https://inliniac.net/blog/tag/rbl/ Recent content in Rbl on Inliniac Hugo en Thu, 01 Mar 2007 08:04:55 +0000 https://inliniac.net/blog/2007/03/01/update-on-using-realtime-blacklists-with-modsecurity/ Thu, 01 Mar 2007 08:04:55 +0000 https://inliniac.net/blog/2007/03/01/update-on-using-realtime-blacklists-with-modsecurity/ <p>A few days ago I posted a blog article about stopping comment spam with ModSecurity using realtime blacklists (rbl). While the approach was working, I noted having problems with rules when I tried to match on POST methods in HTTP requests.</p> <p>Luckily, ModSecurity creator Ivan Ristic was quick to point out where the problem is. I&rsquo;m using the Core Ruleset for ModSecurity, and one thing that ruleset does is use the &rsquo;lowercase&rsquo; transformation. This converts all text from arguments to lowercase, so my ^POST$ match would never be able to match. So like Ivan suggested, using ^post$ solved this part.</p> https://inliniac.net/blog/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/ Thu, 22 Feb 2007 22:25:45 +0000 https://inliniac.net/blog/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/ Spammers are known to use compromised hosts from all over the world to send their messages. Many people are blocking or scoring email spam based on realtime blacklist (rbl), which contain ipaddresses of these known bad hosts. In my experience this works fairly well for email. A while ago I noticed in the ModSecurity documentation for version 2.0 that ModSecurity features an operator called <a href="http://modsecurity.org/documentation/modsecurity-apache/2.1.0-rc6/html-multipage/08-operators.html#N11490">rbl</a>, that can be used to check the ipaddress of a visitor with a rbl. So I decided to see if I could use the realtime blacklists to prevent comment spam on my blog. Turns out this works great! In this post I&rsquo;ll show how to get it working.