Comments on: Testing a new spam blocker

By: geek ramblings » SpamValve update

geek ramblings » SpamValve update — Fri, 06 May 2005 14:15:33 +0000

[...] gal @ 10:13 am
I’ve been pretty busy at work, so I haven’t done much more work on my auto-firewall code in the past couple of days. But it seems to be holding [...]

By: Dougal

Dougal — Thu, 05 May 2005 17:41:38 +0000

This is completely different from what SpamKarma does. I’m using an external tool to block repeated spam attempts at the TCP/IP level, before the web server ever sees the packets. This reduces load on the server, because Apache/PHP/MySQL never even know that any kind of request was even attempted.

However, my method still relies on the existing systems to identify the first few spam attempts. Once a particular host has attempted too many spammy things, it gets blocked by the firewall, and nothing else on the machine is going to see any kind of traffic from that source until the block expires.

So, SpamKarma (or any other spam detection tools) could be a part of an overall strategy along with my tools.

By: Thomas Cloer

Thomas Cloer — Thu, 05 May 2005 15:41:32 +0000

Why reinvent the wheel? Spam Karma 2 in combination with Referrer Karma, both from drDave kills them all. I’ve been running them on my site for quite a while and nothing even comes close. You might want to check them out…

But maybe you already know Dave’s plug-ins and think that you’ve come up with a simpler or better concept. Then i would of course love to test yours.

Best regards, Thomas

By: Dougal

Dougal — Wed, 04 May 2005 20:27:49 +0000

The main scripts (ipupdate and ipmanage) are coded in Perl. It’s really a very simple bit of code. The main tricky bit is parsing out the current firewall rules. And that’s really not hard at all.

The main thing that’s going to keep other people from using my code is that it requires your web server to have firewall support, and it requires you to have root access (in order to manipulate the firewall rules).

On the ‘pro’ side, an admin with the resources could modify it to distribute things a bit. You could have instances of the ipupdate piece running on different hosts, triggered by multiple services (web, mail, security logs, etc). They could all be configured to send updates to a common database. And they could also be modified to retrieve firewall state information from another, possibly centralized, source (like a border router).

By: w00kie

w00kie — Wed, 04 May 2005 18:56:23 +0000

what kind of language are you using for these scripts of yours?

By: Dougal

Dougal — Wed, 04 May 2005 15:29:39 +0000

Update: There are currently over 150 IP numbers in the database. 84 rules in the firewall. 77 of those are repeat offenders. Approxminately 10,000 spam attempts blocked. Woot.