[clue-tech] Throttling spammers using Apache
dhahn
dhahn at dhahn.com
Mon Sep 19 08:57:26 MDT 2005
Jed S. Baer wrote:
>[snip]
>
>But I'm also looking for other methods of defeating spammers, particularly
>if they're just pounding on the website with a bot. I recall reading in
>the IPTABLES docs some stuff about being able to drop IP addresses which
>connect, or attempt to connect, at a number higher than some threshold,
>within a certain timeframe. And I'm wondering about whether it's feasible
>to initiate an IP ban based on something like "more than 5 failures to
>pass the CAPTCHA test within 1 minute" from the website code. One thought
>I had was to rewrite an .htaccess file on the fly whenever the code
>detects a flood. Another thought was to have the website code send a
>config command to IPTABLES to drop offending IP addresses. And I'm also
>looking for suggestions as to whether there's a way to automate this with
>Apache directives. Something like a "mod_throttle" ... if that existed
>(oh, I see it does).
>
>
>
Jed,
The IPTables based way of dropping someone will be one a packet basis
only - not aware of the page they are hitting. So, in order to do this,
you would need to have a web aware process, such as the page, control
IPTables. (Don't think we really want the Apache processing having that
much control over a security process.)
I think it may be easier to integrate a little test into the website
that just keeps a few stats locally and blows them out when they
expire. (1 minute, 2 minutes, 5 minutes, etc). That way we're not
messing with the routing and keeping the code local the individual
page(s) that we would like to effect.
If you're interested, let me know and I'll help out with the coding on it.
-d
_______________________________________________
CLUE-tech mailing list
CLUE-tech at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list