Using mod_security to block PHP injection attacks
mod_security is an essential tool for securing any apache-based hosting environment. The Pathfinder High Performance Infrastructure blog has posted a good starter piece on using mod_security to block email injections.
One of the more common problems with PHP-based applications is that they can allow the injection of malicious content, such as SQL or email spam. In some cases we find that over 95% of a client’s ISP traffic is coming from spam injection. The solution? Grab an industrial size helping of Apache mod_security.
BTW, Ivan Ristic’s (the developer of mod_security) Web Security Blog is well worth a spot in your blogroll.
(Edit: fixed title. Duh.)