How To Block Spammers/Hackers With mod_defensible On Apache2 (Debian Etch)
Version 1.0
Author: Falko Timme
mod_defensible is an Apache 2.x module intended to block spammers/hackers/script kiddies using DNSBL servers. It will look at the client IP and check it in one or several DNSBL servers and return a 403 Forbidden page to the client. This guide shows how to install and use it with Apache 2 on a Debian Etch server.
I do not issue any guarantee that this will work for you!
1 Installing Apache2 And mod_defensible
Unfortunately libapache2-mod-defensible is available as a Debian package only for Debian Lenny (testing) and Sid (unstable), but not for Etch. Therefore we will install the libapache2-mod-defensible package from Lenny. To do this, open /etc/apt/sources.list and add the line deb http://ftp2.de.debian.org/debian/ lenny main; your /etc/apt/sources.list could then look like this:
vi /etc/apt/sources.list
deb http://ftp2.de.debian.org/debian/ etch main deb-src http://ftp2.de.debian.org/debian/ etch main deb http://ftp2.de.debian.org/debian/ lenny main deb http://security.debian.org/ etch/updates main contrib deb-src http://security.debian.org/ etch/updates main contrib |
Of course (in order not to mess up our system), we want to install packages from Lenny only if there's no appropriate package from Etch - if there are packages from Etch and Lenny, we want to install the one from Etch. To do this, we give packages from Etch a higher priority in /etc/apt/preferences:
vi /etc/apt/preferences
Package: * Pin: release a=etch Pin-Priority: 700 Package: * Pin: release a=lenny Pin-Priority: 650 |
(The terms etch and lenny refer to the appropriate terms in /etc/apt/sources.list; if you're using stable and testing there, you must use stable and testing instead of etch and lenny in /etc/apt/preferences as well.)
Afterwards, we update our packages database:
apt-get update
If you're getting an error like this:
Segmentation faultsts... 96%
or this one:
E: Dynamic MMap ran out of room
open /etc/apt/apt.conf and add a line for APT::Cache-Limit with a very high value, e.g. like this:
vi /etc/apt/apt.conf
APT::Cache-Limit "100000000"; |
Then run
apt-get update
again and upgrade the installed packages:
apt-get upgrade
(If you see any questions, you can accept the default values.)
To install Apache2 with mod_defensible, we run:
apt-get install apache2 libapache2-mod-defensible libudns0
Afterwards, enable mod_defensible:
a2enmod defensible
Reload Apache:
/etc/init.d/apache2 force-reload
2 Configuring mod_defensible
Open /etc/apache2/apache2.conf and go to the end where the virtual hosts are configured, and put the mod_defensible configuration right before the virtual hosts:
vi /etc/apache2/apache2.conf
[...] # Include generic snippets of statements Include /etc/apache2/conf.d/ DnsblUse On DnsblServers httpbl.abuse.ch sbl-xbl.spamhaus.org DnsblNameserver 145.253.2.75 # Include the virtual host configurations: Include /etc/apache2/sites-enabled/ |
DnsblUse On enables mod_defensible; the DnsblServers line lists the blacklists you want to use (e.g. httpbl.abuse.ch and sbl-xbl.spamhaus.org), and the DnsblNameserver line defines the DNS server that mod_defensible will use to look up hosts (I found that Apache takes forever to serve pages if you don't specify the DnsblNameserver line).
Restart Apache afterwards:
/etc/init.d/apache2 restart
That's it. If an IP address which is blacklisted tries to access your webserver, it will receive an HTTP error 403.
3 Links
- Apache: http://httpd.apache.org
- Debian: http://www.debian.org
- mod_defensible: http://julien.danjou.info/mod_defensible.html