How To Block Spammers/Hackers With mod_defensible On Apache2 (Debian Etch)

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 06/13/2008

mod_defensible is an Apache 2.x module intended to block spammers/hackers/script kiddies using DNSBL servers. It will look at the client IP and check it in one or several DNSBL servers and return a 403 Forbidden page to the client. This guide shows how to install and use it with Apache 2 on a Debian Etch server.

I do not issue any guarantee that this will work for you!

1 Installing Apache2 And mod_defensible

Unfortunately libapache2-mod-defensible is available as a Debian package only for Debian Lenny (testing) and Sid (unstable), but not for Etch. Therefore we will install the libapache2-mod-defensible package from Lenny. To do this, open /etc/apt/sources.list and add the line deb http://ftp2.de.debian.org/debian/ lenny main; your /etc/apt/sources.list could then look like this:

vi /etc/apt/sources.list

deb http://ftp2.de.debian.org/debian/ etch main
deb-src http://ftp2.de.debian.org/debian/ etch main

deb http://ftp2.de.debian.org/debian/ lenny main

deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib

Of course (in order not to mess up our system), we want to install packages from Lenny only if there's no appropriate package from Etch - if there are packages from Etch and Lenny, we want to install the one from Etch. To do this, we give packages from Etch a higher priority in /etc/apt/preferences:

vi /etc/apt/preferences

Package: *
Pin: release a=etch
Pin-Priority: 700

Package: *
Pin: release a=lenny
Pin-Priority: 650

(The terms etch and lenny refer to the appropriate terms in /etc/apt/sources.list; if you're using stable and testing there, you must use stable and testing instead of etch and lenny in /etc/apt/preferences as well.)

Afterwards, we update our packages database:

apt-get update

If you're getting an error like this:

Segmentation faultsts... 96%

or this one:

E: Dynamic MMap ran out of room

open /etc/apt/apt.conf and add a line for APT::Cache-Limit with a very high value, e.g. like this:

vi /etc/apt/apt.conf

APT::Cache-Limit "100000000";

Then run

apt-get update

again and upgrade the installed packages:

apt-get upgrade

(If you see any questions, you can accept the default values.)

To install Apache2 with mod_defensible, we run:

apt-get install apache2 libapache2-mod-defensible libudns0

Afterwards, enable mod_defensible:

a2enmod defensible

Reload Apache:

/etc/init.d/apache2 force-reload

2 Configuring mod_defensible

Open /etc/apache2/apache2.conf and go to the end where the virtual hosts are configured, and put the mod_defensible configuration right before the virtual hosts:

vi /etc/apache2/apache2.conf

[...]
# Include generic snippets of statements
Include /etc/apache2/conf.d/

DnsblUse On
DnsblServers httpbl.abuse.ch sbl-xbl.spamhaus.org
DnsblNameserver 145.253.2.75

# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/

DnsblUse On enables mod_defensible; the DnsblServers line lists the blacklists you want to use (e.g. httpbl.abuse.ch and sbl-xbl.spamhaus.org), and the DnsblNameserver line defines the DNS server that mod_defensible will use to look up hosts (I found that Apache takes forever to serve pages if you don't specify the DnsblNameserver line).

Restart Apache afterwards:

/etc/init.d/apache2 restart

That's it. If an IP address which is blacklisted tries to access your webserver, it will receive an HTTP error 403.

3 Links

• Apache: http://httpd.apache.org
• Debian: http://www.debian.org
• mod_defensible: http://julien.danjou.info/mod_defensible.html