NAME
Apache::BruteWatch - Watch the Apache logs and notify of bruteforce password attacks
VERSION
$Revision: 1.13 $SYNOPSIS
Place the following in your httpd.conf
PerlLogHandler Apache::BruteWatch
PerlSetVar BruteDatabase DBI:mysql:brutelog
PerlSetVar BruteDataUser username
PerlSetVar BruteDataPassword password
PerlSetVar BruteMaxTries 10
PerlSetVar BruteMaxTime 30
PerlSetVar BruteNotify rbowen@example.com
PerlSetVar BruteForgive 300DESCRIPTION
mod_perl log handler for warning you when someone is attempting a brute-force password attack on your web site.
Variables
The following variables can be set in your Apache configuration file:
BruteDatabase
The DBI database name, such as DBI:mysql:brutelog
BruteDataUser
The database username
BruteDataPassword
The database password
BruteMaxTries and BruteMaxTime
Allow this many failed attempts in this much time. After that, notification will be sent. Time is in seconds.
BruteNotify
Email address to which notifications will be sent
BruteForgive
Failed login attempts will be cleaned up after they are this old. Units are seconds.
Database
The following is a mysql database table create statement. You'll need to make the appropriate change to run this on some other database.
CREATE TABLE bruteattempt (
ID int(11) NOT NULL auto_increment,
ts int(11) default NULL,
username varchar(255) default NULL,
PRIMARY KEY (ID)
) TYPE=MyISAM;
CREATE TABLE brutenotified (
ID int(11) NOT NULL auto_increment,
username varchar(255) default NULL,
ts int(11) default NULL,
PRIMARY KEY (ID)
) TYPE=MyISAM;AUTHOR
Rich Bowen
rbowen@rcbowen.com
http://www.cre8tivegroup.com
DATE
$Date: 2003/08/11 14:22:28 $