[ale] OT -- Apache Attacks

Jim Kinney jim.kinney at gmail.com
Wed Oct 10 12:09:41 EDT 2012


keep in mind that any program that looks in logs for known exploit patterns
has already failed. By the time the exploit appears in the logs, you're
compromised.

Best bet is to harden against the attacks by keeping public facing systems
totally patched and lock down all unused "stuff". Don't have a compiler on
a web server!

On Wed, Oct 10, 2012 at 9:28 AM, Chuck Payne <terrorpup at gmail.com> wrote:

> Guys,
>
> Thanks, but I have re-invented the wheel. I didn't like anything out
> there. I will keep doing my research. I had only asked because I was hoping
> to see what others have seen in their logs and improve my program. I will
> skimming Google.
>
> My program looks at current logs for patterns and creates iptables rules
> on them. This is working well, but as I stated I like to build my program
> dictionary up a bit. A lot program are good, but this one that I wrote have
> gives me a look at where  the attacks are from from and breaks it down by
> country.
>
> Example, this was just from yesterday
>
> 110.172.52.45   2012-10-09 15:42:27 (Unknown city), INDIA
> 69.94.125.45    2012-10-09 15:42:29 Sacramento, CA, UNITED STATES
> 112.114.63.139  2012-10-09 15:42:31 (Unknown City?), (Unknown Country?)
> 113.17.144.156 2012-10-09 15:42:33 Nanning, CHINA
> 150.214.150.39 2012-10-09 15:42:35 Sevilla, SPAIN
> 60.164.231.86 2012-10-09 15:42:37 (Unknown city), CHINA
> 85.182.191.230 2012-10-09 15:42:39 (Unknown city), GERMANY
> 96.53.46.230 2012-10-09 15:42:41 (Unknown City?), (Unknown Country?)
> 124.81.236.52 2012-10-09 16:30:04 Jakarta, INDONESIA
> 190.254.222.138 2012-10-09 17:30:03 (Unknown City?), (Unknown Country?)
> 119.97.246.18 2012-10-09 19:30:03 (Unknown City?), (Unknown Country?)
> 187.115.132.13 2012-10-09 20:45:03 (Unknown City?), (Unknown Country?)
> 200.189.233.122 2012-10-09 21:45:03 Curitiba, BRAZIL
>
>
> Top 10 Countries
> Country # of Attacks
> (Unknown Country?) 331
> CHINA 196
> UNITED STATES 126
> KOREA, REPUBLIC OF 31
> BRAZIL 26
> FRANCE 21
> GERMANY 21
> INDIA 20
> ITALY 20
> AUSTRALIA 18
>
> Thanks for the info. By the way, why reinvent the wheel because we all
> thought like that, we still be using wheels made of stone. It it better to
> try and fail, than to sit and listen to people not to try.  ( A monk told
> me that in College. )
>
> On Tue, Oct 9, 2012 at 9:16 PM, JD <jdp at algoloma.com> wrote:
>
>> Backtrack http://www.backtrack-linux.org/ and metaspoit
>> http://www.metasploit.com/ are what you want.
>>
>> On 10/09/2012 03:57 PM, Chuck Payne wrote:
>> > I am trying to build a dictionary of common attacks against apache so
>> that I can
>> > run a script against it and scrape out the ip.
>> >
>> >
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
>
>
> --
> Terror PUP a.k.a
> Chuck "PUP" Payne
>
> (678) 636-9678
> -----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- en.opensuse.org/User:Terrorpup
> openSUSE Ambassador/openSUSE Member
> Community Manager -- Southeast Linux Foundation (SELF)
> skype,twiiter,identica,friendfeed -- terrorpup
> freenode(irc) --terrorpup/lupinstein
> Register Linux Userid: 155363
>
> Have you tried SUSE Studio? Need to create a Live CD,  an app you want to
> package and distribute , or create your own linux distro. Give SUSE Studio
> a try. www.susestudio.com.
> See you at Southeast Linux Fest, June 8-10, 2012 in Charlotte, NC.
> www.southeastlinuxfest.org
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
-- 
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20121010/2cc2ed43/attachment.html 


More information about the Ale mailing list