2007-08-23 15:32
by Vasil KolevSomething useful – SpamHaus DROP list.
In short, a list with networks that are either hijacked or are used ONLY by spammers. The traffic for such networks can only be dropped.
I did the experiment on marla and on a company machine and found some forum spammers :) Here’s a fun pick from the user-agents for a few days:
xxxx:/var/log/apache# grep 85.255.120.58 site1/access_log |cut -d " -f 6|sort|uniq Mozilla/2.0 (compatible; MSIE 3.02; Windows CE; 240x320) Mozilla/3.0 (x86 [en] Windows NT 5.1; Sun) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425)) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.40607) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; XMPP Tiscali Communicator v.10.0.2; .NET CLR 2.0.50727) Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040707 Firefox/0.9.2 Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.5) Gecko/20031007 Firebird/0.7 Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Spacebug/0.10 (aka Firefox/0.10) Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.2) Gecko/20021126 Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.5) Gecko/20031016 K-Meleon/0.8 Opera/8.0 (Macintosh; PPC Mac OS X; U; en)
I’ll put this filter on a few places, should help with slimming down the spam.