Shovel
11-18-1999, 10:07 PM
Good Day folks,
All you people who get the indispensible Sex Swap news letter have read this but for those who haven't I'll paste it here. Its a long post, but you don't have to read it so no apologies ;-) The best advice to avoid getting your password cracked is to use a long one (8 characters at least) mixing upper and lowercase letters with numbers (how about a friend's street address?)
Anyway, heres the hurler blocking script...
401 NEUTRALIZER - PASSWORD HURLER BLOCKER by Drew Star http://www.superscripts.com/scripts/401.html
Drew Star from SuperScripts wrote me this week letting me know about his hurler blocker. I did not realize that a 401 error is cause by an improper password. Drew wrote: Websites can stop these lame hacking tools with a 1K script we wrote that runs by crontab parsing for 401 (authorization failed) errors. Then you can completely block these losers from your network in 5 seconds. We developed this script simply because we wanted to be the first with the script and the first to develop countermeasures.
I then wrote the Power=Programmer again with some question and he very kindly offered his 401 script free to all members! I just want to say thanks to Drew for being so kind and if you are looking for some of the hottest scripts in the porn industry, check out http://www.superscripts.com/
The membership price is worth it. The scripts are great
Here are some additional thoughts Drew had on password hurlers: this shows how simple it is to block hurlers. The best thing to do is use password software that doesn't issue passwords 2 letters long or allow matching user/pass, etc. In other words - prevention is the best cure.
I have talked to Karl of Gamma and others, and most of the big sites now filter for the double USER / PASSWORD match. This is great prevention. Without further delay, I present you Drew's script
NOTE: NO SUPPORT - NO SUPPORT - NO SUPPORT
this is a free script and it comes with no tech support. Do not ask superscripts for helps on a free script. Ask your webhost or pay a programmer to install it for you if you do not have the knowledge necessary to install it yourself.
3 FILES
--------
401.cgi
htaccess
blocked
contents of file 401.cgi
#!/usr/bin/perl
################################################## ##################################################
# 401 IP SCRUBBERVersion 1.0
# Copyright 1999 Telecore Media International, Inc.webmaster@superscripts.com
# Created 5/15/99 Last Modified 5/15/99
################################################## ##################################################
# COPYRIGHT NOTICE
# Copyright 1999 Telecore Media International, Inc. - All Rights Reserved.
# http://www.superscripts.com
# Selling the code for this program without prior written consent is
# expressly forbidden.
# Obtain written permission before redistributing this software over the Internet or
# in any other medium. In all cases copyright and header must remain intact.
#
# My name is drew star... and i am funky... http://www.drewstar.com/
#
################################################## ################################################## #
$logfile = "/path/to/your/access_logs";
$blockfile = "/path/to/blocked";
$htaccess = "/path/to/.htaccess";
$threshold = 3;
################################################## ##################################################
open (LOGFILE, "$logfile");
@logfiles=<LOGFILE>;
close LOGFILE;
foreach $logfiles (@logfiles) {
(@dimensions) = split(/ /,$logfiles);
$locatefield = @dimensions;
$pointer= $locatefield-2;
$errorcode = $dimensions[$pointer];
$attacker= $dimensions[0];
if ($errorcode eq "401"){
$usersessions{$attacker}++;
if ($usersessions{$attacker} > $threshold){
&blockattacker unless ($blockattacker{$attacker});
next;
}
}
}
sub blockattacker {
$blockattacker{$attacker} = $attacker;
print "ALERT! $usersessions{$attacker} attacks from $attacker\n";
open (BLOCKFILE, "$blockfile");
@banned=<BLOCKFILE>;
close BLOCKFILE;
open (BLOCKFILE, ">$blockfile");
foreach $banned(@banned) {
chomp $banned;
print BLOCKFILE "$banned\n" unless ($banned eq $attacker);
}
print BLOCKFILE "$attacker\n";
close BLOCKFILE;
open (HTACCESS, ">$htaccess");
print HTACCESS "AuthUserFile $passwordfile\n";
print HTACCESS "AuthGroupFile /dev/null\n";
print HTACCESS "AuthName PROTECTED\n";
print HTACCESS "<Limit GET>\n";
print HTACCESS "order allow,deny\n";
print HTACCESS "allow from all\n";
foreach $banned(@banned) {
chomp $banned;
print HTACCESS "deny from $banned\n" unless ($banned eq $attacker);
}
print HTACCESS "deny from $attacker\n";
print HTACCESS "</Limit>\n";
close HTACCESS;
}
contents of file htaccess
AuthUserFile /path/to/passwords
AuthGroupFile /dev/null
AuthName PROTECTED
<Limit GET>
order allow,deny
allow from all
</Limit>
contents of file blocked
All you people who get the indispensible Sex Swap news letter have read this but for those who haven't I'll paste it here. Its a long post, but you don't have to read it so no apologies ;-) The best advice to avoid getting your password cracked is to use a long one (8 characters at least) mixing upper and lowercase letters with numbers (how about a friend's street address?)
Anyway, heres the hurler blocking script...
401 NEUTRALIZER - PASSWORD HURLER BLOCKER by Drew Star http://www.superscripts.com/scripts/401.html
Drew Star from SuperScripts wrote me this week letting me know about his hurler blocker. I did not realize that a 401 error is cause by an improper password. Drew wrote: Websites can stop these lame hacking tools with a 1K script we wrote that runs by crontab parsing for 401 (authorization failed) errors. Then you can completely block these losers from your network in 5 seconds. We developed this script simply because we wanted to be the first with the script and the first to develop countermeasures.
I then wrote the Power=Programmer again with some question and he very kindly offered his 401 script free to all members! I just want to say thanks to Drew for being so kind and if you are looking for some of the hottest scripts in the porn industry, check out http://www.superscripts.com/
The membership price is worth it. The scripts are great
Here are some additional thoughts Drew had on password hurlers: this shows how simple it is to block hurlers. The best thing to do is use password software that doesn't issue passwords 2 letters long or allow matching user/pass, etc. In other words - prevention is the best cure.
I have talked to Karl of Gamma and others, and most of the big sites now filter for the double USER / PASSWORD match. This is great prevention. Without further delay, I present you Drew's script
NOTE: NO SUPPORT - NO SUPPORT - NO SUPPORT
this is a free script and it comes with no tech support. Do not ask superscripts for helps on a free script. Ask your webhost or pay a programmer to install it for you if you do not have the knowledge necessary to install it yourself.
3 FILES
--------
401.cgi
htaccess
blocked
contents of file 401.cgi
#!/usr/bin/perl
################################################## ##################################################
# 401 IP SCRUBBERVersion 1.0
# Copyright 1999 Telecore Media International, Inc.webmaster@superscripts.com
# Created 5/15/99 Last Modified 5/15/99
################################################## ##################################################
# COPYRIGHT NOTICE
# Copyright 1999 Telecore Media International, Inc. - All Rights Reserved.
# http://www.superscripts.com
# Selling the code for this program without prior written consent is
# expressly forbidden.
# Obtain written permission before redistributing this software over the Internet or
# in any other medium. In all cases copyright and header must remain intact.
#
# My name is drew star... and i am funky... http://www.drewstar.com/
#
################################################## ################################################## #
$logfile = "/path/to/your/access_logs";
$blockfile = "/path/to/blocked";
$htaccess = "/path/to/.htaccess";
$threshold = 3;
################################################## ##################################################
open (LOGFILE, "$logfile");
@logfiles=<LOGFILE>;
close LOGFILE;
foreach $logfiles (@logfiles) {
(@dimensions) = split(/ /,$logfiles);
$locatefield = @dimensions;
$pointer= $locatefield-2;
$errorcode = $dimensions[$pointer];
$attacker= $dimensions[0];
if ($errorcode eq "401"){
$usersessions{$attacker}++;
if ($usersessions{$attacker} > $threshold){
&blockattacker unless ($blockattacker{$attacker});
next;
}
}
}
sub blockattacker {
$blockattacker{$attacker} = $attacker;
print "ALERT! $usersessions{$attacker} attacks from $attacker\n";
open (BLOCKFILE, "$blockfile");
@banned=<BLOCKFILE>;
close BLOCKFILE;
open (BLOCKFILE, ">$blockfile");
foreach $banned(@banned) {
chomp $banned;
print BLOCKFILE "$banned\n" unless ($banned eq $attacker);
}
print BLOCKFILE "$attacker\n";
close BLOCKFILE;
open (HTACCESS, ">$htaccess");
print HTACCESS "AuthUserFile $passwordfile\n";
print HTACCESS "AuthGroupFile /dev/null\n";
print HTACCESS "AuthName PROTECTED\n";
print HTACCESS "<Limit GET>\n";
print HTACCESS "order allow,deny\n";
print HTACCESS "allow from all\n";
foreach $banned(@banned) {
chomp $banned;
print HTACCESS "deny from $banned\n" unless ($banned eq $attacker);
}
print HTACCESS "deny from $attacker\n";
print HTACCESS "</Limit>\n";
close HTACCESS;
}
contents of file htaccess
AuthUserFile /path/to/passwords
AuthGroupFile /dev/null
AuthName PROTECTED
<Limit GET>
order allow,deny
allow from all
</Limit>
contents of file blocked