httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rafael Faura" <rfa...@bassy.net>
Subject RE: [users@httpd] stopping brute-force password attempts
Date Sun, 09 Nov 2003 14:08:51 GMT
 

-----Original Message-----
From: Dan Trainor [mailto:dant@cavecreek.net] 
Sent: domingo, 09 de noviembre de 2003 13:56
To: users@httpd.apache.org
Subject: [users@httpd] stopping brute-force password attempts

Good morning, all.

Anyone have any recommendations on any Apache server mods that will analyze
logs and generate a report of brute-force password guessing attempts,
including time, duration, IPs that the attacks came from, and successful
intrusions?

We've got a decent setup right now, but I think it's always a good idea to
see what else is out there.

Thanks, I appreciate it.
-dant



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


----------------------------------


Mmm... I don't know if there's some option on apache's httpd.conf file that
limit, log & analyze, or block brute-force attempts... But there's a module
called 'mod_dosevasive' located at
http://www.nuclearelephant.com/projects/dosevasive/ which description is: 

"mod_dosevasive is an evasive maneuvers module for Apache to provide evasive
action in the event of an HTTP DoS or DDoS attack or brute force attack. It
is also designed to be a detection and network management tool, and can be
easily configured to talk to ipchains, firewalls, routers, and etcetera.
mod_dosevasive presently reports abuses via email and syslog facilities".

Hope it helps you.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message