Debian Tutorials

Debian Tutorials


Step by step tutorials showing you how to install and configure various applications and services on Debian based Linux distros.

March 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031

Categories


Install mod_spamhaus Apache module to fight comment spam

Ástþór IPÁstþór IP

mod_spamhaus is an Apache module for DNS Block Listing that protects web services by denying access to particular IP addresses. It can stop spam relaying via web form URL injection, and block HTTP DDoS attacks from bot-nets.

It queries sbl-xbl.spamhaus.org, taking advantage of the Spamhaus Block List (SBL) and the Exploits Block List (XBL).

1. Download the latest mod_spamhaus deb package from sid package repository (mod_spamhaus is not available for lenny but we can use the sid package)

wget http://ftp.us.debian.org/debian/pool/main/m/mod-spamhaus/libapache2-mod-spamhaus_0.7-1_i386.deb

This package is for i386. If you are using other architecture, you can find a suitable package on the bottom of this page: http://packages.debian.org/sid/libapache2-mod-spamhaus

2. Install the package

dpkg -i libapache2-mod-spamhaus_0.7-1_i386.deb

Apache is automatically restarted and the module is enabled. If you would like to test the module you can add a line to your hosts file to make it think that your IP address is blocked (pico /etc/hosts)

127.0.0.4 1.0.168.192.sbl-xbl.spamhaus.org

Replace 1.0.168.192 with your IP address and reverse it. The IP address 192.168.0.1 should read 1.0.168.192.

By default, only POST, PUT, OPTIONS, CONNECT methods are blocked. You can add GET to the list of methods blocked in /etc/apache2/mods-enabled/mod-spamhaus.conf to block the spammers from seeing your website.

Comments 1
  • Elodie
    Posted on

    Elodie Elodie

    Author

    Greetings,

    I try to test this error message and ban my IP Adress temporary with your method but it don’t work. I don’t know realy how do it.

    Exemple, my personal IP is 82.240.111.222 and my the IP of my server is 188.165.111.222

    I try on the host of my server this :
    127.0.0.4 222.111.240.82.sbl-xbl.spamhaus.org

    and i go from my personal computer to my website http://188.165.111.222 but the website is OK.

    Why i don’t have the message ?