I'm curious to know if anyone knows of a perl script that already does what I'm going to describe (it doesn't have to be perl, but I'm expecting that it will be).
We host the websites of several clients: ACLU-NJ, ACLU-MO, St. Louis Zoo, etc. We're constantly getting pounded by Windows boxes that have been compromised and are scanning our sites looking for "login", ".dll", & other nonsense. We're running a Mac OS X server, so any request containing "dll", "exe", or even "login" (as we never use that in a URL) is suspect. I'd love some sort of script that constantly scans our clients' Apache error logs. If the script detects that a regex we've identified as bad is requested a certain number of times within a certain time period, we'd like to block the IP address making the request for a certain length of time. Every "certain" implies the ability to customize, of course. :) I'm assuming this would be added to the server's firewall, but perhaps .htaccess would be better. Does anyone know of anything that does this? Would anyone who's an experienced coder be interested in writing such code for a fee? Thanks! -- R. Scott Granneman [EMAIL PROTECTED] ~ www.granneman.com Full list of publications: http://www.granneman.com/publications My new book on Firefox: Don't Click on the Blue E! Info at: http://www.oreilly.com/catalog/bluee/ Read the Open Source Blog: http://opensource.weblogsinc.com Join GranneNotes! Information at www.granneman.com "You shouldn't trust _any_ software. Software is _at best_ a faithful but bumbling zombie servant that ineptly performs your bidding. At worst, it's an evil zombie that wants to kill you and eat your brain." ---Mr Bad, on Trusted Computing _______________________________________________ CWE-LUG mailing list [email protected] http://www.cwelug.org/ http://www.cwelug.org/archives/ http://www.cwelug.org/mailinglist/
