-
Many spammers attempt to exploit holes in widely used
scripts such as formail.pl
-
Simplest solution: Add a decoy CGI script that delays,
blackholes, or otherwise confounds the attacker
-
Can use mod_rewrite to detect names of commonly exploited
scripts and redirect to a common CGI that does this
-
Detecting attempted SQL injection: Again, mod_rewrite,
SetEnvIf, and CustomLog are your friends!
-
Use regular expressions to look for common SQL patterns
such as SELECT ... FROM in URIs
-
You now have control of the situation:
-
Redirect to honeypot?
-
Blackhole or firewall the attacker?
-
Trace the attack?
-
It's your choice
|