After postponing this for a long time, I finally implemented Mod_security on my webserver. My server somehow gets attacked by a large number of bots trying the most silly exploits first.. 99.99% of those are actually on PHP applications. The mod_security rules I added (using a generating tool as a guide are listed below.. They're totally unoptimized but I hope it'll take the load of a bit:
SecFilterEngine On SecFilterScanPOST On SecAuditLog /var/log/apache-perl/audit_log SecFilterDefaultAction "deny,log,status:412" SecFilterSelective "REQUEST_URI" "php" SecFilterSelective "REQUEST_URI" "w00t" SecFilterSelective "REQUEST_URI" "awstats" SecFilterSelective "REQUEST_URI" "cobalt" SecFilterSelective "REQUEST_URI" "x0" SecFilterSelective "REQUEST_URI" "exec" SecFilterSelective "REQUEST_URI" "fase" SecFilterSelective "REQUEST_URI" "faze" SecFilterSelective "REQUEST_METHOD" "CONNECT"I've copied my error log and will try to add certain hosts to my ruleset.
