logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.



Post new topic   Forum Index -> Webmaster Tools & Utilities View previous topic :: View next topic
Reply to topic   Topic: IP automatic ban on auth_basic fail
Author
EIKA



Joined: 22 Jan 2019
Posts: 19
Location: Russia

PostPosted: Tue 31 Mar '20 21:38    Post subject: IP automatic ban on auth_basic fail Reply with quote

Hi all!

I am using Apache under Windows Server 2008 and want to ban clients who like login/password bruteforce. In Linux world I would choose Fail2Ban. But it's crazy to use it under Windows, because it's monstrosity and clumsy solution.

I just need some tool that looks in error.log and watching for repeated auth_basic:error events. And bans client's IP address. Or just creates list of such IP addresses (and I work with them manually later).

I have full error log of events like this. Client IP address is often changes:
Code:
[Thu Mar 26 03:27:56.659654 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:43543] AH01618: user root not found
[Thu Mar 26 03:27:58.915783 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:34251] AH01618: user root not found
[Thu Mar 26 03:27:59.027790 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:40485] AH01618: user root not found
[Thu Mar 26 03:28:01.185913 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:49845] AH01618: user root not found
[Thu Mar 26 03:28:01.338922 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:58863] AH01618: user root not found
[Thu Mar 26 03:28:03.375038 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:49873] AH01618: user admin not found
[Thu Mar 26 03:28:03.489045 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:60893] AH01618: user admin not found
[Thu Mar 26 03:28:05.644168 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:42773] AH01618: user admin not found
[Thu Mar 26 03:28:05.756174 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:50411] AH01618: user admin not found
[Thu Mar 26 03:28:08.041305 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:56497] AH01618: user admin not found
[Thu Mar 26 03:28:08.109309 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:32835] AH01618: user admin not found
[Thu Mar 26 03:28:08.241317 2020] [auth_basic:error] [pid 1916:tid 840] [client 176.14.158.176:34671] AH01618: user admin not found

I don't have any standard scripting language support on machine, like PHP, Perl or Python. In this case I would like to get any exe/bat/powershell/VBS solution.

There is IPBan tool ( https://ipban.com ), but it's a bit complex. It interacts with the OS, checks Windows logs, installs NT service, etc. Looks like overkill for my simple task.

Any other ideas please?
Back to top
Brian Gimbli



Joined: 11 Mar 2020
Posts: 4
Location: Houston

PostPosted: Mon 06 Apr '20 22:29    Post subject: Reply with quote

Hi! May you use RdpGuard?
Back to top
EIKA



Joined: 22 Jan 2019
Posts: 19
Location: Russia

PostPosted: Mon 06 Apr '20 22:39    Post subject: Reply with quote

RDPGuard doesn't support Apache.
Back to top


Reply to topic   Topic: IP automatic ban on auth_basic fail View previous topic :: View next topic
Post new topic   Forum Index -> Webmaster Tools & Utilities