NAME
Apache::BruteWatch - Watch the Apache logs and notify of bruteforce
password attacks
VERSION
$Revision: 1.2 $
SYNOPSIS
Place the following in your "httpd.conf"
PerlLogHandler Apache::BruteWatch
PerlSetVar BruteDatabase DBI:mysql:brutelog
PerlSetVar BruteDataUser username
PerlSetVar BruteDataPassword password
PerlSetVar BruteMaxTries 10
PerlSetVar BruteMaxTime 30
PerlSetVar BruteNotify rbowen@example.com
PerlSetVar BruteForgive 300
DESCRIPTION
"mod_perl" log handler for warning you when someone is attempting a
brute-force password attack on your web site.
Variables
The following variables can be set in your Apache configuration file:
BruteDatabase
The DBI database name, such as "DBI:mysql:brutelog"
BruteDataUser
The database username
BruteDataPassword
The database password
BruteMaxTries and BruteMaxTime
Allow this many failed attempts in this much time. After that,
notification will be sent. Time is in seconds.
BruteNotify
Email address to which notifications will be sent
BruteForgive
Failed login attempts will be cleaned up after they are this old. Units
are seconds.
Database
CREATE TABLE bruteattempt (
ID int(11) NOT NULL auto_increment,
ts int(11) default NULL,
username varchar(255) default NULL,
PRIMARY KEY (ID)
) TYPE=MyISAM;
CREATE TABLE brutenotified (
ID int(11) NOT NULL auto_increment,
username varchar(255) default NULL,
ts int(11) default NULL,
PRIMARY KEY (ID)
) TYPE=MyISAM;
AUTHOR
Rich Bowen
rbowen@rcbowen.com
http://www.cre8tivegroup.com
DATE
$Date: 2003/08/04 23:31:53 $