Apache module to prevent brute force password attacks.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • yelistratov
    Registered User
    • Feb 2003
    • 1

    #1

    Apache module to prevent brute force password attacks.

    Hello !

    I have written a small mod_perl Apache module to prevent
    password brute force attacks to member areas.
    If someone find it actual - get it from
    http://sundale.net/download/AuthChecker.tar.gz

    Andre.

    PS It is free ;)
    PPS Feedback is appreciated.
  • Mr Cheeks
    Confirmed User
    • Apr 2002
    • 901

    #2
    Originally posted by yelistratov
    Hello !

    I have written a small mod_perl Apache module to prevent
    password brute force attacks to member areas.
    If someone find it actual - get it from
    http://sundale.net/download/AuthChecker.tar.gz

    Andre.

    PS It is free ;)
    PPS Feedback is appreciated.
    your nick sounds russian? are you one of them?..

    Comment

    • SinEmpire
      Confirmed User
      • Nov 2001
      • 9813

      #3
      I bet it's a virus.
      President at MojoHost | brad at mojohost dot com | Skype MojoHostBrad
      71 industry awards for hosting and professional excellence since 1999

      Comment

      • AdultNex
        Confirmed User
        • Feb 2003
        • 8985

        #4
        Originally posted by alchemist


        your nick sounds russian? are you one of them?..
        Yes, he's Russian. Check his website (www.sundale.net) - About me.

        Comment

        • ServerGenius
          Confirmed User
          • Feb 2002
          • 9377

          #5
          In the same about me page this:

          April 2002 - present time
          Cologroup Incorporated
          P.O. Box 27103
          Las Vegas, NV 89126
          US
          Web hosting. Remote system programmer, administrator.
          Currently infrastructure of about 100 physical servers is supported
          and mantained. Numerous tasks of system administration and
          internal software development.


          DynaMite
          | http://www.sinnerscash.com/ | ICQ: 370820 | Skype: SinnersCash | AdultWhosWho |

          Comment

          • ServerGenius
            Confirmed User
            • Feb 2002
            • 9377

            #6
            Originally posted by SinEmpire
            I bet it's a virus.
            It´s not, it does exactly what he claims it does

            DynaMite
            | http://www.sinnerscash.com/ | ICQ: 370820 | Skype: SinnersCash | AdultWhosWho |

            Comment

            • strainer
              Confirmed User
              • Oct 2002
              • 418

              #7
              Originally posted by SinEmpire
              I bet it's a virus.
              Sheesh you ought to think a little before demonstrating diarrhea of the mouth.

              The guy write a potentially little useful pearl script, puts it under the GNU public license, and puts it on his website, looking for work.

              Anybody installing this pearl script is surely going to have a look at it, and FYI, it?s pretty unusual to have a virus in a 100 line pearl script.

              Comment

              • PostWhore
                Confirmed User
                • Jan 2003
                • 4720

                #8
                Damn Russians
                Ask me how to monetize with adult traffic!

                Comment

                • NetRodent
                  Confirmed User
                  • Jan 2002
                  • 3985

                  #9
                  What's a pearl script?

                  You can do some pretty nifty stuff with PERL, such as the following:
                  <pre>
                  #!/usr/bin/perl -w
                  use strict;
                  $_='ev
                  al("seek\040D
                  ATA,0, 0;");foreach(1..2)
                  {<DATA>;}my @camel1hump;my$camel;
                  my$Camel ;while( <DATA>){$_=sprintf("%-6
                  9s",$_);my@dromedary 1=split(//);if(defined($
                  _=<DATA>)){@camel1hum p=split(//);}while(@dromeda
                  ry1){my$camel1hump=0 ;my$CAMEL=3;if(defined($_=shif
                  t(@dromedary1 ))&&/\S/){$camel1hump+=1<<$CAMEL;}
                  $CAMEL--;if(d efined($_=shift(@dromedary1))&&/\S/){
                  $camel1hump+=1 <<$CAMEL;}$CAMEL--;if(defined($_=shift(
                  @camel1hump))&&/\S/){$camel1hump+=1<<$CAMEL;}$CAMEL--;if(
                  defined($_=shift(@camel1hump))&&/\S/){$camel1hump+=1<<$CAME
                  L;;}$camel.=(split(//,"\040..m`{/J\047\134}L^7FX"))[$camel1h
                  ump];}$camel.="\n";}@camel1hump=split(/\n/,$camel);foreach(@
                  camel1hump){chomp;$Camel=$_;tr/LJF7\173\175`\047/\061\062\063
                  45678/;tr/12345678/JL7F\175\173\047`/;$_=reverse;print"$_\040
                  $Camel\n";}foreach(@camel1hump){chomp;$Camel=$_;y/LJF7\173\17
                  5`\047/12345678/;tr/12345678/JL7F\175\173\047`/;$_=reverse;p
                  rint"\040$_$Camel\n";}#japh-Erudil';;s;\s*;;g;;eval; eval
                  ("seek\040DATA,0,0;");undef$/;$_=<DATA>;s$\s*$$g;( );;s
                  ;^.*_;;;map{eval"print\"$_\"";}/.{4}/g; __DATA__ \124
                  \1 50\145\040\165\163\145\040\157\1 46\040\1 41\0
                  40\143\141 \155\145\1 54\040\1 51\155\ 141
                  \147\145\0 40\151\156 \040\141 \163\16 3\
                  157\143\ 151\141\16 4\151\1 57\156
                  \040\167 \151\164\1 50\040\ 120\1
                  45\162\ 154\040\15 1\163\ 040\14
                  1\040\1 64\162\1 41\144 \145\
                  155\14 1\162\ 153\04 0\157
                  \146\ 040\11 7\047\ 122\1
                  45\15 1\154\1 54\171 \040
                  \046\ 012\101\16 3\16
                  3\15 7\143\15 1\14
                  1\16 4\145\163 \054
                  \040 \111\156\14 3\056
                  \040\ 125\163\145\14 4\040\
                  167\1 51\164\1 50\0 40\160\
                  145\162 \155\151
                  \163\163 \151\1
                  57\156\056

                  # camel code, copyright 2000 by Stephen B. Jenkins
                  # The use of a camel image with the topic of Perl
                  # is a trademark of O'Reilly & Associates, Inc.
                  # Used with permission.
                  </pre>
                  "Every normal man must be tempted, at times, to spit on his hands, hoist the black flag, and begin slitting throats."
                  --H.L. Mencken

                  Comment

                  • rossiya2
                    Confirmed User
                    • Nov 2002
                    • 287

                    #10
                    Originally posted by yelistratov
                    Hello !

                    I have written a small mod_perl Apache module to prevent
                    password brute force attacks to member areas.
                    If someone find it actual - get it from
                    http://sundale.net/download/AuthChecker.tar.gz

                    Andre.

                    PS It is free ;)
                    PPS Feedback is appreciated.
                    Way to go Andre !
                    <a href="mailto:[email protected]">sales@cologroup. com</a> | 52027820 | <a href="http://www.cologroup.com">www.cologroup.com</a>

                    Comment

                    • DeviantZ
                      Registered User
                      • Nov 2002
                      • 6

                      #11
                      Looks sweet.

                      Any idea on how it handles mass traffic? and/or how it affects server load?

                      say 15,000 unique user logins a day/server?
                      10 Original & Unique Gay Fetish Sites - 1 Program
                      DeviantCash.com - Being Deviant Pays™

                      Comment

                      • hel0
                        Registered User
                        • Feb 2003
                        • 14

                        #12
                        Hi,

                        I don't think I'd run this code on any production machines, it doesn't look too robust. It looks like it'd be possible to use this module to take down a webserver. You shouldn't be using shared memory like that, shared memory is notoriously unstable and will cause segfaults if used repeatedly. The other problem is the locking, if you lock shared memory, and your apache process dies horribly, IPC::Shareable will not release your lock. So each incoming connection will hang, waiting for a lock that will never be released. Eventually, you will run out of apache children and your webserver will stop responding.

                        This also is flawed with regard to the low default limit. Traffic from the bigger ISPs (a la AOL) are all behind a proxy, so 3 mis-typed passwords from 3 different AOL users will result in a large part of the internet being blocked.

                        This is a cool idea, and it can certainly be fixed, but it's not ready for prime time yet.

                        Hel0

                        icq: 348407599

                        Comment

                        Working...