Nathan wrote in earlier with attempts to exploit PHP file inclusion that his server had automatically thwarted. He's promoting the use of mod_security, mod_evasive, fail2ban and suhosin in a Apache/PHP environment.
Since knowledge and experience is a way to win from the bad guys, how about sharing your favorite setup for Apache /PHP security (Basically a "LAMP" environment although I'd rather not focus on the OS part in there) and we'll summarize on this page. Also let us know what you like of the components you use, why they are your favorite etc.
Nathan used this tool to ban IP addresses doing repeated 404/501 error results. He catches attempts to hack forums based on PHP this way, and was able to trace it back to owned servers doing those attacks towards him.
Feb 4th 2007
1 decade ago