Block Spam, Preventing URL Injection And Block HTTP Attacks With mod_dnsblacklist

mod_dnsblacklist is a Lighttpd module that use DNSBL in order to block spam relay via web forms, preventing URL injection, block http DDoS attacks from bots and generally protecting your web service denying access to a known bad IP address. Official site:

http://www.lucaercoli.it/

To install it you must download the source code and compile by running these commands:

make mod_dnsblacklist.o

gcc -shared -o mod_dnsblacklist.so mod_dnsblacklist.o

/usr/bin/install -c mod_dnsblacklist.so /usr/local/lib/mod_dnsblacklist.so

The module accepts these directives:

dnsblacklist.method
    Syntax:   dnsblacklist.method string
    Supported: GET, POST, HEAD, OPTIONS, PUT and PROPFIND
    Default:  POST

    The HTTP method on which the module acts

dnsblacklist.host
    Syntax:   dnsblacklist.host string
    Default:  sbl-xbl.spamhaus.org

    The address of the DNSBL used

dnsblacklist.message
    Syntax:   dnsblacklist.message string
    Default:  Your IP address is blacklisted!

    Error message displayed to the blocked user

Once installed you will need to enable it editing the Lighttpd's configuration (/etc/lighttpd/lighttpd.conf). Here's an example:

server.modules = (
.....
"mod_dnsblacklist",
......

Finally you must restart the server

/etc/init.d/lighttpd restart

The default configuration will protect you from attacks performed with the POST method such spam relay via web forms and on your blog. To extend the protection and preventing URL injection put this in the configuration of Lighttpd:

dnsblacklist.method "GET,POST"

In order to change the error message shown to blocked users, you can use the directive "dnsblacklist.message" in this way:

dnsblacklist.message "Your custom message"

...and now fly light ;)