NAME

Apache::BruteWatch - Watch the Apache logs and notify of bruteforce password attacks

VERSION

$Revision: 1.2 $

SYNOPSIS

Place the following in your "httpd.conf"

PerlLogHandler Apache::BruteWatch

        PerlSetVar BruteDatabase     DBI:mysql:brutelog
        PerlSetVar BruteDataUser     username
        PerlSetVar BruteDataPassword password

        PerlSetVar BruteMaxTries     10
        PerlSetVar BruteMaxTime      30
        PerlSetVar BruteNotify       rbowen@example.com
        PerlSetVar BruteForgive      300

DESCRIPTION

"mod_perl" log handler for warning you when someone is attempting a brute-force password attack on your web site.

Variables

The following variables can be set in your Apache configuration file:

BruteDatabase
The DBI database name, such as "DBI:mysql:brutelog"

BruteDataUser
The database username

BruteDataPassword
The database password

BruteMaxTries and BruteMaxTime
Allow this many failed attempts in this much time. After that, notification will be sent. Time is in seconds.

BruteNotify
Email address to which notifications will be sent

BruteForgive
Failed login attempts will be cleaned up after they are this old. Units are seconds.

Database

     CREATE TABLE bruteattempt (
      ID int(11) NOT NULL auto_increment,
      ts int(11) default NULL,
      username varchar(255) default NULL,
      PRIMARY KEY  (ID)
     ) TYPE=MyISAM;

     CREATE TABLE brutenotified (
      ID int(11) NOT NULL auto_increment,
      username varchar(255) default NULL,
      ts int(11) default NULL,
      PRIMARY KEY  (ID)
     ) TYPE=MyISAM;

AUTHOR

            Rich Bowen
            rbowen@rcbowen.com
            http://www.cre8tivegroup.com

DATE

$Date: 2003/08/04 23:31:53 $