I've posted this problem in the slackware forum, but maybe I'll get some help here. I have a slackware 10 box set up at my house as my personal web/ftp/mysql/smtp/ssh server. I have noticed lots of traffic and that my site seems to be getting hit hard from spam to the guestbook and email form. How can I secure apache to not accept this kind of junk? It seems to be eating lots of bandwidth on my DSL connection.

This is generally handled with "captcha" software. It's the software that creates those barely readable graphics with text/numbers that people have to type in before an entry is accepted. Many popular web applications now have this type of facility. Do a Google search for captcha and the software you're using on your web site to see if a plug-in is available.

Some Tips:

- Apache:
- Enable only needed modules in Apache.
- Install mod_security, and run apache in a jail with chroot.
- Fix all security bugs in Apache installation (see Bugtraq).
- See modules like mod_access, mod_auth, mod_rewrite and mod_ssl, may help.

- MySQL:
- Be carefull with the databases/tables permissions. If you run MySQL in the
same host than apache, you must run MySQL only in localhost.
- Use other user than root (Database Superuser), to
connect your applications in php.

Have a look @:

http://www.securityfocus.com/infocus/1694
http://www.securityfocus.com/infocus/1706
http://www.lamphowto.com/

Do you have more detailed info about mod_security and jail with chroot?

I'm don't really have any mysql problems, everything seems to root from my site getting constantly scanned for forms to post. I can secure the forms, but that isn't really what I was looking for.

If you're concerned about the (never ending) scans, then take a look at the source addresses. I find that the scans typically originate from one or two countries. If you don't have any need to interact with folks from those countries (e.g., no business requirement or personal relationships), you can look up their address ranges and simply block them at the firewall. This has the added advantage of reducing the resource requirements on your server, but it is a brute force method.

I let netwatch run on the box for a little while and noticed all kinds of strange connections.

http://www.jcombs.net/~jeff/netwatch.jpg

I don't know why hotmail would be connected so many times. Any advise from looking at the screen shot?

Well, it looks like a considerable number of packets are coming from Korea.

He these poor chineese people already have filtering done by their government but for the hackers that manage to go out of the chineese firewall they are blocked by our firewall. lol
Poor them...
I personnaly don't think its so nice to block a whole country just because some zombies or scriptkiddies are there.

How do you know? I'm intersted in knowing more details.