Blog
I just banned over 4000 spamming servers. Yeah!
Around 97% of email on the internet is spam but most of it is blocked by your web company. I've created a system which shows hourly updates of how many spammers and hackers our system is banning. Damn it feels good ;-)
The Open Source intrusion detection system we use is called Fail2Ban. It's a very light-weight system that reads through the logs on the server looking for bad servers based on rules that we create. I'd written filters to detect when hackers were trying to break into our clients' websites but only recently I decided to write a filter that looked through our mail server logs for dodgy spamming servers. I was shocked at how good fail2ban was at helping our present spam detection systems block spam.
One issue I had was I didn't want to mistakenly be blocking nice servers so I created rules to ensure this didn't happen and also created a web page that shows where the spamming servers are so I could check the NZ servers manually if I needed to - there were too many of them to manually query where the servers were located so I created a Google map showing where they were. Below is a screen cap but you can view the live page here.
About
Brynn