This shouldn’t be news to anyone – but Referrer and Comment spammers are a real pain in the a*se. Polluting my web logs and making any meaningful log analysis problematic.
So, I now have an itch to scratch and I’m going to do something about it. I would encourage you, the reader, to do something about it too.
Firstly, get yourself over to Project Honey Pot and read up on the project. If you can, set up a Honey Pot or two yourself. Also be sure to read about the http:BL – this works along similar lines to the DNS blacklists used for Email spammers.
Next, I’m going to write a general Apache mod_perl module which will provide integration (lookup) to the http:BL and allow the user to “action”* the abusers. Minimally, it will prevent the normal apache log files from being polluted by diverting the log entries to a httpbl logfile.
* “action” – To provide flexibility, I’m thinking of running an external script with the IP of the abuser. The script can then perform any action you wish. The one I’m going for is an iptables firewall block.
Comments and suggestions welcome.
Project Honey Pot has implementations for several languages, including PHP and Perl (the languages that mean most to me). There may be an implementation for your Web application so you might not be interested in what I’m doing at all