with a large botnet hammering a website on Suso that is rather expensive
as far as page load time. Strangely enough, they were all using the
Referer: http://www.google.com/
as their referer spam. Why? I don't
know. Either way, I was able to put this line in the vhost container
itself so that the rule only applies to that website in a shared web
hosting environment:
SecRule REQUEST_HEADERS:Referer "^http://www.google.com/$" \
"log,deny,msg:'Google Referal Spammer',id:'910007',severity:'4'"
Works like a charm. Now I won't be woken up at 5am to restart Apache.
There are many many other things that mod_security can be used for. I
ran into a problem where another user was streaming music and that broke
after I turned it on because it can investigate the outgoing body of the
web server's response. Fortunately you can turn that off so streaming
works ok.
Mark
On Mon, Jun 25, 2007 at 03:19:41PM GMT, Steven Black [blacks@indiana.edu] said the following:
> On Sat, 2007-06-23 at 20:48 +0000, Mark Krenz wrote:
> > Is anyone here using mod_security to block referal spammers? I don't
> > need to just remove them from the logs, I need to block them so that
> > they don't make costly requests to pages that have databases queries,
> > etc.
>
> I have not started using it yet, but I have been convinced that using it
> is a good idea. It offers a lot of flexibility. I know it certainly
> offers this capability. It can also block SQL injection attempts, buffer
> over-run attempts, and a number of other potential problem scenarios.
>
> The documentation is supposed to be pretty good, and the community
> support is supposed to be good, too. (I've met the follow at Breach that
> deals with the community.)
>
> Cheers,
> Steven Black
>
>
> _______________________________________________
> BLUG mailing list
> BLUG@linuxfan.com
> http://mailman.cs.indiana.edu/mailman/listinfo/blug
>
--
Mark Krenz
Bloomington Linux Users Group
http://www.bloomingtonlinux.org/
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
No comments:
Post a Comment