Op donderdag 1 november 2018 15:05:06 CET schreef David Spector: > I would like to write a short real-time PHP program to detect unusual or > malicious access patterns to httpd under all OSs for the usual methods, > such as GET and POST, the goal being to protect authentication > procedures from being repeatedly tested by unauthorized visitors to > websites. > > My understanding is that Apache generates a pool of worker processes to > handle remote accesses to the server, so that accesses are processed > efficiently and possibly concurrently if the OS supports process > concurrency. > > So, I'm afraid if I simply write a PHP function that gets called at the > start of displaying the home page of a website, it will intercept only a > subset of the remote accesses, which would be insufficient for analyzing > access patterns. > > Is there a way to have a piece of efficient real-time PHP code stay in > memory (for efficiency, so its code and database can be resident in > memory) and be called for every remote IP access? Its results (a short, > often updated IP blacklist) could be sent to the website through a > slower route or could be used right there in the real-time PHP code to > block the access. > > David Spector > Springtime Software > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx The SANS Instituut (dshield.org) has a honeypot system available: https://isc.sans.edu/honeypot.html This web page mentions that apache is being used, but this is no longer the case. The software uses a Python script to catch the communication with the http server. The software itself is available on GitHub. I have it running on the smallest Raspberry Pi, a 1B, together with a honeypot for telnet and ssh and firewall logging. Reports go to dshield.org. My modem/router forwards almost all TCP/UDP ports to the honeypot system. -- fr.gr. Freek de Kruijf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|