Message blocker for message board?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I'm new to the group. Just joined tonight as a matter of fact.

I'm a nascent security guy (pursuing a Bachelor's in InfoSec) and one of
my favorite web sites has a problem. It's a amateur site (hosted) that
allows readers to post questions and answers on various topics dealing
with the web site's subject (Chicago North Shore & Milwaukee Railroad).

The webmistress has been bombarded lately with a bunch of offensive
messages for phenteramine, gay sex, bestiality, etc. It's a pain for her
to go in and remove these things manually, and she really doesn't want
to invoke a registration on the site's users. If you want to see the
extent of the problem, go to before Oct 3, 2005
(she'll be back then and probably cleaning up the mess), hit the Current
Day NSL Topics, then Message Board.

I'm not sure who her host is or what the OS of the server might be or
even how much control she has over the posting script, but I suggested a
while back using a Perl script to scan the postings before they are
added to the board and to delete those that score high on the naughty
words list.

I know Snort can detect the offensive words in the packets if we design
the rules, but can it block the packets? What I'm looking for is a kind
of hands-off system to block the offensive crap, preferably before it
hits the website; almost an IPS. I googled for open source solutions,
but got no useful hits. I'd also be interested to find out if Snort
could look past spoofed IPs to find the real one or how that could be
done in a transparent manner. I figure these are probably bored kids or
posting bots of some sort, and may be using zombied computers. I'd like
to find out if the address is spoofed so we don't get a lot of people
needlessly suspended from their ISPs.

Does anyone have any ideas? Is there a program or utility I can adapt to
suit our purposes? Does Apache come with anything like that? I want to
stop the vermin from polluting one of my favorite sites.

My background is 15 years programming in the mainframe world and
client/server. I know VB but not C. I have been a PerlScript user in the

Re: Message blocker for message board?

Jay Cunnington wrote:

Quoted text here. Click to load it

Wow! Looked at the site and yup, she is being hit pretty hard...

I would suggest the following:

1) Enforce accounts to post on the system
2) Construct a filtering  engine that checks each post before it actually
gets posted. Should a post have bad words, the person's account is
automatically suspended.
3) If your web site is regional (ie not foreign), I would filter out all
foreign posters.

All of these can be done easily (without Snort) by using a flexible language
like PHP (

P.S. Using Snort has the following problems. Yes, you could use it to detect
bad postings but that would be after the fact. It would also require some
scripting and probably require a more flexible OS like linux/FreeBSD. That
being said, you can achieve the same result and more by use #1 and #2

Good luck!

Re: Message blocker for message board?

Imhotep wrote:

Quoted text here. Click to load it

I talked to my prof for Hacking Methods about it. He said it's most
likely a standard script (for Apache?) that bots can hit. He suggested
changing the field names. Then at least someone will have to log on to
the screen to get the current field names, or have another bot harvest
them. Any ideas to proactively counter-attack the counter-attack or
truth to that one?

Re: Message blocker for message board?

On Fri, 30 Sep 2005 03:52:26 GMT, Jay Cunnington

Quoted text here. Click to load it

I have a pretty good  solution that works well for me which your
friend can  have for free.

mail me at jimwatt (at) pobox (dot) com

Methinks its a widespread problem and its being used as a means
of promoting websites ands harassing BB users.
Jim Watt 

Re: Message blocker for message board?

On Mon, 26 Sep 2005 03:53:13 GMT, Jay Cunnington

Quoted text here. Click to load it

Been there done that, contact me on email for further details, I guess
someone has targeted wwwboards and written a script to spam them.

What a strange hobby.
Jim Watt 

Site Timeline