directive is not being read properly. If you visit
 > http://yourdomain.tld/httpbl_diagnostics/ you should see the test
 > page.


  - Phillip wrote:

Hey maillist,

my installation worked quite well. But with configuring I seem to have
some problems.

I use debian 3.1 with apache2 and plesk8.1.1
my /etc/apache2/httpd.conf looks like this:

LoadModule httpbl_module      /usr/lib/apache2/modules/mod_httpbl.so
<IfModule mod_httpbl.c>
    HTTPBLRBLEnabled    On
    HTTPBLLogDir            /var/log/apache2/
    HTTPBLTestingURL        /httpbl_testing/
    HTTPBLDefaultAction     allow
    HTTPBLAccessKey         'myownkey'
# allow all search engines
HTTPBLRBLReqHandler 255:0-255:0-255:0 allow
# deny any other listed IPs with any "score" that have been active in
the last 30 days
HTTPBLRBLReqHandler 255:0-30:0-255:255 deny
</IfModule>


But when visiting the test-page I get a 404.
There seems to be some documentation needed.

Thanks in advance,

Phillip

[Httpbl-beta] Not Compiling

[Sam C. <sa...@be...>]

Hey,

I've followed instructions exactly as they are in the beta test 
instruction email sent out but i appear to have gotten a compile error, 
anyone have any ideas how to fix?

Compile Log: http://beaver.pastebin.co.uk/13916

Regards,

-- 
Sam Cleaver