[mod-security-users] Ideas for future features..
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Ideas for future features..
|
From: Zach R. <ad...@li...> - 2006-02-23 07:49:57
|
I know at least a few of us that use mod_security to enhance security in a shared webhosting environment have tried to tackle the problem of comment spam. The idea of using mod_security rules to block it isn't new. See gotroot.com's blacklist.conf for their attempt at it. The problem is that the idea of using flatfiles for a blacklist cannot possibly be sustained indefinitely as more of this comment spam surfaces. Even blocking the robots by IPs will be nearly impossible using firewalls or flatfiles as even firewalls will start to slow down servers after tens of thousands of IPs are added. The current solutions for blogs such as WordPress involve running a PHP script that accesses MySQL for each attempt and then blocking it based on certain criteria. While it works for now I would hate to see the day when this type of spam is as common as email spam getting ten attempts per second while attempting to run PHP and MySQL. In my opinion what is needed is support for dnsbl type blacklists. Blar's mod_access_rbl was one attempt at this but, the results aren't cached so it isn't very efficient. A rule such as.. SecFilterSelective "ARG_url" "^(http|https):/" lookup:combined.surbl.org,denyonfail Even a way of mod_security extracting the domain from the arguement and then passing it to the surbl would be even better. Another rule might be.. SecFilterSelective REMOTE_ADDR "regex_to_check_valid_ip" lookup:sbl-xbl.spamhaus.org,denyonfail I think you can see where I'm going with this. Zach |
