Date: Wed, 19 Mar 2003 07:55:05 -0500 From: "Dave [Hawk-Systems]" <dave@hawk-systems.com> To: <freebsd-questions@freebsd.org>, <hwg-servers@hwg.org> Subject: Block requests based on repeated failed httpd login attempts Message-ID: <DBEIKNMKGOBGNDHAAKGNGENEKHAB.dave@hawk-systems.com>
next in thread | raw e-mail | index | archive | help
Had a situation with a user trying to gain access to an htaccess protected directory. [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user cobras not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user loredana not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user steve not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user e not found: /members/members.htm [Sun Feb 23 06:31:00 2003] [error] [client 208.10.47.119] user horno not found: /members/members.htm ... This user will never gain access to the directory using this method just given the password and userid scheme that this hosting client is using. The fact that this schmuck bangs away for hours (as have others over the past 6 months) is annoying though. Is there a port or methodology to parse for such action and ban the IP address from making further attempts for X hours (all automated of course). Server Version: FreeBSD 4.3(with patches) Apache/1.3.19 (Unix) mod_ssl/2.8.2 OpenSSL/0.9.6 PHP/4.2.2 Thanks, Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBEIKNMKGOBGNDHAAKGNGENEKHAB.dave>