Apache::BruteWatch - Watch the Apache logs and notify of bruteforce password attacks
$Revision: 1.13 $
Place the following in your httpd.conf
httpd.conf
PerlLogHandler Apache::BruteWatch PerlSetVar BruteDatabase DBI:mysql:brutelog PerlSetVar BruteDataUser username PerlSetVar BruteDataPassword password PerlSetVar BruteMaxTries 10 PerlSetVar BruteMaxTime 30 PerlSetVar BruteNotify rbowen@example.com PerlSetVar BruteForgive 300
mod_perl log handler for warning you when someone is attempting a brute-force password attack on your web site.
mod_perl
The following variables can be set in your Apache configuration file:
The DBI database name, such as DBI:mysql:brutelog
DBI:mysql:brutelog
The database username
The database password
Allow this many failed attempts in this much time. After that, notification will be sent. Time is in seconds.
Email address to which notifications will be sent
Failed login attempts will be cleaned up after they are this old. Units are seconds.
The following is a mysql database table create statement. You'll need to make the appropriate change to run this on some other database.
CREATE TABLE bruteattempt ( ID int(11) NOT NULL auto_increment, ts int(11) default NULL, username varchar(255) default NULL, PRIMARY KEY (ID) ) TYPE=MyISAM; CREATE TABLE brutenotified ( ID int(11) NOT NULL auto_increment, username varchar(255) default NULL, ts int(11) default NULL, PRIMARY KEY (ID) ) TYPE=MyISAM;
Rich Bowen rbowen@rcbowen.com http://www.cre8tivegroup.com
$Date: 2003/08/11 14:22:28 $
To install Apache::BruteWatch, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Apache::BruteWatch
CPAN shell
perl -MCPAN -e shell install Apache::BruteWatch
For more information on module installation, please visit the detailed CPAN module installation guide.