Am Fr, den 21.10.2005 schrieb Benjamin Smith um 21:22: > Some time ago, I wrote a program in PHP that ran as a background task, > essentially grabbing the stdin from a > > "tail -f /var/log/httpd/access.log" > > It would scan each line of the input for certain patterns. EG: a certain # of > hits in the most recent 5 minutes, a bunch of others like known "sploits" and > similar behavior (such as "wget" in the URL) and instantly add the offenders > to iptables reject for 24 hours. > > Worked fairly well, but eventually I found maintaining the pattern list > cumbersome, and the test types were somewhat difficult to genericize into a > config file. Also, caused problems with NAT'd companies, where 1 dirtbag > would kick the whole place out for 24 hours. > > Perhaps this should be released as an OSS Project somewhere? Maybe there's > already something out there? > > Dunno. Quick hack, solved a problem I was having at the time, now "dead wood" > and I might not even have it around, anymore. > > -Ben I feel mod-security - www.modsecurity.org - is the better approach. It is available from centos.karan.org repo as an rpm. Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 21:26:11 up 1:26, 17 users, 0.47, 0.59, 0.60
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
