Something like this? http://denyhosts.sourceforge.net/
On 8/3/06, Scott Granneman <[EMAIL PROTECTED]> wrote: > > I'm curious to know if anyone knows of a perl script that already does > what I'm going to describe (it doesn't have to be perl, but I'm expecting > that it will be). > > We host the websites of several clients: ACLU-NJ, ACLU-MO, St. Louis Zoo, > etc. > We're constantly getting pounded by Windows boxes that have been > compromised > and are scanning our sites looking for "login", ".dll", & other nonsense. > We're running a Mac OS X server, so any request containing "dll", "exe", > or > even "login" (as we never use that in a URL) is suspect. > > I'd love some sort of script that constantly scans our clients' Apache > error > logs. If the script detects that a regex we've identified as bad is > requested > a certain number of times within a certain time period, we'd like to block > the IP address making the request for a certain length of time. > Every "certain" implies the ability to customize, of course. :) > > I'm assuming this would be added to the server's firewall, but > perhaps .htaccess would be better. > > Does anyone know of anything that does this? Would anyone who's an > experienced > coder be interested in writing such code for a fee? > > Thanks! > -- > R. Scott Granneman > [EMAIL PROTECTED] ~ www.granneman.com > Full list of publications: http://www.granneman.com/publications > My new book on Firefox: Don't Click on the Blue E! > Info at: http://www.oreilly.com/catalog/bluee/ > Read the Open Source Blog: http://opensource.weblogsinc.com > Join GranneNotes! Information at www.granneman.com > > "You shouldn't trust _any_ software. Software is _at best_ a faithful but > bumbling zombie servant that ineptly performs your bidding. At worst, it's > an > evil zombie that wants to kill you and eat your brain." > ---Mr Bad, on Trusted Computing > > > _______________________________________________ > CWE-LUG mailing list > [email protected] > http://www.cwelug.org/ > http://www.cwelug.org/archives/ > http://www.cwelug.org/mailinglist/ > -- The information transmitted (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is intended only for the person(s) or entity/entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient(s) is prohibited. If you received this in error, please contact the sender and delete the material from any computer. _______________________________________________ CWE-LUG mailing list [email protected] http://www.cwelug.org/ http://www.cwelug.org/archives/ http://www.cwelug.org/mailinglist/
