Re: Another security problem..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Some time ago, I wrote a program in PHP that ran as a background task, 
essentially grabbing the stdin from a 

"tail -f /var/log/httpd/access.log" 

It would scan each line of the input for certain patterns. EG: a certain # of 
hits in the most recent 5 minutes, a bunch of others like known "sploits" and 
similar behavior (such as "wget" in the URL) and instantly add the offenders 
to iptables reject for 24 hours. 

Worked fairly well, but eventually I found maintaining the pattern list 
cumbersome, and the test types were somewhat difficult to genericize into a 
config file. Also, caused problems with NAT'd companies, where 1 dirtbag 
would kick the whole place out for 24 hours. 

Perhaps this should be released as an OSS Project somewhere? Maybe there's 
already something out there? 

Dunno. Quick hack, solved a problem I was having at the time, now "dead wood" 
and I might not even have it around, anymore. 

-Ben 

On Thursday 20 October 2005 12:38, Matthew Nuzum wrote:
> I've not looked into it, but it would be nice if there was some *simple* to
> maintain script that would detect these types of probes and automatically
> add the IP to hosts.deny and etc.
> 
> -- 
> Matthew Nuzum <matt@xxxxxxxxxxxxx>
> www.followers.net - Makers of "Elite Content Management System"
> View samples of Elite CMS in action by visiting
> http://www.followers.net/portfolio/
> 
> 
> --
> 
> fedora-legacy-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-legacy-list
> 
> 

-- 
"The best way to predict the future is to invent it."
- XEROX PARC slogan, circa 1978

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux