Date: Mon, 21 Jan 2008 12:26:51 +0200 From: Tim Priebe <tim@priebe.alt.na> To: freebsd-security@freebsd.org Cc: Jordi Espasa Clofent <jordi.espasa@opengea.org> Subject: Re: denyhosts-like app for MySQLd? Message-ID: <200801211226.51852.tim@priebe.alt.na> In-Reply-To: <47946AD3.2020601@opengea.org> References: <47946AD3.2020601@opengea.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, There is a functionality in pf, that allows you to have an application to=20 update a list of hosts, that is used in a rule. You could have a script=20 harvest the addresses from your log files, and then update the table in pf.= I=20 have not tried it myself, but was looking at adopting an implementation to= =20 create a tarpit for spammers based on this idea. On Monday 21 January 2008 11:50:11 am Jordi Espasa Clofent wrote: > Hi all, > > =BFIs there any app like denyhosts[1] but intended for MySQLd service? > > We have a mysql ports (3306) opened for remote connections, and > obviously the /var/db/mysql/machine_name.log is full of these kind of > entries: > > ........... > 936012 Connect Access denied for user 'user'@'85.19.95.10' (using > password: YES) > 936013 Connect Access denied for user 'user'@'85.19.95.10' (using > password: YES) > 936014 Connect Access denied for user 'user'@'85.19.95.10' (using > password: YES) > 936016 Connect Access denied for user 'user'@'85.19.95.10' (using > password: YES) > 936018 Connect Access denied for user 'user'@'85.19.95.10' (using > password: YES) > 936019 Connect Access denied for user 'user'@'85.19.95.10' (using > password: YES) > ............. > > The idea is blocking the abusive IPs in automated way. > > [1] http://denyhosts.sourceforge.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801211226.51852.tim>