[clue-tech] Throttling spammers using Apache

[dhahn]

Jed S. Baer wrote:

>[snip]
>
>But I'm also looking for other methods of defeating spammers, particularly
>if they're just pounding on the website with a bot. I recall reading in
>the IPTABLES docs some stuff about being able to drop IP addresses which
>connect, or attempt to connect, at a number higher than some threshold,
>within a certain timeframe. And I'm wondering about whether it's feasible
>to initiate an IP ban based on something like "more than 5 failures to
>pass the CAPTCHA test within 1 minute" from the website code. One thought
>I had was to rewrite an .htaccess file on the fly whenever the code
>detects a flood. Another thought was to have the website code send a
>config command to IPTABLES to drop offending IP addresses. And I'm also
>looking for suggestions as to whether there's a way to automate this with
>Apache directives. Something like a "mod_throttle" ... if that existed
>(oh, I see it does).
>
>  
>
Jed,

The IPTables based way of dropping someone will be one a packet basis 
only - not aware of the page they are hitting.  So, in order to do this, 
you would need to have a web aware process, such as the page, control 
IPTables.  (Don't think we really want the Apache processing having that 
much control over a security process.)

I think it may be easier to integrate a little test into the website 
that just keeps a few stats locally and blows them out when they 
expire.  (1 minute, 2 minutes, 5 minutes, etc).  That way we're not 
messing with the routing and keeping the code local the individual 
page(s) that we would like to effect.

If you're interested, let me know and I'll help out with the coding on it.

-d

_______________________________________________
CLUE-tech mailing list
CLUE-tech at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-tech