I'm happy to report success using fail2ban: http://www.fail2ban.org/wiki/index.php/Main_Page. This is a series of Python scripts that monitor your log files and can update your firewall on the fly. Now the script kiddies get one chance to rattle my Apache doors. Maybe others get log files like mine also? > rps7436.ovh.net - - [16/Jun/2009:14:40:33 -0800] "GET HTTP/1.1 > HTTP/1.1" 400 303 "-" "Toata dragostea mea pentru diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:33 -0800] "GET > /roundcube//bin/msgimport HTTP/1.1" 404 299 "-" "Toata dragostea mea > pentru diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:34 -0800] "GET > /rc//bin/msgimport HTTP/1.1" 404 292 "-" "Toata dragostea mea pentru > diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:34 -0800] "GET > /mss2//bin/msgimport HTTP/1.1" 404 294 "-" "Toata dragostea mea pentru > diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:35 -0800] "GET > /mail//bin/msgimport HTTP/1.1" 404 294 "-" "Toata dragostea mea pentru > diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:35 -0800] "GET > /mail2//bin/msgimport HTTP/1.1" 404 295 "-" "Toata dragostea mea > pentru diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:35 -0800] "GET > /roundcubemail//bin/msgimport HTTP/1.1" 404 303 "-" "Toata dragostea > mea pentru diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:36 -0800] "GET > /rms//bin/msgimport HTTP/1.1" 404 293 "-" "Toata dragostea mea pentru > diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:36 -0800] "GET > /webmail2//bin/msgimport HTTP/1.1" 404 298 "-" "Toata dragostea mea > pentru diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:37 -0800] "GET > /webmail//bin/msgimport HTTP/1.1" 404 297 "-" "Toata dragostea mea > pentru diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:37 -0800] "GET > /wm//bin/msgimport HTTP/1.1" 404 292 "-" "Toata dragostea mea pentru > diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:37 -0800] "GET /bin/msgimport > HTTP/1.1" 404 288 "-" "Toata dragostea mea pentru diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:38 -0800] "GET > /roundcubemail-0.1//bin/msgimport HTTP/1.1" 404 307 "-" "Toata > dragostea mea pentru diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:38 -0800] "GET > /roundcubemail-0.2//bin/msgimport HTTP/1.1" 404 307 "-" "Toata > dragostea mea pentru diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:39 -0800] "GET > /roundcube-0.1//bin/msgimport HTTP/1.1" 404 303 "-" "Toata dragostea > mea pentru diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:39 -0800] "GET > /roundcube-0.2//bin/msgimport HTTP/1.1" 404 303 "-" "Toata dragostea > mea pentru diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:39 -0800] "GET > /round//bin/msgimport HTTP/1.1" 404 295 "-" "Toata dragostea mea > pentru diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:40 -0800] "GET > /cube//bin/msgimport HTTP/1.1" 404 294 "-" "Toata dragostea mea pentru > diavola" > rps7436.ovh.net - - [16/Jun/2009:14:40:40 -0800] "GET HTTP/1.1" 400 > 309 "-" "-" Why should they get a second chance when they are up to no good? Fail2ban is highly customizable and can be used for website, email, signon, or other logs. Likewise the actions can be customized also: ban IP temporarily or permanently by changing iptables or shorewall, update hosts.deny, send an email or alert, etc. This has also helped to cut down on spam by setting up some rules for my maillog. -- Browns Homepage - newest pics: 17 Oct 2009 - http://jdb.homelinux.net -- Registered Linux User No: 187845 http://counter.li.org/ ------------------------------------ The Juneau Linux Users Group -- http://www.juneau-lug.org This is the Juneau-LUG mailing list. To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the word unsubscribe in the subject header.