[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: reviewing httpd access log

To: marius <anarcap@gmail.com>
Subject: Re: reviewing httpd access log
From: Gerardo Santana Gómez Garrido <santana@tuxtla.openbsd.org.mx>
Date: Sun, 1 Aug 2004 13:13:10 -0500
Cc: J Moore <jaymo@cullmail.com>, misc@openbsd.org
Content-Disposition: inline
References: <20040801174234.GA76@kingcull.cullmail.com> <22318ee504080110473149b27a@mail.gmail.com>
User-Agent: Mutt/1.4.2i

On (01/08/2004 13:47), marius wrote:
> On Sun, 1 Aug 2004 12:42:34 -0500, J Moore <jaymo@cullmail.com> wrote:
> > Reviewing my /var/www/logs/access_log file it seems there are a lot of
> > "bogus" entries; i.e. people trying various hacks, looking for
> > weaknesses, testing for win32, etc, etc.
> > 
> > Is there a good technique for automatically identifying these
> > trouble-makers? I'd like to be able to build a "deny" table for pf to
> > halt repeat offendors, but I can't afford the time to review the logs
> > "manually".
> > 
> > Thanks,
> > Jay
> > 
> > 
> 
> Check out Snort... http://www.snort.org/

And snort2pf: http://directory.fsf.org/security/firewall/snort2pf.html

-- 
Gerardo Santana Gómez Garrido
http://www.openbsd.org.mx/~santana/
"Between people, as among nations, respect of each other's rights insures
the peace." -Don Benito Juárez

References:
- reviewing httpd access log
  - From: J Moore <jaymo@cullmail.com>
- Re: reviewing httpd access log
  - From: marius <anarcap@gmail.com>

Prev by Date: Re: Patch Installation
Next by Date: Re: reviewing httpd access log
Prev by thread: Re: reviewing httpd access log
Next by thread: Re: reviewing httpd access log
Index(es):
- Date
- Thread