Referral spam has become a major problem on most blogs and even on some very unrelated websites. Basically, referral spam is the act of accessing a web site using a referrer in the header which is then added into web stats for the site as a referrer. On those sites that actively publish their referrers, these show up as links to those URL's which search engines may index. For engines such as Google, lots of referrer links can effectively raise the PageRank of the URL within the Search Engine. Also, sometimes users will click on the URL's from the referral page to see what kinds of sites are linking to that site. This results in traffic.

The majority of people engaging in referral spam are the usual suspects who also engage in email spam. I could give you a list but it doesn't really matter. Basically, they have no interest in your site other than trying to earn mileage from your traffic and bandwidth. In most cases, the spammer themselves never even see your own content, they are using bots, either from zombie bot nets or through open proxies to send GET or HEAD requests and they don't even monitor or wait for a reply but simply initiate another request to build the referrer link.

I am running Mandriva 2006 on a Dell laptop which has built in SmartLink modem. Although I do have an external serial modem that I can use with the laptop, convenience makes it simpler to get the internal modem working under Linux. The Powerpack version of Mandriva 2006 includes a pre-compiled kernel module for the SmartLink modem but once you start upgrading the Kernel to the latest supported version, you either need access to a new pre-compiled version, or you need to roll your own. This article will tak about how to go about rolling your own.

This article is another follow-up to the rate limiting features of Shorewall. I am basically posting the results to show what happens once the rate limiter is in place and you get inevitable attempts to brute-force SSH connections.

This article is basically a follow-up to the last article where I mentioned how to configure Shorewall to limit the number of connections per IP to SSH in order to restrict Brute-Force attempts against SSH. This article will provide a howto for setting up a generic per-IP rate limit that can be reused for multiple ports, services and connections with different limits depending on how you configure the rules. This would allow you to, for example, setup SSH with a 3 connection per IP each minute limit, and also setup FTP with 4 connections per IP per minute to help guard against brute force attacks directed at an FTP server as well.

A new netfilter called recent has been added to IPTables and newer versions of Shorewall can actually use this netfilter for varied functionality. This article will basically talk about how to use this netfilter to protect against Brute Force attacks against SSH which is a current issue as Linux gets more popular. While SSH itself is fairly secure against most of these scripted attacks, they are still fairly annoying for most admins who monitor systems because they take up space in the log files and all the extra "noise" can possibly be used to mask a successful attempt to compromise a system.