Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Evaluate mod_spamhaus and mod_defensible as means against spam #117

Closed
GoogleCodeExporter opened this issue Apr 4, 2015 · 5 comments
Closed

Comments

@GoogleCodeExporter
Copy link

There are currently two Apache modules included in official Ubuntu releases 
which promise to reduce spam: mod_spamhaus [1] and mod_defensible [2].

Both are easily installed and configured but the question remains if they are 
in fact able to reduce spam.

Clearly enabling such module would be an advantage as it shifts responsibility 
from app development to server deployment, thus relieving Antville code.

--
[1] http://sourceforge.net/projects/mod-spamhaus
[2] http://freshmeat.net/projects/mod_defensible

Original issue reported on code.google.com by interf...@p3k.org on 14 Jun 2010 at 7:33

@GoogleCodeExporter
Copy link
Author

mod_spamhaus might in fact reduce the amount of spam (if only by a few percent) 
and if only the IPs of people registering as new users were transferred, it 
might be worth a try, but I would be concerned if the IP of everybody who 
writes a comment had to be transferred to Spamhaus, not matter how reputable 
they are. 

(They also offer an Rsync service [1] that wouldn't require us to share our 
users IPs, but the cheapest license (non-profit organization, 5000 users) would 
cost $925 per year...)

A downside is that Spamhaus is focused on e-mail spam. I found some of the 
antville.org and blogger.de spammers listed at stopforumspam.com, they offer a 
list of IP addresses (used for forum/blog spamming within the last 6 weeks) for 
download [3] and APIs [4] that could be used to check for IPs, usernames and 
email addresses. (As some spammers enter the same username or mail address at 
different sites, some might automatically be prevented from registering.) 


[1] http://www.spamhaustech.com/datafeed/
[2] http://www.spamhaustech.com/datafeed/pricecalculator.lasso
[3] http://www.stopforumspam.com/downloads/bannedips.zip
[4] http://www.stopforumspam.com/apis

Original comment by kinomu.w...@gmail.com on 15 Jun 2010 at 2:58

@GoogleCodeExporter
Copy link
Author

What are the concerns of sending a context-less IP address to spamhaus.org 
compared to sending it as origin to any nameserver for DNS resolution (and 
DNSBL is not much more than that) or, even worse, to e.g. Google whenever a 
site (context!) is using their analytics tool? Is it not merely a small 
trade-off that people would accept for the benefit of reduced spam?

Please do not get me wrong, there are general issues with mass blocking IPs, 
very well subsumed in the Wikipedia entry about DNSBL: 
http://en.wikipedia.org/wiki/DNSBL#Criticisms

But this is a general decision whether to participate in mass blocking IPs or 
not. The fallback still is entering IP addresses into the Apache config (as we 
do right now) and being on our own maintaining these addresses.

Apart from spamhaus.org there are countless other services, one for HTTP 
blocklists I stumbled upon is httpbl.abuse.ch.

Here is a list of services (still mail-focused) and their reliability:
http://www.intra2net.com/en/support/antispam/index.php_sort=accuracy_order=desc.
html

Thanks for the link to stopforumspam.com. The service they provide slightly 
counteracts the motivation of this issue as I remain convinced we should avoid 
implementing code in Antville but use existing services like an Apache module. 

The existence of such a module (in fact: two modules) alone already tells me 
that this might be a proven and worthwhile solution.

Original comment by interf...@p3k.org on 15 Jun 2010 at 7:35

@GoogleCodeExporter
Copy link
Author

Original comment by interf...@p3k.org on 20 Jan 2011 at 11:17

  • Added labels: Milestone-Release-1.3

@GoogleCodeExporter
Copy link
Author

With r4334, the blacklists of botscout.com and stopforumspam.com are checked 
for the IP and email address of people (or spambots) trying to register. 

Original comment by kinomu.w...@gmail.com on 23 Feb 2011 at 6:34

  • Changed state: Verified

@GoogleCodeExporter
Copy link
Author

Original comment by m...@tobischaefer.com on 7 Mar 2015 at 5:59

@p3k p3k modified the milestone: Release 1.3 Apr 7, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants