Re: [mod-security-users] Protecting a site from brute-force attacks
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Protecting a site from brute-force attacks
|
From: Francois B. <fra...@gm...> - 2006-01-30 21:35:33
|
> > FYI unless you have an existing mod_security configuration to upgrade > (and even with that) upgrading mod_security is a 30-second operation. Not really - We have mod_security compiled straight into Apache, so it's no= t just a question of compiling a new module and dropping in on the server, we have to recompile our entire Apache setup which (I'm being told) is a fairl= y complicated process, and right now the SysAdmin is too busy to help me... Avoid launching a script if possible. If you don't those attacking > you will be able to create dozens of processes per second simply > by sending many requests in parallel. > > A better idea is to pipe the error log to a single inspecting > process (like httpd-guardian). Hmmm, that probably would be better; I'd have to parse the log to find only the entries I'm interested in, (since I don't want to block valid users behind proxies) but I'd be less susceptible to getting flooded with forking processes. You should even be able to create a nice page to show to the > blacklisted users. Already planned! As well as sending an alert to the syslog so that we know what's happening.... which i believe your script already does. Thanks Ivan! -- > Ivan Ristic, Technical Director > Thinking Stone, http://www.thinkingstone.com > Tel: +44 20 8141 2161, Fax: +44 87 0762 3934 > |
