[ale] OT -- Apache Attacks
Chuck Payne
terrorpup at gmail.com
Wed Oct 10 09:28:08 EDT 2012
Guys,
Thanks, but I have re-invented the wheel. I didn't like anything out there.
I will keep doing my research. I had only asked because I was hoping to see
what others have seen in their logs and improve my program. I will skimming
Google.
My program looks at current logs for patterns and creates iptables rules on
them. This is working well, but as I stated I like to build my program
dictionary up a bit. A lot program are good, but this one that I wrote have
gives me a look at where the attacks are from from and breaks it down by
country.
Example, this was just from yesterday
110.172.52.45 2012-10-09 15:42:27 (Unknown city), INDIA
69.94.125.45 2012-10-09 15:42:29 Sacramento, CA, UNITED STATES
112.114.63.139 2012-10-09 15:42:31 (Unknown City?), (Unknown Country?)
113.17.144.156 2012-10-09 15:42:33 Nanning, CHINA
150.214.150.39 2012-10-09 15:42:35 Sevilla, SPAIN
60.164.231.86 2012-10-09 15:42:37 (Unknown city), CHINA
85.182.191.230 2012-10-09 15:42:39 (Unknown city), GERMANY
96.53.46.230 2012-10-09 15:42:41 (Unknown City?), (Unknown Country?)
124.81.236.52 2012-10-09 16:30:04 Jakarta, INDONESIA
190.254.222.138 2012-10-09 17:30:03 (Unknown City?), (Unknown Country?)
119.97.246.18 2012-10-09 19:30:03 (Unknown City?), (Unknown Country?)
187.115.132.13 2012-10-09 20:45:03 (Unknown City?), (Unknown Country?)
200.189.233.122 2012-10-09 21:45:03 Curitiba, BRAZIL
Top 10 Countries
Country # of Attacks
(Unknown Country?) 331
CHINA 196
UNITED STATES 126
KOREA, REPUBLIC OF 31
BRAZIL 26
FRANCE 21
GERMANY 21
INDIA 20
ITALY 20
AUSTRALIA 18
Thanks for the info. By the way, why reinvent the wheel because we all
thought like that, we still be using wheels made of stone. It it better to
try and fail, than to sit and listen to people not to try. ( A monk told
me that in College. )
On Tue, Oct 9, 2012 at 9:16 PM, JD <jdp at algoloma.com> wrote:
> Backtrack http://www.backtrack-linux.org/ and metaspoit
> http://www.metasploit.com/ are what you want.
>
> On 10/09/2012 03:57 PM, Chuck Payne wrote:
> > I am trying to build a dictionary of common attacks against apache so
> that I can
> > run a script against it and scrape out the ip.
> >
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
Terror PUP a.k.a
Chuck "PUP" Payne
(678) 636-9678
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- en.opensuse.org/User:Terrorpup
openSUSE Ambassador/openSUSE Member
Community Manager -- Southeast Linux Foundation (SELF)
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363
Have you tried SUSE Studio? Need to create a Live CD, an app you want to
package and distribute , or create your own linux distro. Give SUSE Studio
a try. www.susestudio.com.
See you at Southeast Linux Fest, June 8-10, 2012 in Charlotte, NC.
www.southeastlinuxfest.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20121010/70c23822/attachment.html
More information about the Ale
mailing list