blacklist_to_modsec 1.2

I have released version 1.2 of blacklist_to_modsec, my script for parsing blacklist data files and converting them into mod_security|http://www.modsecurity.org/ rules. In this release, I have introduced support for having multiple blacklist sources. You can fetch blacklists via the web, or you can read them from local files. All of your sources will be aggregated and stored into one local blacklist.

Digression There’s a lot of talk these days about website spam. I don’t think that a single tool like blacklist_to_modsec+mod_security can be 100% effective in stopping spam. I would encourage you to check out all of the options, and find the ones that work best for your situation. I think the best part about using blacklist_to_modsec with mod_security is that it can help protect any software running on your web server. Not just Movable Type, not just WordPress, but any dynamic script. Everything on your web server will be sitting behind a single wall of mod_security protection. And you can always install a second line of defense at the application level, if you feel like you need that extra security. Chad Everett has written some excellent Movable Type plugins|http://jayseae.cxliv.org/software.html, and of course Jay Allen, the inspiration for blacklist_to_modsec, wrote MT-Blacklist|http://www.jayallen.org/projects/mt-blacklist/. End Digression

Anyway, if you find this program useful, or have questions, concerns, suggestions, etc… please let me know. If you find it really useful, you can always visit the Stuff Peter Wants|http://prwdot.org/stuff_peter_wants.html page. 🙂

Get more information, documentation, and download the code|http://prwdot.org/docs/blacklisttomodsec.html

If you would like to keep track of updates to blacklist_to_modsec, visit the blacklist_to_modsec category page|http://prwdot.org/archives/cat_blacklist_to_modsec.html, which has a link to the blacklist_to_modsec RSS feed.

2 thoughts on “blacklist_to_modsec 1.2

  1. Mark Carey

    Peter,

    I love the script, using the version prior to 1.2. I use a lot of anit-spam tricks and tools, but the script with mod_security is the only solution that has saved my dedicated server from crashing under the load of repeated spam floods. Thanks!

    The one feature that woul be FANTASTIC is not only to be able to read from local files, but to be able to read the the local MT-Blacklist database. In my MTB database, I have a lot of entries that are not in the master list. I have begin to manually manage a second list of mod_sec rules for some of these that are high-runners on my site. But if the script could read directly from my local MTB database (which includes auto-updates of the master list), that would be perfect — I would only have to maintain one list of rules.

    Previous version of MTB enabled you to publish a list of your MTB database (in the same format as the master list), but the lastest versions (2.0+) do not, unfortunately…. 🙁

    Reply
  2. Peter

    Mark: That’s a terrific idea, and one that I think is certainly do-able! I hadn’t even thought of that. Thanks for the suggestion. 🙂 I’ll work on it when I have the time.

    Reply

Leave a Reply