the wiki that I'm hosting ( pdxipedia ) got a nice annoying spam infection. Mediawiki may be the world class software behind Wikipedia, but out of the box it's spambait. We're lucky only one got in (Hi, 194.165.42.59 ! How are things in [consults GeoIP], uh, Saudi Arabia? How's the business of ... jeeze these spams seem to be total nonsense ... search engine disruption? )
Today, I signed up for Project Honeypot, which keeps a blacklist of spammers. There's a plugin for Mediawiki that redirects known spammers away, and it's also supposed to have invisible honeypot links to ensnare unknown robots. The link generation is buggy though, so I'm not brimming with confidence about the whole thing.
So I wrote a script that runs through my Lighttpd access.log files (it probably would work for apache, too), and checks IPs of all the recent visitors against the Project Honeypot blacklist. If there's a match, I use iptables to block that IP. I've got it running once a minute -- that's still enough time for a fast bot to do some damage -- so it's not really going to be a complete solution, but it could potentially prevent denial-of-service caused by a persistent bot.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment