Stories
Slash Boxes
Comments

NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

use Perl

All the Perl that's Practical to Extract and Report

use Perl Log In

[ Create a new account ]

Beatnik (493)

Beatnik
(email not shown publicly)
http://www.ldl48.org/

A 29 year old belgian who likes Mountain Dew, Girl Scout Cookies, Tim Hortons French Vanilla Flavoured Cappucinno, Belgian beer, Belgian chocolate, Belgian women, Magners Cider, chocolate chipped cookies and Perl. Likes snowboarding, snorkling, sailing and silence. Bach can really cheer him up! He still misses his dog.

Project Daddy of Spine [sf.net], a mod_perl based CMS.

In his superhero time (8.30 AM to 5.30 PM), he works on world peace.

Journal of Beatnik (493)

Sunday April 22, 2007

11:56 AM

mod_security

[ #33067 ]

After postponing this for a long time, I finally implemented Mod_security on my webserver. My server somehow gets attacked by a large number of bots trying the most silly exploits first.. 99.99% of those are actually on PHP applications. The mod_security rules I added (using a generating tool as a guide are listed below.. They're totally unoptimized but I hope it'll take the load of a bit:

SecFilterEngine On SecFilterScanPOST On SecAuditLog /var/log/apache-perl/audit_log SecFilterDefaultAction "deny,log,status:412" SecFilterSelective "REQUEST_URI" "php" SecFilterSelective "REQUEST_URI" "w00t" SecFilterSelective "REQUEST_URI" "awstats" SecFilterSelective "REQUEST_URI" "cobalt" SecFilterSelective "REQUEST_URI" "x0" SecFilterSelective "REQUEST_URI" "exec" SecFilterSelective "REQUEST_URI" "fase" SecFilterSelective "REQUEST_URI" "faze" SecFilterSelective "REQUEST_METHOD" "CONNECT"

I've copied my error log and will try to add certain hosts to my ruleset.

List all Journal entries