Re: [mod-security-users] Ideas for future features..
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Ideas for future features..
|
From: Michael S. <mi...@go...> - 2006-02-24 14:53:38
|
Jason Edgecombe wrote: > Zach Roberts wrote: >> I know at least a few of us that use mod_security to enhance security >> in a shared webhosting environment have tried to tackle the problem >> of comment spam. The idea of using mod_security rules to block it >> isn't new. See gotroot.com's blacklist.conf for their attempt at it. >> >> The problem is that the idea of using flatfiles for a blacklist >> cannot possibly be sustained indefinitely as more of this comment >> spam surfaces. Even blocking the robots by IPs will be nearly >> impossible using firewalls or flatfiles as even firewalls will start >> to slow down servers after tens of thousands of IPs are added. > I haven't encountered the problem of too many blacklisted IP's yet. > For that problem, we may want a non-flat-file option such as berkely > db, sqlite or something similar. Even sendmail compiles it's aliases > file. > > The thing I have noticed is that there is no way to reload the file > besides restarting apache. If you don't have firewall access and block > Ip's using mod_security (which I don't), it would be nice to be able > have the file reloaded periodically. something like check for an > updated file every 5 minutes (configurable). For those that are having problems with lots of IPs via the blacklist.conf rules (either as firewall rules, or using mod_security), I am setting up a special set of RBLs for those IPs (spammers, attackers, owned boxes, etc.). This will use a modified mod_access, which will allow for real time lookups of the IPs. rsync access will also be available to the zones for secondaries, and sites that wish to use the IPs for firewalling purposes. |
