Monthly Archives: February 2005

blacklist_to_modsec 0.0.0

3 Replies

Today, I publicly released a piece of code called ‘blacklist_to_modsec’. This is a fairly simple ***Perl|http://www.perl.org/*** script, with a bit of hastily-written documentation. I’ve been using it for a few weeks now personally, and today on the ***ProNet|http://www.sixapart.com/pronet/*** mailing list, I offered it for public consumption as a possible aid to those who are being deluged by the recent rash of Trackback spam.

What does it do?
Basically, this script takes ***Jay Allen|http://www.jayallen.org/***’s ***Master Blacklist|http://www.jayallen.org/comment_spam/blacklist.txt***, parses it, and converts it into ***mod_security|http://www.modsecurity.org/*** rules. This allows you to block various types of spam before it reaches your website; for me, it has effectively blocked many trackback and comment spams, as well as spams targeted at ***Gallery|http://gallery.menalto.com/*** (the latest up-and-coming trend for spammers). In other words, using mod_security to block spam crosses the boundaries of blogging software; it would help those using ***WordPress|http://www.wordpress.org/*** just as much as it would help those using ***Movable Type|http://www.movabletype.org/***. By integrating this script into your system’s crontab, you won’t need to worry about whether your blacklist is up to date – it will update from the master blacklist as often as you like.

Where do I get it?
If you are interested in finding out a bit more, you can find the documentation (such as it is) and a download link ***here|http://prwdot.org/docs/blacklisttomodsec.html***. The documentation and code are pretty scruffy at the moment, but I’ll work on updating them as I have time.

Please note
You will need to know how to work with ***Apache|http://httpd.apache.org/*** and ***mod_security|http://www.modsecurity.org/*** before using this tool. I’m not providing any assistance on getting those things set up – I will only point you to their websites which contain all of the documentation you should need.

Credit where credit is due

  • ***Jay Allen|http://www.jayallen.org/*** for creating ***MT-Blacklist|http://www.jayallen.org/comment_spam/*** and maintaining the master blacklist.
  • Ivan Ristic for creating ***mod_security|http://www.modsecurity.org/***
  • ***Richard Bowen|http://drbacchus.com/*** for giving me the ***idea|http://drbacchus.com/wordpress/index.php?p=800*** to use mod_security to block comment spam.
  • ***Arvind Satyanarayan|http://www.arvind-satya.com/*** for giving me a ***further nudge|http://www.movalog.com/archives/general/mod_security.php*** in the right direction.

Update
Version 1.0.0 is ***released|http://prwdot.org/archives/002370.html***, with many improvements.

Well Met

Leave a reply

Last night’s meetup was, like the December meetup, a very fun experience. This time we met at Christopher’s in Porter Square instead of Grendel’s Den in Harvard Square. Both places make very good hamburgers – last night I had a “Burgah” with carmelized onions, thick juicy bacon, and tangy jack cheese. Yum.

I also got to meet a lot of interesting people:

qqq|

***Anonymous|http://peacebang.blogspot.com/***, a minister who keeps a blog, but is keeping it secret from her congregation. Not because there’s anything ‘bad’ about it, just to keep some privacy between her and the congregation and to give herself some space to post her thoughts.

***Joshua Darden|http://www.joshuadarden.com/***, a typeface designer working from Brooklyn, NY, but up to visit his friend and colleague, ***Susan Kaup|http://www.sooz.com/*** (also present at the meeting). He told me about some interesting projects he’s worked on, including designing a custom typeface for a newspaper’s printing presses. Joshua is also a Mac user.

Dermot O’Rourke, a charming gentleman from the Old Country, who is currently a visiting scientist at MIT’s Clinical Research Center. We discussed topics ranging from taking long driving trips, to the different meanings of “By-The-Sea” in the names of European towns as opposed to American towns. (For example, Manchester-by-the-sea in Massachusetts carries an image of upscale living, sophistication, and desirable real estate. Cardiff-by-the-sea in Great Britain, on the other hand, was a fairly rough town and not at all the image of sophistication that ‘by-the-sea’ projects in America)

***Mary Bridges|http://cyber.law.harvard.edu/home/mary_bridges***, a freelance journalist working for the Boston Globe. She was present to do some research for an article. The Globe has recently done some articles on Meetups, so I’m not sure if she’s working on another Meetup article, or something about blogging, or maybe both. (It’s been a couple of years now since my name was in the Boston Globe – last time was when the iTunes Music Store first opened, and I was quoted along with some other local Mac users. Who knows, maybe I’ll make it in again – though I was hardly one of the more interesting folks at the meetup.)

***Jared Dunn|http://www.jareddunn.org/***, yet another Mac user, who I had met at the last Meetup. He works as a lab manager in ***MIT|http://web.mit.edu/***’s Picower center, and is also a freelance web developer.

|qqq

There were a bunch of people down at the other end of the table, who I unfortunately didn’t get a chance to talk to: ***Rob Sama|http://www.robsama.com/***, Clair Degutis, ***Steve Garfield|http://www.stevegarfield.com/***, and ***Susan Kaup|http://www.sooz.com/***. Hopefully at the next meetup, our seats will be shuffled around a bit so that it’s easier to chat with other folks. Also, I at least have their blogs on my blogroll now, so I’ll be able to stay up to date.

I’ve got some photos from last night ***here|http://gallery.prwdot.org/boston_blogger_meetup_20050131***. Meetups are a lot of fun, and I’d highly encourage everyone to check out the ***Meetup website|http://www.meetup.com/***. Find some Meetups in your area, meet some new people, network, whatever. It’s a blast. And maybe I’ll see you at the next Boston Weblogger Meetup!