Re: [mod-security-users] Protecting a site from brute-force attacks
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Protecting a site from brute-force attacks
|
From: Ivan R. <iv...@we...> - 2006-01-30 21:01:22
|
Francois Boulanger wrote: > Hi all! I'd like your input on this... > > I was asked to protect one of our websites against brute-force attempts; > We need to know if an IP adress is making repetitive login requests to > our site. I'm using Apache 1.3.33 and mod_security 1.7. on Solaris 9 - > And no, we do not have time to upgrade to a more recent Apache or > mod_security version :-( FYI unless you have an existing mod_security configuration to upgrade (and even with that) upgrading mod_security is a 30-second operation. > Here's what i'm thinking of doing : > > 1 - use mod_security to inspect POST contents of requests > 2 - create a rule to launch a script every time the POST contains a > specific login field (Ex : UserID or password). This will allow me to > obtain all the IP adresses of people who attempt to log-in. Avoid launching a script if possible. If you don't those attacking you will be able to create dozens of processes per second simply by sending many requests in parallel. A better idea is to pipe the error log to a single inspecting process (like httpd-guardian). > What do you think? Probably not the ideal solution, but it should work - > considering we're short on time and need a solution fast, without > relying on firewall or IDS systems. You should even be able to create a nice page to show to the blacklisted users. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 |
