You received this message because you are subscribed to the Google Groups "OWASP PROJECT IDEAS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-project-i...@owasp.org.
To post to this group, send email to owasp-pro...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/owasp-project-ideas/526474be-b05b-4904-bbe3-9067ac4866a6%40owasp.org.
Er, sounds like logwatch to me. . .
OWASP-Leaders mailing list
OWASP-Leaders mailing list
I really dislike anyone discouraging others from pushing their project due to something like LoC. Every project started somewhere.
This is cool and a great idea, I've also in the past been very
interested in analyzing apache and nginx logs and detecting weird
behavior in the log. I've found weird stuff and found out about weird
new exploits by googling things I found in web server logs.
I am one of the people who reviews documentation
for OWASP these days and I am going to give you some feedback/criticism,
please don't take it as discouragement. I'd like to wish you
the best for your infosec career/hobby.
What kind of output does it give of your logs?
"Basic idea is a Loganalyzer working on Apache logs and blocking badguys
Define: "bad guys". (People trying to do what?) I take it you are trying
to block people using sqlmap for example, maybe think of expanding your
definition of "bad guys" to people trying to run tools like slowloris
and pyloris etc. (I'm not sure what the "in tool" for that is at the
Blocking badguys via iptables? I havn't had time to read the code, but
this is something you can put on your github page in the README,
how does it block them in iptables? Could you give an example of an
iptables rule generated by this script?
By header I think you are referring to useragent? What stops me from
spoofing the user agent?
curl --user-agent "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101
(You could do the equivalent with wget (which is one of the user agents
that you block, I just didn't have time to look up wget syntax now.)
Also remember besides wget and curl you should also block fetch,links etc.
Have you thought of blocking people from tor? You could block people
using a blacklist of exit node IP's and
block traffic by IP.
No offense, but this is literally a python script of 86 lines, I don't
think this is
worthy of becoming a OWASP project. Also this is restricted to iptables
which is limited only
to the Linux platform. There are many other operating systems and
firewalls, in the BSD world
for example there is: IPF,IPFW and PF.
How much have you tested this? Is this useful for other people.
What kind of license is this:
Perhaps just state the name of the type of license, for example is it
GPL,GNU or BSD license?
Also have a look at different Linux distro's, but apache2 is called
httpd on some Linux distro's. And I might be wrong but besides
access.log you also want to look at error.log.
I think on RHEL based Linux distro's the log file is:
On 10/02/2014 09:29 PM, johanna curiel curiel wrote:
> Basic idea is a Loganalyzer working on Apache logs and blocking badguys
> via iptables.
Owasp-community mailing list
You received this message because you are subscribed to a topic in the Google Groups "OWASP PROJECT IDEAS" group.
To unsubscribe from this topic, visit https://groups.google.com/a/owasp.org/d/topic/owasp-project-ideas/7o6SY5HABpw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to owasp-project-i...@owasp.org.