I don’t know about you, but I hate getting a crapload of comment spam and referral spam. I’ve been able to block much of the former with MT-Blacklist, but the referral log spam is getting out of control and clogging up my AWStats results with a pile of useless links. So when I saw this post that linked to a script that used the blacklist to eliminate referral spam, I was intrigued. After reading some of the comments on the entry, I found this AWStats patch that will also remove them from the AWStats calculations.
Then looking through my flagged entries in my RSS reader, I noticed this mod_security post on Movalog which reminded me about some discussions that were happening on the MT Pronet mailing list regarding using mod_security to block even more at the server level (more info on mod_security here). So after looking through a ProNet entry about mod_security, I came across this introduction to mod_security. Once I found out how to get mod_security installed in cPanel/WHM (and where the configuration files were), I set upon implementing this mod_security hack that will import the information from the master blacklist file and create rules for use with mod_security.
I’m just about through all the hacks and tweaks above, and so far I haven’t blown anything up (learning a lot on this type of stuff in the process). Hopefully this will keep some of the other sites on this server from getting a pile of referral spam as well. If you do notice the site being down at all today, just try again in a few minutes, as I’m probably restarting Apache.
Comments
Maybe you have already done it, but I hOpe you have updated to Awstats 6.3 due to the Exploit in the .pl file. A few bloggers have already been hacked as of today. I just got through doing it and from the looks of my logs they have been hitting that file.
Oh that’s comforting. I’ll have to see how to get the update to work with cPanel. Thanks for the info!
How did you figure out how to apply the AWStats patch? I’m pretty good at figuring out scanty documentation, but this one still has me stumped. I gather the .patch file is an executable to be run from the server’s Unix command line, but I really don’t want to do something devastating.
Patch files are just text files. The easiest way, if you have root access, is to run a “patch [patchfile] [filetopatch]” command on a unix command line. That worked fine for me. I just copied my patch files to the same folder as the Awstats files. The patches listed on that link have to either be applied to files in “/usr/local/cpanel/3rdparty/bin/lib” or in “/usr/local/cpanel/3rdparty/bin” (the latter is where the awstats.pl file).
Otherwise, you can open up your favorite text editor and manually put in the code that’s in there in the proper place in the file.
Excellent! I’m very much looking forward to having usable referrer stats once more.
I’m trying to get the AWStats patch installed… but I don’t have a UNIX system so I can’t use the command line method.
When you say to copy the text from the .patch file to the “proper place” in the awstats.pl file, can you tell me what that proper place is? I don’t want to screw things up and I am not a programmer so the contents of these files is gibberish to me!
Thanks!
-Kate
First off, get off the windows server 😉
Secondly, I can’t. Patch files are just additions and/or subtractions from a file, so you’ll have to look in the awstats.pl file to see where the data goes. If you’re not comfortable with it, you really shouldn’t be going in there to begin with, as you can pretty much FUBAR your install if you’re not careful.
Random cPanel Link Dump
As I’ve mentioned before, I use cPanel on my Web server. I’ve posted links before for using clamavmodule in Mailscanner, completely removing boxtrapper, among a few other things. So here…