On Tue, Oct 20, 2009 at 14:07 +0200, W. Martin Borgert wrote: > > Quoting KenCorey <[email protected]>: > > I thought it might be fun to identify which IP the requests were > > coming from, and just ban that IP for a while. Not permanently, but > > an increasingly longer period of time per infraction. > > I use fail2ban. This program reads different log files, such as > apache and ssh formats and blocks IPs after failed logins for a > while using ipfilter. This means, to make it work, you would have > to create a logfile with a format compatible to fail2ban.
I actually rolled my own solution for this a while ago, yet another brute-force detector. https://0brg.net/svn/yabfd/trunk/ is the repository root. It is pretty basic---I mostly use it to detect SSH brute forcers but then use squid to block those hosts as well. It can parse pretty much any logfile (regular expressions are supported but if that does not suffice you can roll your own parser and hook it in) and I think that I also already implemented a reasonably flexible printer system for output of block lists. Anyway, it might not be your thing, and it was not extensively proofed to work correctly and securely, but it has been working like a charm for me for a year or so, now. I would appreciate comments :) Greetings, Hraban Luyat --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/webpy?hl=en -~----------~----~----~----~------~----~------~--~---
