> From: Gary [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 27, 2002 1:25 PM
> On Wednesday, November 27, 2002, 11:46 AM, you put forth, in > part, about "[OT] Guestbook spamming": > > E> It's not just guestbooks. My wwwboards have recently been > spammed from > E> multiple sources. I'm being forced to look into authentication > E> mechanism to prevents these a'holes. Why the heck can't they just > E> leave us alone? My spam hasn't been casino-related yet, > but I suppose > E> it's coming :-(. wwwboard was also written by Matt Wright. > > This really ticks me off.. it never ends. > > E> I haven't seen the guestbook application, but if it's > automated tools > E> that are going after it, then a simple extra page requesting > E> confirmation might do the job to deter them. That's just a hack of > E> course... > > I might have a solution. JD Bernstein's programs, > specifically tcpserver. > I use qmail and djbdns, which work under the tcpsever, but you can set > tcpserver to run by itself without associated programs. > Tcpserver listens > for connections from tcpclient, which is also part of > ucspi-tcp. Then it > runs programs as defined by command-line variables, or by > rulesets stored > in the cdb, constant database. This is created with the > tcprules program, > instead of using xinetd. You can bind this to any port, > unlike xinetd. > So, just set up a cdb (machine code database), for IP > addresses for known > spammer IP blocks. I have a 1.3mb cdb that I use for port 25, > RBLSMTPD, in > addition to realtime RBLs. Denies spammers at the port. Works > great. Key > is, it must be used for TCP, not UDP. So, I think it will > work well on > port 80 for spammers. > > What I am saying is you can fine tune any of your TCP > connections for any > incoming traffic for any service. Your tcpserver db could > have something > like i.e. 211.150.6-24:deny. Once you have your IP addresses > entered in a > file, just do a make cdb and that's it. > > More info here on the tcpserver and its capabilities: > > http://networking.earthweb.com/netos/article/0,,12083_1547241,00.html Hmm.... in my case, with my Guestbook being spammed, I'm think this approach won't work, as the server is behind a NAT firewall, and the site in question isn't even externally running on port 80.... it's a high port (8080, IIRC) which I port forward to port 81 on the server. The addresses I've been hit by are dialups, and even the EXACT message is different, BUT the contents are basically the same... something like <b>Nice site. Check out mine <a href="http://www.onlinecasino123.com";>Online Cas ino</a> review site.</b><b> <a href="http://www.onlinecasino123.com";>Online Casino</a> <<a href="mailto:w [EMAIL PROTECTED]">[EMAIL PROTECTED]</a>><br> (And I'm not trying to protect the fricking guilty... add these and [EMAIL PROTECTED] and [EMAIL PROTECTED] as SPAM sources, suitable for being put on NUMEROUS webpages to be picked up by SPAM bots.) The key here is in the way the thing is worded... I can do a check, perhaps, for ">Online Casino<" as a string that, if detected, I automatically dump the message in the bit bucket over.... On the other hand, it WOULD be very handy to have a Spam Assassin plugin to handle this stuff too... Bill Ward -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
