I've installed a new Web Application Firewall on our main server. What's that? It's a piece of software that's designed to detect and block common types of attacks. The one I've installed is an industry standard: ModSecurity for Apache. It matches incoming requests to your website against known types and patterns of attacks. But it's only as good as the rules and patterns it's looking for. The ruleset I'm using is from an industry group, the Open Web Application Security Project, or OWASP. We'll be keeping an eye on it and see what it reports.