LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Blocking automated hacker tools
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 02-06-2012, 04:54 AM   #1
fluffyvoidbunny
LQ Newbie
 
Registered: Feb 2006
Distribution: suse fedora
Posts: 16

Rep: Reputation: 0
Blocking automated hacker tools

Hi All,

I'm getting a load of hassle with people trying to hack my apache 2 server. The main problem is the use of automated scanning tools directed at my cgi scripts.

To counter this I am looking at writing a perl script to monitor requests and block any ip making too many requests over a time period. This isn't a problem for my scripts but most of the requests are speculative and aimed at cgi programs that don't exist. To be able to respond to this I would like to have apache call my monitoring script whenever a request is made to cgi-bin.

I can go the route of changenotify and parse the logs for unnatural access but a more elegant solution would be to have apache call my script when a cgi request is made.

Any ideas?

Thanks
 
Old 02-06-2012, 05:05 AM   #2
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 834

Rep: Reputation: 186Reputation: 186
There are tools available to do what you wish.

Some ideas.
Iptables limit and recent match. Which can be used to drop packets over n simultaneous connection attempts from an ip.
fail2ban - scans log files, and generates firewall rules to "ban" IP's, and can also do additional things, like email alerts, with whois lookups for example.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] blocking and non blocking TCP send/recv problem golden_boy615 Programming 5 12-27-2010 03:27 PM
Easy hacker tools lilsandi30 Linux - Newbie 2 12-08-2009 09:07 PM
LXer: Automated processing tools for better digital pictures LXer Syndicated Linux News 0 11-10-2008 06:50 PM
blocking this hacker's efforts Boss Hoss Linux - Security 5 07-18-2006 07:47 PM
portsentry replacement? (automated ip address based host blocking) hlslaughter Linux - Security 1 08-08-2005 07:45 PM


All times are GMT -5. The time now is 05:43 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration