https://inliniac.net/blog/tag/comment-spam/ Recent content in Comment-Spam on Inliniac Hugo en Fri, 23 Apr 2010 10:23:20 +0000 https://inliniac.net/blog/2010/04/23/removing-trac-ticket-comment-spam-in-debian-lenny/ Fri, 23 Apr 2010 10:23:20 +0000 https://inliniac.net/blog/2010/04/23/removing-trac-ticket-comment-spam-in-debian-lenny/ <p>The Vuurmuur website runs Trac and overall I&rsquo;m pretty happy with it. The only thing that Trac doesn&rsquo;t do well, is dealing with spammers. Spammers target Trac a lot, so that&rsquo;s a real problem.</p> <p>To prevent spammers from making it through, I run <a href="http://projects.otaku42.de/wiki/ScallyWhack">Scallywhack</a> and a number of custom ModSecurity rules. So far, spams only made it through as new tickets in the ticket tracker, so I installed the <a href="http://trac-hacks.org/wiki/TicketDeletePlugin">TicketDeletePlugin</a>.</p> <p>Yesterday, I saw the first spam as a comment to an existing and valid ticket. Like tickets themselves, ticket comments can not be removed by Trac by default. Luckily, upstream Trac seems to have fixed this. I&rsquo;m running Debian&rsquo;s version of Trac 0.11.1 however, so I decided to patch that. The patches in the Trac ticket <a href="http://trac.edgewall.org/ticket/454">#454</a> didn&rsquo;t apply cleanly, so I had to patch it manually. To save others the work, it&rsquo;s available here: <a href="http://www.inliniac.net/files/trac_0.11.1-debian-comment_edit.patch">http://www.inliniac.net/files/trac_0.11.1-debian-comment_edit.patch</a></p> https://inliniac.net/blog/2007/03/01/update-on-using-realtime-blacklists-with-modsecurity/ Thu, 01 Mar 2007 08:04:55 +0000 https://inliniac.net/blog/2007/03/01/update-on-using-realtime-blacklists-with-modsecurity/ <p>A few days ago I posted a blog article about stopping comment spam with ModSecurity using realtime blacklists (rbl). While the approach was working, I noted having problems with rules when I tried to match on POST methods in HTTP requests.</p> <p>Luckily, ModSecurity creator Ivan Ristic was quick to point out where the problem is. I&rsquo;m using the Core Ruleset for ModSecurity, and one thing that ruleset does is use the &rsquo;lowercase&rsquo; transformation. This converts all text from arguments to lowercase, so my ^POST$ match would never be able to match. So like Ivan suggested, using ^post$ solved this part.</p> https://inliniac.net/blog/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/ Thu, 22 Feb 2007 22:25:45 +0000 https://inliniac.net/blog/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/ Spammers are known to use compromised hosts from all over the world to send their messages. Many people are blocking or scoring email spam based on realtime blacklist (rbl), which contain ipaddresses of these known bad hosts. In my experience this works fairly well for email. A while ago I noticed in the ModSecurity documentation for version 2.0 that ModSecurity features an operator called <a href="http://modsecurity.org/documentation/modsecurity-apache/2.1.0-rc6/html-multipage/08-operators.html#N11490">rbl</a>, that can be used to check the ipaddress of a visitor with a rbl. So I decided to see if I could use the realtime blacklists to prevent comment spam on my blog. Turns out this works great! In this post I&rsquo;ll show how to get it working.