Another security problem..
Alexander Dalloz
ad+lists at uni-x.org
Fri Oct 21 19:28:03 UTC 2005
Am Fr, den 21.10.2005 schrieb Benjamin Smith um 21:22:
> Some time ago, I wrote a program in PHP that ran as a background task,
> essentially grabbing the stdin from a
>
> "tail -f /var/log/httpd/access.log"
>
> It would scan each line of the input for certain patterns. EG: a certain # of
> hits in the most recent 5 minutes, a bunch of others like known "sploits" and
> similar behavior (such as "wget" in the URL) and instantly add the offenders
> to iptables reject for 24 hours.
>
> Worked fairly well, but eventually I found maintaining the pattern list
> cumbersome, and the test types were somewhat difficult to genericize into a
> config file. Also, caused problems with NAT'd companies, where 1 dirtbag
> would kick the whole place out for 24 hours.
>
> Perhaps this should be released as an OSS Project somewhere? Maybe there's
> already something out there?
>
> Dunno. Quick hack, solved a problem I was having at the time, now "dead wood"
> and I might not even have it around, anymore.
>
> -Ben
I feel mod-security - www.modsecurity.org - is the better approach. It
is available from centos.karan.org repo as an rpm.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 21:26:11 up 1:26, 17 users, 0.47, 0.59, 0.60
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20051021/1e594f9f/attachment.sig>
More information about the fedora-legacy-list
mailing list