Category Archives: Blacklist To Modsec

blacklist_to_modsec 0.0.0

3 Replies

Today, I publicly released a piece of code called ‘blacklist_to_modsec’. This is a fairly simple ***Perl|http://www.perl.org/*** script, with a bit of hastily-written documentation. I’ve been using it for a few weeks now personally, and today on the ***ProNet|http://www.sixapart.com/pronet/*** mailing list, I offered it for public consumption as a possible aid to those who are being deluged by the recent rash of Trackback spam.

What does it do?
Basically, this script takes ***Jay Allen|http://www.jayallen.org/***’s ***Master Blacklist|http://www.jayallen.org/comment_spam/blacklist.txt***, parses it, and converts it into ***mod_security|http://www.modsecurity.org/*** rules. This allows you to block various types of spam before it reaches your website; for me, it has effectively blocked many trackback and comment spams, as well as spams targeted at ***Gallery|http://gallery.menalto.com/*** (the latest up-and-coming trend for spammers). In other words, using mod_security to block spam crosses the boundaries of blogging software; it would help those using ***WordPress|http://www.wordpress.org/*** just as much as it would help those using ***Movable Type|http://www.movabletype.org/***. By integrating this script into your system’s crontab, you won’t need to worry about whether your blacklist is up to date – it will update from the master blacklist as often as you like.

Where do I get it?
If you are interested in finding out a bit more, you can find the documentation (such as it is) and a download link ***here|http://prwdot.org/docs/blacklisttomodsec.html***. The documentation and code are pretty scruffy at the moment, but I’ll work on updating them as I have time.

Please note
You will need to know how to work with ***Apache|http://httpd.apache.org/*** and ***mod_security|http://www.modsecurity.org/*** before using this tool. I’m not providing any assistance on getting those things set up – I will only point you to their websites which contain all of the documentation you should need.

Credit where credit is due

  • ***Jay Allen|http://www.jayallen.org/*** for creating ***MT-Blacklist|http://www.jayallen.org/comment_spam/*** and maintaining the master blacklist.
  • Ivan Ristic for creating ***mod_security|http://www.modsecurity.org/***
  • ***Richard Bowen|http://drbacchus.com/*** for giving me the ***idea|http://drbacchus.com/wordpress/index.php?p=800*** to use mod_security to block comment spam.
  • ***Arvind Satyanarayan|http://www.arvind-satya.com/*** for giving me a ***further nudge|http://www.movalog.com/archives/general/mod_security.php*** in the right direction.

Update
Version 1.0.0 is ***released|http://prwdot.org/archives/002370.html***, with many improvements.