Re: [Httpbl-beta] Getting help

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ive changed my apache config, hard to determine if it helps but 
"luckely" enough Ive got plenty of comment spammers so Ill know by 
tomorrow :)

Will there be any information in the log when a comment spammer get 
"rejected" with httpbl?

The line was copy-pasted. In the initial mail "Welcome to the mod_httpbl 
Beta Program" I got an attachment with "Apache HTTP Server Version 2.2" 
which in the first page states

# To get you up and running quickly, here is an example block of directives
HTTPBLRBLEnabled On
HTTPBLAccessKey*** get this from your Project Honey Pot account (free to 
register) ***
HTTPBLDefaultAction Allow
# allow all search engines
HTTPBLRBLReqHandler 255:0-255:0-255:0 allow
# deny any other listed IPs with any "score" that have been active in 
the last 30 days
HTTPBLRBLReqHandler 255:0-30:0-255:255 deny

Thanks
/Anders

David Wortham wrote:
> Anders,
>   We are pleased that you have decided to help us test mod_httpbl.
> 
>   I believe your module is working well.  Your top 3 diagnostics tests look
> good and those are the only tests which are coded into the module right 
> now.
> 
>   You want to remove the line "HTTPBLRBLReqHandler 255:0-255:0-255:0 allow"
> from your configurations if you want to filter out any IPs.  This line
> explicitly allows all IPs access to any page in this directory before any
> other checks are done.
> 
> "HTTPBLRBLReqHandler 255:0-255:0-255:0 allow" sets permissions for any
> visitor's IP to visit any page in this directory block (of XML).
> Setting this as the first HTTPBLRBLReqHandler causes all requests to be
> _allowed_ (which is not what you want if you want to filter known threat 
> IPs
> from accessing these pages).
> Setting this as the last HTTPBLRBLReqHandler causes all requests to default
> (fall back) to _allowed_ (which would be the same thing
> as"HTTPBLDefaultAction allow").
> All HTTPBLRBLReqHandler are tested top-to-bottom from most specific (files
> and directories) to more general (Virtual Hosts and Servers) scope.
> 
> Am I correct in assuming you copy-pasted your HTTPBLRBLReqHandler from
> somewhere?  Could you tell me where you got your initial configuration 
> lines
> from?
> I think I should rewrite something to explain the definition of this line
> more clear to new users.
> 
> Hope this helps.
> 
> Regards,
> Dave
> 
> 
> 
> 
> 
> On 5/30/07, A. Runeson <ar...@et...> wrote:
>>
>> Hello
>> Ive got troubles with getting the mod_httbl working and don't really
>> know where to get help, if I'm of then please point me in the right
>> direction.
>>
>>
>> I got the module to compile and installed.
>> In my apache-vhost-conf I have:
>>
>>          <IfModule mod_httpbl.c>
>>             HTTPBLRBLEnabled    On
>>             HTTPBLLogDir            /var/log/apache2/httpbl/
>>             HTTPBLTestingURL        /httpbl_diagnostics/
>>             HTTPBLDefaultAction     allow
>>             HTTPBLAccessKey         theoneIgotfromprojecthoneypot
>>             HTTPBLReposDir          /tmp/
>>          </IfModule>
>>
>> and then
>>          <Directory /mnt/webserver/www/htdocs/gallery>
>>                  AllowOverride FileInfo Options
>>                  HTTPBLRBLEnabled On
>>                  HTTPBLDefaultAction allow
>>                  HTTPBLDefaultAction     allow
>>                  HTTPBLRBLReqHandler 255:0-255:0-255:0 allow
>>                  HTTPBLRBLReqHandler 255:0-100:0-255:255 deny
>>          </Directory>
>>
>> I got the diagnostics testing to show up in apache.
>> [ + ]   Write to the log directory (/var/log/apache2/httpbl/)
>> [ + ]   Write to the repos directory (/tmp/)
>> [ + ]   Resolve and reach the RBL domain (www.projecthoneypot.org)
>> [ * ]   Authenticate with the Project Honey Pot RBL (*.dave.httpbl.org)
>> [ * ]   Submit 404 data to the server
>> (http://192.168.3.100:11000/record_404.php)
>> [ * ]   Submit POST data to the server
>> (http://192.168.3.100:11000/record_post.php)
>> [ * ]   Query for honeypots 
>> (http://hpr1.projecthoneypot.org/cgi/serve.php
>> )
>>
>> Seems to me like all is well.
>>
>> The problem is that I still get gallery spam commenters, for example
>> today from ip 163.178.90.130 and when checking this ip in project
>> honeypot its tagged as evil.
>>
>> Should I try debugmode in the apache module? Or have I done something
>> obviously wrong?
>> My apache server tag is
>> Apache/2.0.55 (Ubuntu) DAV/2 SVN/1.3.1 PHP/5.1.2 mod_ssl/2.0.55
>> OpenSSL/0.9.8a
>>
>> The log-dir is empty except for an empty httpbl_diagnostics_test.txt
>>
>> Regards
>> Anders Runeson
>>