nicht angemeldet
Apache Konfiguration
Als ich kürzlich die access.log meines Apache 2.x durchstöberte, traute ich meinen Augen kaum. Da hat doch so ein Möchtegernhacker über geschlagene zwei Stunden mit ca. 1500 Versuchen sich versucht Zugriff auf einen, mittels .htaccess geschützten Bereich meines Webservers zu verschaffen. Auszug aus dem Log:
218.148.114.154 - - [16/Oct/2004:06:24:11 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - guest [16/Oct/2004:06:24:11 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:24:12 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - guest [16/Oct/2004:06:24:12 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:24:13 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - guest [16/Oct/2004:06:24:13 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:24:36 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:24:36 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:24:39 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:24:39 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:24:43 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:24:44 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:24:44 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:24:45 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:25:25 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:25:25 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:25:48 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:25:48 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:25:50 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:25:50 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:25:52 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:25:52 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:25:54 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:25:54 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:25:55 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:25:55 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:25:56 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:25:57 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:26:35 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:26:35 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:27:25 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:27:26 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:28:09 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:28:09 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:29:00 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:29:00 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:29:27 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:29:27 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:29:54 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:29:55 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:30:45 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:30:45 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:31:31 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:31:32 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:32:22 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:32:22 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:33:07 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:33:07 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:33:56 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:33:57 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:34:43 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:34:43 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:35:53 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - root [16/Oct/2004:06:35:54 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:36:16 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:36:16 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:36:39 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:36:39 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:37:28 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:37:28 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:40:18 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:40:18 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:40:47 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:40:47 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:40:48 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:40:49 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:40:50 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:40:50 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:41:29 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:41:29 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:42:11 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:42:12 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:43:02 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:43:03 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:43:30 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:43:30 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:43:57 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:43:57 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:44:28 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:44:29 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - - [16/Oct/2004:06:44:53 +0200] "OPTIONS / HTTP/1.1" 401 546
218.148.114.154 - sql [16/Oct/2004:06:44:54 +0200] "OPTIONS /
Nun meine Frage:
Kann man den Apache so konfigurieren, dass er eine solche Dumpfbacke nach z.B. drei fruchtlosen Versuchen für eine bestimmte Zeit sperrt? Und warum wird eigentlich nur der Benutzer und nicht das Passwort mitgelogt? Gibt es da evtl. auch eine Möglichkeit. Würde mich interessieren welche Passwörter er alle durchprobiert hat. Besten Dank.
Gruss Ralph
-
Also, hallo erstmal
http://de.selfhtml.org/diverses/htaccess.htm hier müsste etwas zu finden sein.
Sonst google einfach mal:
http://www.google.de/search?hl=de&q=.htaccess&btnG=Suche&meta=lr%3Dlang_deViel Glück