Hi all, Just wanted to throw this out there and see if anyone else is already doing something along these lines or is trying to figure out how to implement.
Any ideas on strategies for using OSSEC to detect and potentially block/stop automated scripting against web pages. Presumably, this implies that there are forms on your page which require POSTS and several steps to get through the process - this could be for checkouts, or for submitting comments, etc. What I'd be most concerned with is those users who are on the website and not necessarily buying anything but who are essentially taking up system resources (say by putting stuff in their carts and 'locking' the inventory in that way). It could almost be considered a form of a DOS/DDOS if you think about it. Now, the inventory is pretty dynamic so that's what makes it a big deal. Basically, there are people out there who want to hoard the supply so that nobody has a chance to get at it. Sorry for being so vague, but if anybody has used OSSEC in this way, let me know! It would be so insightful. I've thought about trying to get OSSEC to analyze the Apache access (not error) logs to look for patterns... Thanks all!
