User Tools

Site Tools


programming:python:dictdefence

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
programming:python:dictdefence [2008/03/07 21:23] crustymonkeyprogramming:python:dictdefence [2012/02/19 17:41] (current) jay
Line 1: Line 1:
 ====== DictDefence ====== ====== DictDefence ======
 +===== UPDATE =====
 +Sometime soonish, I will be doing a serious rewrite of this software.  Being that this was my first Python project beyond "toy" size, it's got some serious warts in it.  I'm probably going to keep the same basic code layout and reuse a lot of it, but the ''0.6'' release is going to have a new config file, and generally, a major overhaul.  It's time for house-cleaning.
  
 ===== What is it? ===== ===== What is it? =====
-**DictDefence** is program written in Python to stop dictionary attacks of all sorts.  It is based on the idea behind the [[http://mr.uue.org/projects/skds/|Script Kiddie Defence Script]], but is a much larger, more extensible project.  The basic idea behind **DictDefence** is the automated blocking of [[wp>Script Kiddies]] that run dictionary based attacks on your servers.  For all you systems administrators out there, I'm sure you all have seen the lines in your logs where it is a long listing of some IP trying to log in with a ton of different usernames.  That is where **DictDefence** steps in.  It monitors logfiles or, even better, a FIFO and logs invalid accesses based upon Perl Compatible Regular Expressions (PCREs).  Once an IP goes over your defined threshold, that IP is banned using one of (currently) different means, instantly stopping the dictionary attack.  This is designed to work on *nix systems only.  If someone wants to rewrite it to work on Winblows as well, feel free.+**DictDefence** is program written in Python to stop dictionary attacks of all sorts.  It is based on the idea behind the [[http://mr.uue.org/projects/skds/|Script Kiddie Defence Script]], but is a much larger, more extensible project.  The basic idea behind **DictDefence** is the automated blocking of [[wp>Script Kiddies]] that run dictionary based attacks on your servers.  For all you systems administrators out there, I'm sure you all have seen the lines in your logs where it is a long listing of some IP trying to log in with a ton of different usernames.  That is where **DictDefence** steps in.  It monitors logfiles or, even better, a FIFO and logs invalid accesses based upon Perl Compatible Regular Expressions (PCREs).  Once an IP goes over your defined threshold, that IP is banned using one of (currently) different means, instantly stopping the dictionary attack.  This is designed to work on *nix systems only.  If someone wants to rewrite it to work on Winblows as well, feel free.
  
  
Line 19: Line 21:
   * IPTables -- If you are running a Linux distribution, chances are you have this running and ready to go.   * IPTables -- If you are running a Linux distribution, chances are you have this running and ready to go.
   * Noban -- This option lets you take no action when an IP is banned.  It's basically a "dummy" ban.  This is useful if you turn on the notify option and just want to be alerted when there is a potential dictionary attack taking place.   * Noban -- This option lets you take no action when an IP is banned.  It's basically a "dummy" ban.  This is useful if you turn on the notify option and just want to be alerted when there is a potential dictionary attack taking place.
 +  * CustomBan -- This option lets you specify an external command line for the banning and unbanning of IPs
  
 === Readers === === Readers ===
Line 26: Line 29:
 If you like what you've heard so far and you want to try it out, go ahead and download it: If you like what you've heard so far and you want to try it out, go ahead and download it:
  
-[[https://sourceforge.net/projects/dictdefence|Head on over to the Sourceforge project page to download]]+[[https://sourceforge.net/projects/dictdefence|Head on over to the Sourceforge project page to download the latest release]] 
 + 
 +You can also grab the latest revisions from Subversion:\\ 
 +  * Trunk: [[https://svn.splitstreams.com:444/dictdefence/trunk]] 
 +  * Branches: [[https://svn.splitstreams.com:444/dictdefence/branches]] 
  
 ===== Changelog ===== ===== Changelog =====
  
  
 +==== Version 0.5.3 ====
 +  * Fixed an issue where multiple emails and database entries could occur on a permanent ban
 +  * Fixed an error in the MySQL db schema for perm bans
 +
 +==== Version 0.5.2 ====
 +  * Fixed a bug with the handling of bad IPs
 +
 +==== Version 0.5.1 ====
 +  * Fixed a bug where a permanent ban would not correctly ban the ip
 +
 +==== Version 0.5 ====
 +  * Improved config processing in handling of values
 +  * Added a "customban" option to allow for user defined ban and unban commands
 +  * Added stop methods to the threads and set all threads to daemon
 +  * Added another failure regex to the default dictdefence.regex file
 +  * Changed the names of the default config files to be *.default
 +
 +==== Version 0.4.2 ====
 +  * Added bi-directional traffic blocking in pf
  
 +==== Version 0.4.1 ====
 +  * Lowered the timeout period of queue get in the DB class.  This affected CPU usage greatly
  
 ==== Version 0.4 ==== ==== Version 0.4 ====
Line 137: Line 166:
 <code>dictdefence_enable="YES"</code> <code>dictdefence_enable="YES"</code>
 And the following script, named''dictdefence'', in ''/usr/local/etc/rc.d/'' and ''chmod 555 dictdefence'' in that directory: And the following script, named''dictdefence'', in ''/usr/local/etc/rc.d/'' and ''chmod 555 dictdefence'' in that directory:
-<code bash>+<code sh>
 #!/bin/sh #!/bin/sh
  
Line 232: Line 261:
  
 ===== Bug Tracking ===== ===== Bug Tracking =====
-Bug tracking is up and running at [[https://mantis.splitstreams.com]].  Head over there to register any bugs.+Bug tracking is up and running at [[https://bugzilla.splitstreams.com]].  Head over there to register any bugs.
  
 ===== License ===== ===== License =====
-This work is protected by the GPL version 3.  Copyright 2007 Jason Deiman.+This work is protected by the GPL version 3.  Copyright 2007-2008 Jason Deiman.
  
 A copy of the license is included in the distribution. A copy of the license is included in the distribution.
  
 ~~DISCUSSION~~ ~~DISCUSSION~~
programming/python/dictdefence.1204925035.txt.gz · Last modified: 2008/03/07 21:23 by crustymonkey