Comments on How To Block Spammers/Hackers With mod_defensible On Apache2 (Debian Etch)

How To Block Spammers/Hackers With mod_defensible On Apache2 (Debian Etch) mod_defensible is an Apache 2.x module intended to block spammers/hackers/script kiddies using DNSBL servers. It will look at the client IP and check it in one or several DNSBL servers and return a 403 Forbidden page to the client. This guide shows how to install and use it with Apache 2 on a Debian Etch server.

7 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By:

Hey Falko!

 Great info as always!

 Are you using this setup in production?

Looking over it I'm wondering what kind of slow down your seeing on user response times because of the lookups.

Have you noticed a slow down?  Or is it more a matter of a tradeoff between response time and security?

 

By:

I agree wit tfunky, great article, it's always better to tackle security issues at the source rather than dealing with it after-the-fact.

I also agree that there are probably issues with security vs performance and wonder if there are major performance drawbacks using this technique. If so, are there options such as caching the blacklist locally.

Again, a great and useful article.

By:

Nice howto Falco!

I notice a little delay when I access my webserver from local lan. I shall try later from work to see if there is too much or if it's acceptable accessing from wan.

Thanks for sharing! :)

By:

Ok, now I am using Debian Lenny in a production environment. (No lectures about this please). But I installed the mod_defensible using apt-get. The followed this how for the configuration stuff. But it slowed do wed access to a crawl, so slow it was totally unusable. I saw the references on this howto and tried http://julien.danjou.info/mod_defensible.html and used his config, same story; too slow. Then I tried the sid mod_defensible package with both configs. Twice I get the same results. No responce from the server. I tried again with wireshark. the server recieves the HTTP requests but never responds. The machine the web server is on is a 1.8Ghz P4 HT w/ 1.5GB ram and a raptor SATA drive with 16MB cache. Running Debian Lenny with a custom 2.6.26-1 kernel. Any ideas on fixing the slow down? Are the lenny/sid packages broken?

By:

The last link for mod_defensible has been updated since this article was posted.  The corrected link is:

 mod_defensible:  http://julien.danjou.info/mod_defensible/

By:

I have this totorial use on lenny server . Alll looks ok. I have some Problem with the Dnsblserver.

I have change the line to this

 DnsblServers httpbl.abuse.ch

 than run it

By: Anonymous

Comment: I am not asking for help:

Invalid command 'DnsblNameserver', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.

 

I removed  DnsblNameserver and configtest ran OK.