Another security problem..
Benjamin Smith
lists at benjamindsmith.com
Fri Oct 21 19:22:54 UTC 2005
Some time ago, I wrote a program in PHP that ran as a background task,
essentially grabbing the stdin from a
"tail -f /var/log/httpd/access.log"
It would scan each line of the input for certain patterns. EG: a certain # of
hits in the most recent 5 minutes, a bunch of others like known "sploits" and
similar behavior (such as "wget" in the URL) and instantly add the offenders
to iptables reject for 24 hours.
Worked fairly well, but eventually I found maintaining the pattern list
cumbersome, and the test types were somewhat difficult to genericize into a
config file. Also, caused problems with NAT'd companies, where 1 dirtbag
would kick the whole place out for 24 hours.
Perhaps this should be released as an OSS Project somewhere? Maybe there's
already something out there?
Dunno. Quick hack, solved a problem I was having at the time, now "dead wood"
and I might not even have it around, anymore.
-Ben
On Thursday 20 October 2005 12:38, Matthew Nuzum wrote:
> I've not looked into it, but it would be nice if there was some *simple* to
> maintain script that would detect these types of probes and automatically
> add the IP to hosts.deny and etc.
>
> --
> Matthew Nuzum <matt at followers.net>
> www.followers.net - Makers of "Elite Content Management System"
> View samples of Elite CMS in action by visiting
> http://www.followers.net/portfolio/
>
>
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-legacy-list
>
>
--
"The best way to predict the future is to invent it."
- XEROX PARC slogan, circa 1978
More information about the fedora-legacy-list
mailing list