Tweet
So I am sure if you are running a cPanel server you are having the exact same trouble as we have been having the last week, lots of spam. It appears there is somebody in this world that has decided to write a rather efficient script that searches for webforms then sends spam via php and bcc. The first quick fix was to enable safe_mode but that obviouslly gets a fair amount of webhosting clients pretty bad. I have been working with mod_security and come up with a pretty simple rule that should help:
SecFilterSelective THE_REQUEST "bcc:|Bcc:|BCc:|BCC:|bCc:|bCC:|bcC:|BcC:"
What that will do is search first for the bcc, Bcc, etc then look for com, org, or net in a url. I was trying to filter it looking for an @ symbol but I was having trouble with apache picking it up. I figure if they are not spamming to one of those TDLs it is probably not a very big attack. If you want to protect more simply add to the list, remember all it has to do is catch one and it blocks the entire request.
Enjoy
SecFilterSelective THE_REQUEST "bcc:|Bcc:|BCc:|BCC:|bCc:|bCC:|bcC:|BcC:"
What that will do is search first for the bcc, Bcc, etc then look for com, org, or net in a url. I was trying to filter it looking for an @ symbol but I was having trouble with apache picking it up. I figure if they are not spamming to one of those TDLs it is probably not a very big attack. If you want to protect more simply add to the list, remember all it has to do is catch one and it blocks the entire request.
Enjoy
Comment