Running external scripts after hacker/ spammer detection?

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
GlenC
Senior user
Senior user
Posts: 680
Joined: 2004-08-17 23:31
Location: Santiago, Chile

Running external scripts after hacker/ spammer detection?

Post by GlenC » 2008-12-31 00:41

I'm wondering if it's possible to do something with hmail's internal scripting. What I'm thinking is something along the lines of this. If a DNSBL returns a positive result for a known spammer, then I can run an external script to add that particular IP to my firewall. Or, another example, if a user fails authentication X number of times, run the external script to add that IP to the firewall. I see in my logs quite a few repeat offenders that really shouldn't be wasting my resources.

If this isn't something readily scriptable in eventhandler, what are others thoughts on this as a possible future feature request? Perhaps an option to run an external program or script on detection of certain events such as above? I think it could be useful.

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: Running external scripts after hacker/ spammer detection?

Post by ^DooM^ » 2008-12-31 01:04

I like the idea, I wouldn't mind a way to perhaps add offending IP's to a database or my own DNS zone or something similar so I can use my own DNS server as an RBL check.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

GlenC
Senior user
Senior user
Posts: 680
Joined: 2004-08-17 23:31
Location: Santiago, Chile

Re: Running external scripts after hacker/ spammer detection?

Post by GlenC » 2008-12-31 01:56

I already do something similar with my website... there are certain requests that can't be interpreted as anything other than pure hack attempts. So, if nothing else, it makes me feel good to close the door on them. :) I was hoping to find something to hook into in hmailserver but I don't think there is any current way of doing it.

I'm sure there are other useful things that could be accomplished with this capability too.

User avatar
mattg
Moderator
Moderator
Posts: 20786
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Running external scripts after hacker/ spammer detection?

Post by mattg » 2008-12-31 02:23

Perhaps scripting something similar to what Martin has suggested here - http://www.hmailserver.com/forum/viewto ... 437#p76437

The database could be accessed by some external programs that auto add the IPs to the firewalls blacklist. If the same table is used then perhaps Martin's (planned) built-in purge facility will work just as well. The table could contain IPs and times of both unsucessful logins and suspected SPAMMers and still work the same...

Just a thought. :D
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

GlenC
Senior user
Senior user
Posts: 680
Joined: 2004-08-17 23:31
Location: Santiago, Chile

Re: Running external scripts after hacker/ spammer detection?

Post by GlenC » 2008-12-31 15:26

mattg wrote:Perhaps scripting something similar to what Martin has suggested here - http://www.hmailserver.com/forum/viewto ... 437#p76437
That will be a handy feature when added. It would be nice if that event is exposed so that it could be tested for in real time without having to monitor the database constantly.

I guess I'm a little biased in my way of wanting to accomplish things. The firewall blocking script that I used for my website worked so well I now want to add it to EVERYTHING. I'm a little obsessive compulsive like that sometimes :)

Post Reply