Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: IP automatic ban on auth_basic fail |
|
Author |
|
EIKA
Joined: 22 Jan 2019 Posts: 43 Location: US
|
Posted: Tue 31 Mar '20 21:38 Post subject: IP automatic ban on auth_basic fail |
|
|
Hi all!
I am using Apache under Windows Server 2008 and want to ban clients who like login/password bruteforce. In Linux world I would choose Fail2Ban. But it's crazy to use it under Windows, because it's monstrosity and clumsy solution.
I just need some tool that looks in error.log and watching for repeated auth_basic:error events. And bans client's IP address. Or just creates list of such IP addresses (and I work with them manually later).
I have full error log of events like this. Client IP address is often changes:
Code: | [Thu Mar 26 03:27:56.659654 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:43543] AH01618: user root not found
[Thu Mar 26 03:27:58.915783 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:34251] AH01618: user root not found
[Thu Mar 26 03:27:59.027790 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:40485] AH01618: user root not found
[Thu Mar 26 03:28:01.185913 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:49845] AH01618: user root not found
[Thu Mar 26 03:28:01.338922 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:58863] AH01618: user root not found
[Thu Mar 26 03:28:03.375038 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:49873] AH01618: user admin not found
[Thu Mar 26 03:28:03.489045 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:60893] AH01618: user admin not found
[Thu Mar 26 03:28:05.644168 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:42773] AH01618: user admin not found
[Thu Mar 26 03:28:05.756174 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:50411] AH01618: user admin not found
[Thu Mar 26 03:28:08.041305 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:56497] AH01618: user admin not found
[Thu Mar 26 03:28:08.109309 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:32835] AH01618: user admin not found
[Thu Mar 26 03:28:08.241317 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:34671] AH01618: user admin not found |
I don't have any standard scripting language support on machine, like PHP, Perl or Python. In this case I would like to get any exe/bat/powershell/VBS solution.
There is IPBan tool ( https://ipban.com ), but it's a bit complex. It interacts with the OS, checks Windows logs, installs NT service, etc. Looks like overkill for my simple task.
Any other ideas please? |
|
Back to top |
|
Brian Gimbli
Joined: 11 Mar 2020 Posts: 4 Location: Houston
|
Posted: Mon 06 Apr '20 22:29 Post subject: |
|
|
Hi! May you use RdpGuard? |
|
Back to top |
|
EIKA
Joined: 22 Jan 2019 Posts: 43 Location: US
|
Posted: Mon 06 Apr '20 22:39 Post subject: |
|
|
RDPGuard doesn't support Apache. |
|
Back to top |
|
|
|
|
|
|