Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
programming:python:dictdefence [2008/08/11 23:47] – crustymonkey | programming:python:dictdefence [2008/12/02 18:25] – crustymonkey |
---|
| |
===== What is it? ===== | ===== What is it? ===== |
**DictDefence** is program written in Python to stop dictionary attacks of all sorts. It is based on the idea behind the [[http://mr.uue.org/projects/skds/|Script Kiddie Defence Script]], but is a much larger, more extensible project. The basic idea behind **DictDefence** is the automated blocking of [[wp>Script Kiddies]] that run dictionary based attacks on your servers. For all you systems administrators out there, I'm sure you all have seen the lines in your logs where it is a long listing of some IP trying to log in with a ton of different usernames. That is where **DictDefence** steps in. It monitors logfiles or, even better, a FIFO and logs invalid accesses based upon Perl Compatible Regular Expressions (PCREs). Once an IP goes over your defined threshold, that IP is banned using one of (currently) 3 different means, instantly stopping the dictionary attack. This is designed to work on *nix systems only. If someone wants to rewrite it to work on Winblows as well, feel free. | **DictDefence** is program written in Python to stop dictionary attacks of all sorts. It is based on the idea behind the [[http://mr.uue.org/projects/skds/|Script Kiddie Defence Script]], but is a much larger, more extensible project. The basic idea behind **DictDefence** is the automated blocking of [[wp>Script Kiddies]] that run dictionary based attacks on your servers. For all you systems administrators out there, I'm sure you all have seen the lines in your logs where it is a long listing of some IP trying to log in with a ton of different usernames. That is where **DictDefence** steps in. It monitors logfiles or, even better, a FIFO and logs invalid accesses based upon Perl Compatible Regular Expressions (PCREs). Once an IP goes over your defined threshold, that IP is banned using one of (currently) 5 different means, instantly stopping the dictionary attack. This is designed to work on *nix systems only. If someone wants to rewrite it to work on Winblows as well, feel free. |
| |
| |
If you like what you've heard so far and you want to try it out, go ahead and download it: | If you like what you've heard so far and you want to try it out, go ahead and download it: |
| |
[[https://sourceforge.net/projects/dictdefence|Head on over to the Sourceforge project page to download]] | [[https://sourceforge.net/projects/dictdefence|Head on over to the Sourceforge project page to download the latest release]] |
| |
| You can also grab the latest revisions from Subversion:\\ |
| * Trunk: [[https://svn.splitstreams.com:444/dictdefence/trunk]] |
| * Branches: [[https://svn.splitstreams.com:444/dictdefence/branches]] |
| |
| |
===== Changelog ===== | ===== Changelog ===== |
| |
| |
| ==== Version 0.5.3 ==== |
| * Fixed an issue where multiple emails and database entries could occur on a permanent ban |
| * Fixed an error in the MySQL db schema for perm bans |
| |
| ==== Version 0.5.2 ==== |
| * Fixed a bug with the handling of bad IPs |
| |
==== Version 0.5.1 ==== | ==== Version 0.5.1 ==== |