How To Block Spammers/Hackers With Apache2's mod_spamhaus (Debian Etch)

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Submitted by euronymous (Contact Author) (Forums) on Wed, 2008-09-10 19:16. :: Debian | Apache

How To Block Spammers/Hackers With Apache2's mod_spamhaus (Debian Etch)

mod_spamhaus is an Apache module that uses DNSBL in order to block spam relay via web forms, preventing URL injection, block http DDoS attacks from bots and generally protecting your web service denying access to a known bad IP address.

 

1. Installation

In order to compile mod_spamhaus, you must have apxs2 (APache eXtenSion tool) tool installed.

The follow command will install it:

apt-get install apache2-prefork-dev

Now we need to download the source package present at http://sourceforge.net/projects/mod-spamhaus/ or download it using wget application and this direct link to the repository:

wget http://kent.dl.sourceforge.net/sourceforge/mod-spamhaus/mod_spamhaus05.tar.gz

Next open archive, compile and install module with those commands:

tar zxvf mod_spamhaus05.tar.gz
cd mod-spamhaus
make
make install

You must add LoadModule directive to the main config file of you're web server to load mod_spamhaus module.

vi /etc/apache2/httpd.conf

[...]
LoadModule spamhaus_module   /usr/lib/apache2/modules/mod_spamhaus.so

 

2. Configuration

Before we are able to write our configuration, we should known what directives are supported by mod_spamhaus:

MS_Methods - If the httpd's method used by the visitor match, module verify user's ip address
MS_WhiteList - A simple whitelist file where you can put ip address to bypass
MS_DNS - DNSBL to use. Usefull if you want make a local rbldnsd instance
MS_CacheSize - Number of cached addresses

Now we open config file of our web server in order to write a basic configuration:

vi /etc/apache2/apache2.conf

[...]
<IfModule mod_spamhaus.c>
MS_METHODS POST,PUT,OPTIONS,CONNECT
MS_WhiteList /etc/spamhaus.wl
MS_CacheSize 256
</IfModule>
[...]

Next we create an empty whitelist file:

touch /etc/spamhaus.wl

Finally we restart Apache2:

/etc/init.d/apache2 restart

That's all!

 

3. Links


This page is released into the public domain.
add comment | view as pdf view as pdf | Display a printer-friendly version of this page. print |
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Too bad it assumes you use
Submitted by Spechal (not registered) on Sat, 2008-10-04 00:50.
Too bad it assumes you use apxs2 when you get apxs with yum install httpd and get Apache2
reply | view as pdf view as pdf
Re: Too bad it assumes you use
Submitted by Aurora (registered user) on Fri, 2008-12-19 20:17.

You can create a softlink:

 ln -s /usr/sbin/apxs /usr/sbin/apxs2

reply | view as pdf view as pdf
make install ....apxs:Error:
Submitted by Vassilis (not registered) on Thu, 2008-09-11 14:31.

make install ....

apxs:Error: Activation failed for custom /etc/apache2/httpd.conf file..
apxs:Error: At least one `LoadModule' directive already has to exist..

reply | view as pdf view as pdf
Re: make install ....apxs:Error:
Submitted by Anonymous (not registered) on Thu, 2008-09-18 02:52.
I had the same problem....
reply | view as pdf view as pdf
Re: Re: make install ....apxs:Error:
Submitted by FilipJ (not registered) on Thu, 2009-06-04 13:51.
becouse youha apache2.conf probably. you must write it by hand
reply | view as pdf view as pdf
Sponsored Links: Unified Communications: Thoughts, Strategies and Predictions
Join the discussion.
www.seamlessenterprise.com

IP Convergence
Integrate your wireless and wireline networks.
Learn how from the experts at Sprint.
www.seamlessenterprise.com

Wireless & Wireline Integration
Thoughts, strategies and solutions: join the discussion
www.seamlessenterprise.com

Unified Communications 2009
Join the Discussion. Now.
www.seamlessenterprise.com