Re: Message blocker for message board?
From: Imhotep (Imhotep_at_nospam.net)
Date: 09/26/05
- Next message: Rusty: "Re: avast! or AVG"
- Previous message: Notan: "Re: spyware"
- Next in thread: Jim Watt: "Re: Message blocker for message board?"
- Maybe reply:(deleted message) Jim Watt: "Re: Message blocker for message board?"
- Reply: Jay Cunnington: "Re: Message blocker for message board?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 Sep 2005 00:13:29 -0400
Jay Cunnington wrote:
> I'm new to the group. Just joined tonight as a matter of fact.
>
> I'm a nascent security guy (pursuing a Bachelor's in InfoSec) and one of
> my favorite web sites has a problem. It's a amateur site (hosted) that
> allows readers to post questions and answers on various topics dealing
> with the web site's subject (Chicago North Shore & Milwaukee Railroad).
>
> The webmistress has been bombarded lately with a bunch of offensive
> messages for phenteramine, gay sex, bestiality, etc. It's a pain for her
> to go in and remove these things manually, and she really doesn't want
> to invoke a registration on the site's users. If you want to see the
> extent of the problem, go to www.northshoreline.com before Oct 3, 2005
> (she'll be back then and probably cleaning up the mess), hit the Current
> Day NSL Topics, then Message Board.
>
> I'm not sure who her host is or what the OS of the server might be or
> even how much control she has over the posting script, but I suggested a
> while back using a Perl script to scan the postings before they are
> added to the board and to delete those that score high on the naughty
> words list.
>
> I know Snort can detect the offensive words in the packets if we design
> the rules, but can it block the packets? What I'm looking for is a kind
> of hands-off system to block the offensive crap, preferably before it
> hits the website; almost an IPS. I googled for open source solutions,
> but got no useful hits. I'd also be interested to find out if Snort
> could look past spoofed IPs to find the real one or how that could be
> done in a transparent manner. I figure these are probably bored kids or
> posting bots of some sort, and may be using zombied computers. I'd like
> to find out if the address is spoofed so we don't get a lot of people
> needlessly suspended from their ISPs.
>
> Does anyone have any ideas? Is there a program or utility I can adapt to
> suit our purposes? Does Apache come with anything like that? I want to
> stop the vermin from polluting one of my favorite sites.
>
> My background is 15 years programming in the mainframe world and
> client/server. I know VB but not C. I have been a PerlScript user in the
> past.
Wow! Looked at the site and yup, she is being hit pretty hard...
I would suggest the following:
1) Enforce accounts to post on the system
2) Construct a filtering engine that checks each post before it actually
gets posted. Should a post have bad words, the person's account is
automatically suspended.
3) If your web site is regional (ie not foreign), I would filter out all
foreign posters.
All of these can be done easily (without Snort) by using a flexible language
like PHP (www.php.net)...
P.S. Using Snort has the following problems. Yes, you could use it to detect
bad postings but that would be after the fact. It would also require some
scripting and probably require a more flexible OS like linux/FreeBSD. That
being said, you can achieve the same result and more by use #1 and #2
above.
Good luck!
Imhotep
- Next message: Rusty: "Re: avast! or AVG"
- Previous message: Notan: "Re: spyware"
- Next in thread: Jim Watt: "Re: Message blocker for message board?"
- Maybe reply:(deleted message) Jim Watt: "Re: Message blocker for message board?"
- Reply: Jay Cunnington: "Re: Message blocker for message board?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
