Some time ago, I wrote a program in PHP that ran as a background task, essentially grabbing the stdin from a "tail -f /var/log/httpd/access.log" It would scan each line of the input for certain patterns. EG: a certain # of hits in the most recent 5 minutes, a bunch of others like known "sploits" and similar behavior (such as "wget" in the URL) and instantly add the offenders to iptables reject for 24 hours. Worked fairly well, but eventually I found maintaining the pattern list cumbersome, and the test types were somewhat difficult to genericize into a config file. Also, caused problems with NAT'd companies, where 1 dirtbag would kick the whole place out for 24 hours. Perhaps this should be released as an OSS Project somewhere? Maybe there's already something out there? Dunno. Quick hack, solved a problem I was having at the time, now "dead wood" and I might not even have it around, anymore. -Ben On Thursday 20 October 2005 12:38, Matthew Nuzum wrote: > I've not looked into it, but it would be nice if there was some *simple* to > maintain script that would detect these types of probes and automatically > add the IP to hosts.deny and etc. > > -- > Matthew Nuzum <matt@xxxxxxxxxxxxx> > www.followers.net - Makers of "Elite Content Management System" > View samples of Elite CMS in action by visiting > http://www.followers.net/portfolio/ > > > -- > > fedora-legacy-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-legacy-list > > -- "The best way to predict the future is to invent it." - XEROX PARC slogan, circa 1978 -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
