Detect Portscans

psad is great:
http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/

Hide Apache version from HEAD response

put

ServerTokens ProductOnly
ServerSignature Off

at the bottom of you apache2.conf and restart

source: http://www.debianadmin.com/apache-tipshide-apache-information-php-software-version.html

Spammer / Exploit-Scanner.. Secure your Apache..

Tired of Lines like that in your server-logs?

[Sun Nov 13 15:21:25 2011] [error] [client 174.133.29.34] File does not exist: /var/www/Comments
[Sun Nov 13 15:22:31 2011] [error] [client 174.133.29.34] File does not exist: /var/www/u20944
[Sun Nov 13 15:23:06 2011] [error] [client 174.133.29.34] File does not exist: /var/www/aarticle
[Sun Nov 13 15:23:20 2011] [error] [client 174.133.29.34] File does not exist: /var/www/remaxmi
[Sun Nov 13 15:23:44 2011] [error] [client 174.133.29.34] File does not exist: /var/www/author
[Sun Nov 13 15:23:44 2011] [error] [client 174.133.29.34] File does not exist: /var/www/category
[Sun Nov 13 15:23:51 2011] [error] [client 174.133.29.34] File does not exist: /var/www/gc
[Sun Nov 13 15:26:44 2011] [error] [client 174.133.29.34] File does not exist: /var/www/medicine
[Sun Nov 13 15:28:00 2011] [error] [client 174.133.29.34] File does not exist: /var/www/tag

Then install fail2ban

ensure you have /etc/fail2ban/filter.d/apache-nohome.conf

open /etc/fail2ban/jail.conf

insert 

[apache-nohome]
enabled = true
port    = http,https
filter  = apache-nohome
logpath = /var/log/apache*/*error.log
maxretry = 5

because the regexp wont match, you need to edit /etc/fail2ban/filter.d/apache-nohome.conf

and change the wrong regexp: failregex = [[]client <HOST>[]] File does not exist: .*/~.*

to this correct one:

 failregex = [[]client (?P<host>\S*)[]] File does not exist:

then restart fail2ban 

/etc/init.d/fail2ban restart

ensure the apache jail is running..:

fail2ban-client status

and watch the bastards getting banned:

cat /var/log/fail2ban.log

fail2ban-client status apache-nohome

source of correct regexp:

http://www.kauderwwwelsch.de/2011-04-01/fail2ban-die-phpmyadmin-sucher-bannen/

Rails / Passenger / Apache / proxy_http

If you are using proxy_http to serve some Rails applications,
be sure you dont have ProxyRequests On
and you're restricting the access to localhost

<Proxy *>
        AddDefaultCharset off
        Order deny,allow
        Allow from 127.0.0.1
</Proxy>

If you leave ProxyRequests On,

your box will be hijacked by spammers very quickly.

You can test if your server is running as "spammer-friendly" proxy,

connect to your server with telnet and fire GET request.

telnet yourserver.com 80
GET http://www.google.com

 If your server delivers google.com, you did it wrong and your server is an public Proxy and heaven for spammer. If your server responds with your own site, everything is fine.