NAME

Apache::BruteWatch - Watch the Apache logs and notify of bruteforce password attacks

VERSION

            

              
              
$Revision: 1.13 $
            
          

SYNOPSIS

Place the following in your httpd.conf

            

              
              
PerlLogHandler Apache::BruteWatch
PerlSetVar BruteDatabase     DBI:mysql:brutelog
PerlSetVar BruteDataUser     username
PerlSetVar BruteDataPassword password
PerlSetVar BruteMaxTries     10
PerlSetVar BruteMaxTime      30
PerlSetVar BruteNotify       rbowen@example.com
PerlSetVar BruteForgive      300
            
          

DESCRIPTION

mod_perl log handler for warning you when someone is attempting a brute-force password attack on your web site.

Variables

The following variables can be set in your Apache configuration file:

BruteDatabase

The DBI database name, such as DBI:mysql:brutelog

BruteDataUser

The database username

BruteDataPassword

The database password

BruteMaxTries and BruteMaxTime

Allow this many failed attempts in this much time. After that, notification will be sent. Time is in seconds.

BruteNotify

Email address to which notifications will be sent

BruteForgive

Failed login attempts will be cleaned up after they are this old. Units are seconds.

Database

The following is a mysql database table create statement. You'll need to make the appropriate change to run this on some other database.

            

              
              
 CREATE TABLE bruteattempt (
 ID int(11) NOT NULL auto_increment,
 ts int(11) default NULL,
 username varchar(255) default NULL,
 PRIMARY KEY  (ID)
) TYPE=MyISAM;
CREATE TABLE brutenotified (
 ID int(11) NOT NULL auto_increment,
 username varchar(255) default NULL,
 ts int(11) default NULL,
 PRIMARY KEY  (ID)
) TYPE=MyISAM;
            
          

AUTHOR

            

              
              
Rich Bowen
rbowen@rcbowen.com
http://www.cre8tivegroup.com
            
          

DATE

            

              
              
$Date: 2003/08/11 14:22:28 $