|
Nice, simple drop in solution. Me like!
However, it still can bring a server to it's knees (I've seen 500 requests/sec "DDoS" brute force attacks on our clients before).
A solution you might want to think about (whether linux or BSD) is to parse logfiles for an undue number of invalids from a given IP. Say 10. Then firewall off that IP using iptables/whatever to stop the requests from hitting apache at all.
The biggest problem there is to not process logfiles through your script when there is no attack going on (eats uneeded cycles)... Since this is a solution we give to all our customers that buy it from us I'll leave how you determine when to process a logfile as an excersize to the reader. Just think KISS.
It works EXTREMELY well. Rarely ever do we get any "false positive" logfiles being parsed for invalid logins, yet we take no more than 5-10 minutes of brute force before it's essentially shut 100% down with no further effect on the webserver. Most of the time we don't even notice other than the automated e-mail telling us so.
peace,
-Phil
|