[clue-tech] Throttling spammers using Apache
Jed S. Baer
thag at frii.com
Sun Sep 18 15:26:45 MDT 2005
Hi folks. Your humble webmaster here.
We're now getting spam to one or more admins submitted via the CLUE
contact form on the website. I have implemented (not in production yet) a
"CAPTCHA' turing-test style filter system, which should pretty well stop
it if it's a bot. Odd that someone would configure a bot to spam the clue
contact form, but hey, we don't really know whether it's a bot or an
actual human.
But I'm also looking for other methods of defeating spammers, particularly
if they're just pounding on the website with a bot. I recall reading in
the IPTABLES docs some stuff about being able to drop IP addresses which
connect, or attempt to connect, at a number higher than some threshold,
within a certain timeframe. And I'm wondering about whether it's feasible
to initiate an IP ban based on something like "more than 5 failures to
pass the CAPTCHA test within 1 minute" from the website code. One thought
I had was to rewrite an .htaccess file on the fly whenever the code
detects a flood. Another thought was to have the website code send a
config command to IPTABLES to drop offending IP addresses. And I'm also
looking for suggestions as to whether there's a way to automate this with
Apache directives. Something like a "mod_throttle" ... if that existed
(oh, I see it does).
Hmmm, I'm finding:
- http://www.cohprog.com/mod_bandwidth.html
- http://dominia.org/djao/limitipconn.html
- http://www.snert.com/Software/mod_throttle/
Any comments on these or other methods?
TIA,
jed
--
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
_______________________________________________
CLUE-tech mailing list
CLUE-tech at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list