dear experts: I seem to get a lot of brute force attacks these days
on my server. (auth.log shows it as tons of POSSIBLE BREAK-IN
ATTEMPTS).
there is a nice ssh tool called denyhosts, that basically blacklists
an IP address or IP host after X failed login attempts. Is there
something like this for apache, preferably simple and easy?
pointers appreciated.
regards,
/iaw
On Oct 8, 9:55 am, ivo...@gmail.com wrote:
> dear experts: I seem to get a lot of brute force attacks these days
> on my server. (auth.log shows it as tons of POSSIBLEBREAK-INATTEMPTS).
>
> there is a nice ssh tool called denyhosts, that basically blacklists
> an IP address or IP host after X failed loginattempts. Is there
> something like this forapache, preferably simple and easy?
>
> pointers appreciated.
>
> regards,
>
> /iaw
Automatic blacklisting of IPs for ssh brute force attacks can also be
accomplished using iptables on a linux box. The iptables rules are on
our website at http://www.nichewares.com/docs/sshbruteforce.shtml
However, I'm also looking for something similar for apache (which is
how I came across your post), and other than parsing log files, I
haven't found an easy straight forward solution. I see a bunch of
attempts to access content that's either protected or non-existent on
our servers, and I'd like to simply blacklist IPs for host
perpetrating these actions.
I did quickly find mod_security, but at first glance, it looks rather
complicated. I need to read more about it though.
If you come across a good tool for apache, please post back!
Regards,
Michael W. Kimmick, M.S.
Redhat Certified Engineer
Nichewares & Consulting, LLC