Referer Spam
In the last month I have been getting nailed with various forms of referral spam , and various annoying exploit attempts. Besides the sheer annoyance of it all, the way it screws up your logs and stats, I just didn't want them to think their stuff was working. So I finally implemented some mod_security rules into my apache.
I extended the default debian ruleset with a few that I found online, and things seem to be working well. I hope not too much of a performance hit on this little box (if so, please tell me). I've only had two issues with it so far:
- Default rules blocked my cookies. The default rules had a very basic regex for cookie data, didn't' work with my system
- Debug Log. The debugging by default is at 9, and that very quickly filled up a 2gb file, which then killed apache
Categories
Site0 TrackBacks
Listed below are links to blogs that reference this entry: Referer Spam.
TrackBack URL for this entry: http://halls.lug-nut.com/cgi-bin/mt/mt-tb.cgi/1094
1 Comments
Leave a comment
Technorati
Search
February 2008
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 |
One other bug, the force byte range *SecFilterForceByteRange* was by default set to start at 32 (which of course blocked newlines from posting. Made it hard to post that mesage. The "Debian":http://www.debian.org had that as a default, and right under it, the 0 -255 option commented, ready to use.
--------