poniedziałek, 24 maja 2010

lighttpd mod_auth.patch

Because - default lighttpd mod_auth (at now 1.4.26) does not provide additional information about source IP address when login attempt is wrong (as an example - while password guessing), i made some change in a source code.

here's how it looks by default:

2010-05-24 21:00:36: (http_auth.c.872) get_password failed

and after patching:

2010-05-24 21:00:48: (http_auth.c.872) get_password failed , IP: xx.xx.xx.xx

it is now possible to use as an example fail2ban - to prevent login/password bruteforce attacks

please find attached http_auth.patch

0 komentarze: