NAME

Apache::BruteWatch - Watch the Apache logs and notify of bruteforce password attacks

VERSION

 $Revision: 1.13 $

SYNOPSIS

Place the following in your httpd.conf

    PerlLogHandler Apache::BruteWatch

    PerlSetVar BruteDatabase     DBI:mysql:brutelog
    PerlSetVar BruteDataUser     username
    PerlSetVar BruteDataPassword password

    PerlSetVar BruteMaxTries     10
    PerlSetVar BruteMaxTime      30
    PerlSetVar BruteNotify       rbowen@example.com
    PerlSetVar BruteForgive      300

DESCRIPTION

mod_perl log handler for warning you when someone is attempting a brute-force password attack on your web site.

Variables

The following variables can be set in your Apache configuration file:

BruteDatabase

The DBI database name, such as DBI:mysql:brutelog

BruteDataUser

The database username

BruteDataPassword

The database password

BruteMaxTries and BruteMaxTime

Allow this many failed attempts in this much time. After that, notification will be sent. Time is in seconds.

BruteNotify

Email address to which notifications will be sent

BruteForgive

Failed login attempts will be cleaned up after they are this old. Units are seconds.

Database

The following is a mysql database table create statement. You'll need to make the appropriate change to run this on some other database.

  CREATE TABLE bruteattempt (
  ID int(11) NOT NULL auto_increment,
  ts int(11) default NULL,
  username varchar(255) default NULL,
  PRIMARY KEY  (ID)
 ) TYPE=MyISAM;

 CREATE TABLE brutenotified (
  ID int(11) NOT NULL auto_increment,
  username varchar(255) default NULL,
  ts int(11) default NULL,
  PRIMARY KEY  (ID)
 ) TYPE=MyISAM;

AUTHOR

        Rich Bowen
        rbowen@rcbowen.com
        http://www.cre8tivegroup.com

DATE

        $Date: 2003/08/11 14:22:28 $