Posts tagged: SITE

Twittered

You know, I have yet to actually try Twitter, but if this is the kind of thing people say on Twitter then it’s OK with me!

Protecting the server with mod_evasive

As I hinted in my report several days ago about this server suffering a DOS attack, I’ve taken some measures to prevent a repeat occurrence. One of them was to install the mod_evasive Apache module, which was suggested by a number of people.

(There’s also mod_security. It’s way more complex than I need right now, but would be worth looking at for a busier server.)

Initially I was skeptical, since mod_evasive doesn’t seem to be a very actively maintained project. But it looked so simple I decided to give it a try. Installing via FreeBSD ports was, as usual, nearly instantaneous. Configuration looks like this (I’ve omitted a few settings for simplicity’s sake, and these are not the actual numbers I’m using):

Comment Spam

Other than using Akismet, the anti-comment-spam measures I have in place here are pretty primitive. I block some common patterns and blacklist some IPs. (I don’t have plans to make it any more sophisticated since I’ve told myself any new blog engineering effort needs to go to the new Django-based version, not the old PHP5 one.)

I was looking at server logs this week and noticed an unusual number of POST requests, then realized that they were foiled comment-spam attempts. I counted them up:

Library of 1000 scammy spams

One of my neglected side projects, purportal.com, features a “Scammy spam library” where I share the text of scam emails I’ve been collecting. Today it reached the 1000-specimen milestone, so I wrote a little script to count word frequencies. The raw list reads like some of the less coherent messages itself:

account email our please ebay me paypal information bank any address through contact security am money funds us million…

I posted a bit more on the purportal.com news page.

Good web hosting

Each year I spend some time doing research on inexpensive web hosting options for my students. It’s virtually impossible to find a cheap hosting company whose name doesn’t produce copious results for a Google search on “FoobarHost.net sucks”. The predominating mood for me at the end of this research is always: I’m really glad I have more than $10/month to spend on hosting.

Since fall 2003 I’ve had a FreeBSD VPS with JohnCompanies, and it’s really quite excellent. They are a high-performance, no-nonsense, technically oriented provider. When you ask a support question, you get a reply from an actual human being whose first assumption is that you know what you’re doing.

Most boring upgrade ever

$ sudo portupgrade php5 php5-curl php5-sqlite php5-bla bla bla...
--->  Upgrading 'php5 bla bla bla...'
...
[Updating the pkgdb bla bla... done]
$ sudo apachectl graceful
$

dpaste.com update

My little pastebin site, dpaste.com, has been chugging along nicely since I announced it here about six weeks ago. Today I updated to the very latest Pygments codebase, which allowed me to add colorizers for Apache config files and bash scripts.

I’ve also started to add some Django-specific rules to the Python colorizer; it now recognizes Django model field types (model.CharField and the like). My thanks go to everyone who’s been using it, especially those who have given me feature suggestions and problem reports.