Among my several years of running servers there seems to be a pattern with most spam activity. My question/idea is that is there a way to tell Apache to run a script when POST data is detected?
What I would want to do is perform a reverse DNS lookup on the client's IP address, and then perform a DNS lookup on the hostname in the PTR record. Afterwards, perform some checks, excuse the pseudo-code:
if PTR does not exist:
deny POST request
if IP of PTR hostname = client's IP
Allow POST request
else
deny POST request
Though I don't care about GET requests, even though they can be just as malicious, this idea is targeted towards spam comments which use POST data to send the comment data to the web server. In order to make sure there isn't much of a time delay, I would run my own recursive DNS server.
Please do note, this isn't meant to be a sliver bullet to spam, but it should decrease the volume.
Possible or impossible?
Not a Direct Answer:
I think this might lead to a lot of legitimate requests being rejected as PTR records are not used for verification that much outside of email. So you might want to use system that makes this not a total reason to deny a post, but rather it adds a negative mark that is used in part of the final evaluation. This is a common email spam model.
If you are going to do this, I would do it in the software/application behind Apache after the post has been made and is in some sort of pending moderation state. The server just feels like the wrong place for this. For example, do you want people not to be able to login to the application if their PTR record doesn't match even if they have valid username and password. Even if you don't have anything like this now, you might want to add in the future, and then server has to distinguish between post requests. If this product ever scaled, your application functionality would be in the hand of the system adminsitration team which would be kind of strange as well.