@Karunyu,

So who is a Script Kiddie?

Me things it's wrong to call others that name is you cannot write the good scripts <LOL>

Anyway, I can suggest you use fail2ban - I haven't used it, but from what I've cursorily read, it's trivial to setup to look at your log and add the IPs to a firewall listing. I guess it uses some regexps crafted from values it can glean from a log file.
Again, I haven't read so much about it, but try it out.


On Mon, Jan 7, 2013 at 4:30 PM, Peter Karunyu <pkarunyu@gmail.com> wrote:
Good people, I seek enlightenment on the following issue:

I have a Linux server hosting a LAMP app which is accessed by a controlled group of users.

I am using an aggressive version of the 5G htaccess based application level firewall from http://perishablepress.com/5g-blacklist-2012/.

Every so often, I check the Apache error logs and there are these IP addresses attempting to access non-existent URLs on the server. I assume these are script kiddies, no?

So, I would like to write a script or something which will automatically block an IP address from accessing my server if the said IP address accesses more than 3 non-existent URLs on my server.

Can someone please point me in the right direction?

Example of URLs being accessed are:
3 [Sun Jan 06 08:02:11 2013] [error] [client 96.254.171.2] client denied by server configuration: /var/www/headers
4 [Sun Jan 06 11:53:23 2013] [error] [client 218.107.247.254] client denied by server configuration: /var/www/
5 [Sun Jan 06 22:37:31 2013] [error] [client 77.221.148.82] client denied by server configuration: /var/www/w00tw00t.at.blackhats.romanian.anti-sec:)
6 [Sun Jan 06 22:37:31 2013] [error] [client 77.221.148.82] client denied by server configuration: /var/www/phpMyAdmin
7 [Sun Jan 06 22:37:32 2013] [error] [client 77.221.148.82] client denied by server configuration: /var/www/phpmyadmin
8 [Sun Jan 06 22:37:32 2013] [error] [client 77.221.148.82] client denied by server configuration: /var/www/pma
9 [Sun Jan 06 22:37:32 2013] [error] [client 77.221.148.82] client denied by server configuration: /var/www/myadmin
10 [Sun Jan 06 22:37:32 2013] [error] [client 77.221.148.82] client denied by server configuration: /var/www/MyAdmin
11 [Mon Jan 07 07:47:44 2013] [error] [client 96.254.171.2] client denied by server configuration: /var/www/headers
12 [Mon Jan 07 08:37:14 2013] [error] [client 96.254.171.2] client denied by server configuration: /var/www/headers
26 [Thu Jan 03 21:30:13 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/install.txt
27 [Thu Jan 03 21:30:13 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/cart
28 [Thu Jan 03 21:30:13 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/zencart
29 [Thu Jan 03 21:30:13 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/zen-cart
30 [Thu Jan 03 21:30:14 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/zen
31 [Thu Jan 03 21:30:14 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/shop
32 [Thu Jan 03 21:30:14 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/butik
33 [Thu Jan 03 21:30:14 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/zcart
34 [Thu Jan 03 21:30:14 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/shop2
35 [Thu Jan 03 21:30:14 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/catalog
36 [Thu Jan 03 21:30:15 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/boutique
37 [Thu Jan 03 21:30:15 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/store
38 [Fri Jan 04 01:39:34 2013] [error] [client 69.61.23.106] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
39 [Fri Jan 04 01:39:34 2013] [error] [client 69.61.23.106] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
40 [Fri Jan 04 02:05:48 2013] [error] [client 96.254.171.2] client denied by server configuration: /var/www/headers
43 [Sat Jan 05 02:15:25 2013] [error] [client 62.193.243.32] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
44 [Sat Jan 05 02:15:25 2013] [error] [client 62.193.243.32] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
45 [Sat Jan 05 05:06:04 2013] [error] [client 96.254.171.2] client denied by server configuration: /var/www/headers
47 [Sun Jan 06 02:32:21 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/muieblackcat
48 [Sun Jan 06 02:32:22 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/index.php
49 [Sun Jan 06 02:32:22 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/admin
50 [Sun Jan 06 02:32:22 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/admin
51 [Sun Jan 06 02:32:22 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/admin
52 [Sun Jan 06 02:32:23 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/db
53 [Sun Jan 06 02:32:23 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/dbadmin
54 [Sun Jan 06 02:32:23 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/myadmin
55 [Sun Jan 06 02:32:23 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/mysql
56 [Sun Jan 06 02:32:24 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/mysqladmin
57 [Sun Jan 06 02:32:24 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/typo3
58 [Sun Jan 06 02:32:24 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/phpadmin
59 [Sun Jan 06 02:32:24 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/phpMyAdmin
60 [Sun Jan 06 02:32:25 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/phpmyadmin
61 [Sun Jan 06 02:32:25 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/phpmyadmin1
62 [Sun Jan 06 02:32:25 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/phpmyadmin2
63 [Sun Jan 06 02:32:25 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/pma


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.