From owner-freebsd-questions Wed Mar 19 4:55: 9 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF59837B401 for ; Wed, 19 Mar 2003 04:55:07 -0800 (PST) Received: from web1.nexusinternetsolutions.net (web1.nexusinternetsolutions.net [206.47.131.12]) by mx1.FreeBSD.org (Postfix) with SMTP id CE33D43FB1 for ; Wed, 19 Mar 2003 04:55:06 -0800 (PST) (envelope-from dave@hawk-systems.com) Received: (qmail 75398 invoked from network); 19 Mar 2003 12:55:06 -0000 Received: from unknown (HELO ws1) (24.157.103.51) by web1.nexusinternetsolutions.net with SMTP; 19 Mar 2003 12:55:06 -0000 From: "Dave [Hawk-Systems]" To: , Subject: Block requests based on repeated failed httpd login attempts Date: Wed, 19 Mar 2003 07:55:05 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Had a situation with a user trying to gain access to an htaccess protected directory. [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user cobras not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user loredana not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user steve not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user e not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user horno not found: /members/members.htm ... This user will never gain access to the directory using this method just given the password and userid scheme that this hosting client is using. The fact that this schmuck bangs away for hours (as have others over the past 6 months) is annoying though. Is there a port or methodology to parse for such action and ban the IP address from making further attempts for X hours (all automated of course). Server Version: FreeBSD 4.3(with patches) Apache/1.3.19 (Unix) mod_ssl/2.8.2 OpenSSL/0.9.6 PHP/4.2.2 Thanks, Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message