Tool that watches logfiles
Hi there, since we're getting hit a lot by Proxy requests on the webservers (repeatedly from the same IP) I'm looking for a tool that looks at the webserver logs in real time and takes appropriate actions depending on the patterns it finds there. I'd like to block an IP for a while if I see a CONNECT command from it. I could probably glue something with logtail or libfile-tail-perl but I'm wondering if there is already a tool that does exactly what I'm looking for? Thanks, Joachim -- *PGP key available - send e-mail request* Mirrors should reflect a little before throwing back images. -- Jean Cocteau
Re: exim limit number of mail per user.
Hi, On Thu, Dec 12, 2002 at 10:46:02AM +0100, Robert Lindgren wrote: > Is there a way to limit the number of messages per hour and user with > Exim? There's nothing out of the box. However you could probably craft something. I imagine a small program (it should be a compiled and not an interpreted program) that gets some parameters ($sender_address and Message-ID for example) and is called from a router. It registers the date and the address somewhere (check with the message-id to not register a single mail twice) and fails if everything is okay and the user is within his/her limits. If not, it succeeds and calls a transport that does whatever you want it to do. Call an autoreply-transport for example... You may also want to set verify = false on this router... I hope this helps, Joachim PS: I assumed you're using exim 4.x already... -- *PGP key available - send e-mail request* - ICQ: 37225940 Hurewitz's Memory Principle: The chance of forgetting something is directly proportional to.. to.. uh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: BIND exploited ? -UPDATE
On Sat, Jan 05, 2002 at 01:43:24AM -0500, Thedore Knab wrote: > Starting nmap V. 2.54BETA25 ( www.insecure.org/nmap/ ) > Interesting ports on dns1.mywork.edu : > (The 1540 ports scanned but not shown below are in state: closed) ^^ You seem to have only scanned your well-known ports? Joachim
Re: BIND exploited ? -UPDATE
On Sat, Jan 05, 2002 at 01:43:24AM -0500, Thedore Knab wrote: > Starting nmap V. 2.54BETA25 ( www.insecure.org/nmap/ ) > Interesting ports on dns1.mywork.edu : > (The 1540 ports scanned but not shown below are in state: closed) ^^ You seem to have only scanned your well-known ports? Joachim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
