You're only minutes away from protecting your web sites from all manner of attack and spam. To do this, you need to download one piece of software, mod_security, install it on your web server and then configure it. Its not difficult or time consuming at all, and if you follow these instructions you should be ready to go in minutes!
No, I didn't follow this setup, but I ripped this of the "Got Root?" Website for an easy setup of mod_Security. I started playing with it awhile ago to see if I could use it to block all these wonderful attacks that I get constantly pointed at my site.
So... I installed it, with it's default ruleset, it started dropping all the virus and Rbot crap that is all around my network here at knology.net.
I run Snort-inline too with a bunch of stuff set to drop, so it was kinda cool to be able to control all this stuff coming at my webserver...
I jumped on Google and searched for "mod_security rules".. It brought me here..Click here
I took these rules, (apparently they are updated often), and put them in my mod_security rules as well.
Talking to a friend of mine shortly after tho, he suggested that I put the rules in a seperate file and source them from the mod_security.conf file. I thought that was an excellent idea, so that's what I did.
kinda like: "include conf/mod_sec/modsecurity-general.conf" <-- this was his example...
This worked even better, and now, I'll probably script some kind of update to it so it updates daily and protects my apache install from lots of stuff...
So, back to playing with iptables, Snort-inline, and mod_security.