<html> <head> <title>Apache 2.x module mod_anticrack</title> </head> <body bgcolor=white> <hr> <center> <h2><b>Apache 2.x module <code>mod_anticrack</code></b></h2> </center> <hr><br> The <code>mod_anticrack</code> module is designed to thwart attempts at cracking into password protected paths of your web site. The module uses a MySQL server database to store invalid login attempts from IP addresses. After a cracker exceeds the configured threshold, they are given 403 HTTP codes no matter what they enter. This effectively blocks their access and stops the possibility of them gaining access to your password protected sites. <br><br> This modules is best employed in scenarios where you have paying content locked behind a password protected area, and you are prone to cracking attempts. <p> This module was compiled and tested against Apache 2.0.48 on SuSE 8.2. Installation instructions are discussed <a href="#Installation">here</a>. <p> The most current version of <code>mod_anticrack</code> can be found at: <pre> <a href="http://www.UglyBoxIndustries.com/">http://www.UglyBoxIndustries.com/</a> </pre> <h2>Author</h2> <p> Please contact Joseph Benden <joe <i>at</i> thrallingpenguin.com> with any questions, concerns, or suggestions regarding this module. <h2>Directives</h2> <ul> <li><a href="#AntiCrackLevel">AntiCrackLevel</a></li> <li><a href="#AntiCrackExpires">AntiCrackExpires</a></li> <li><a href="#AntiCrackPermit">AntiCrackPermit</a></li> <li><a href="#AntiCrackDebug">AntiCrackDebug</a></li> <li><a href="#AntiCrackHost">AntiCrackHost</a></li> <li><a href="#AntiCrackDB">AntiCrackDB</a></li> <li><a href="#AntiCrackTable">AntiCrackTable</a></li> <li><a href="#AntiCrackUser">AntiCrackUser</a></li> <li><a href="#AntiCrackPass">AntiCrackPass</a></li> <li><a href="#Example">Example Configuration</a></li> </ul> <hr> <h2><a name="AntiCrackLevel">AntiCrackLevel</a></h2> <strong>Syntax:</strong> AntiCrackLevel <em>integer</em><br> <strong>Default:</strong> None<br> <strong>Context:</strong> server config, <VirtualHost>, <Directory><br> <strong>Module:</strong> mod_anticrack<br> <strong>Compatibility:</strong> 2.0.48 <p> The <code>AntiCrackLevel</code> directive sets the threshold at which a cracker will be denied further attempts at entering your web site. A reasonable value is about 20. This gives the user a few wrong tries, but definitely stops automated cracking. <br><br> <b>NOTE:</b> Some browsers send the 401 and 403 HTTP codes along with requests for the pages graphics. If you set this value too low and have many graphics on your page, then you can ban users before they've even TRIED to enter a username and password. Be careful! <hr> <h2><a name="AntiCrackExpires">AntiCrackExpires</a></h2> <strong>Syntax:</strong> AntiCrackExpires <em>integer</em><br> <strong>Default:</strong> None<br> <strong>Context:</strong> server config, <VirtualHost>, <Directory><br> <strong>Module:</strong> mod_anticrack<br> <strong>Compatibility:</strong> 2.0.48 <p> The <code>AntiCrackExpires</code> directive sets the number of seconds an entry in the attempted cracking table is kept. After this number of seconds, the entries are purged from the database table. A reasonable value is about 600. This effectively stops the attack, but frees the entry up. You may want to set a higher value, but keep in mind that many users are DHCP assigned, and a valid customer may actually be assigned a valid IP address that a previous cracker used. <hr> <h2><a name="AntiCrackPermit">AntiCrackPermit</a></h2> <strong>Syntax:</strong> AntiCrackPermit <em>ip address</em><br> <strong>Default:</strong> None<br> <strong>Context:</strong> server config, <VirtualHost>, <Directory><br> <strong>Module:</strong> mod_anticrack<br> <strong>Compatibility:</strong> 2.0.48 <p> The <code>AntiCrackPermit</code> directive may appear multiple times and adds IP addresses that will never be banned. <br><br> <b>Free Tip: Add yourself to the configuration.</b> <hr> <h2><a name="AntiCrackDebug">AntiCrackDebug</a></h2> <strong>Syntax:</strong> AntiCrackDebug <em>boolean</em><br> <strong>Default:</strong> off<br> <strong>Context:</strong> server config, <VirtualHost>, <Directory><br> <strong>Module:</strong> mod_anticrack<br> <strong>Compatibility:</strong> 2.0.48 <p> The <code>AntiCrackDebug</code> directive sets how much information is logged to the Apache log. If it's set to on, then a verbose amount of debugging information is logged. <hr> <h2><a name="AntiCrackHost">AntiCrackHost</a></h2> <strong>Syntax:</strong> AntiCrackHost <em>string</em><br> <strong>Default:</strong>none<br> <strong>Context:</strong> server config, <VirtualHost>, <Directory><br> <strong>Module:</strong> mod_anticrack<br> <strong>Compatibility:</strong> 2.0.48 <p> The <code>AntiCrackHost</code> directive sets the host name of the MySQL server. <hr> <h2><a name="AntiCrackDB">AntiCrackDB</a></h2> <strong>Syntax:</strong> AntiCrackDB <em>string</em><br> <strong>Default:</strong>none<br> <strong>Context:</strong> server config, <VirtualHost>, <Directory><br> <strong>Module:</strong> mod_anticrack<br> <strong>Compatibility:</strong> 2.0.48 <p> The <code>AntiCrackDB</code> directive sets the database name used. <hr> <h2><a name="AntiCrackTable">AntiCrackTable</a></h2> <strong>Syntax:</strong> AntiCrackTable <em>string</em><br> <strong>Default:</strong>none<br> <strong>Context:</strong> server config, <VirtualHost>, <Directory><br> <strong>Module:</strong> mod_anticrack<br> <strong>Compatibility:</strong> 2.0.48 <p> The <code>AntiCrackTable</code> directive sets the database table used. <hr> <h2><a name="AntiCrackUser">AntiCrackUser</a></h2> <strong>Syntax:</strong> AntiCrackUser <em>string</em><br> <strong>Default:</strong>none<br> <strong>Context:</strong> server config, <VirtualHost>, <Directory><br> <strong>Module:</strong> mod_anticrack<br> <strong>Compatibility:</strong> 2.0.48 <p> The <code>AntiCrackUser</code> directive sets the username used to connect to the database server. <hr> <h2><a name="AntiCrackPass">AntiCrackPass</a></h2> <strong>Syntax:</strong> AntiCrackPass <em>string</em><br> <strong>Default:</strong>none<br> <strong>Context:</strong> server config, <VirtualHost>, <Directory><br> <strong>Module:</strong> mod_anticrack<br> <strong>Compatibility:</strong> 2.0.48 <p> The <code>AntiCrackPass</code> directive sets the password used to connect to the database server. <p> <hr> <h2><a name="Example">Example:</a></h2> <pre> # Load the anticrack module LoadModule mod_anticrack /usr/lib/apache2/mod_anticrack.so <Directory "/var/www/htdocs/mywebsite/members"> AntiCrackHost localhost AntiCrackDB ban_mywebsite AntiCrackUser root AntiCrackPass shhh-quiet AntiCrackTable ban AntiCrackLevel 20 AntiCrackDebug on AntiCrackPermit 216.206.238.17 </Directory> </pre> <p> <hr> <h2><a name="Installation">Installation</a></h2> To install <code>mod_anticrack</code>:<br><br> Unpack the latest mod_anticrack source code, then follow the these steps: <pre> make </pre> <br> <b>Note:</b> You must have apache2-devel and mysql-devel RPMs installed on SuSE 8.2 to build the source. The source code uses the apxs2 tool for building the modules. <p> <h2><a name="Database">Database table</a></h2> The module requires MySQL to function. This document will not cover any aspects of using, configuring, building MySQL as there are plenty of sites dedicated to that. However, the module does require the specific table structure shown below. The table name and database name may be anything you like; however, it must be properly configured for it to function. <pre> CREATE TABLE `anticrack` ( `id` int(8) unsigned NOT NULL auto_increment, `lastattempt` timestamp(14) NOT NULL, `counter` int(8) unsigned NOT NULL default '0', `ipaddr` char(24) NOT NULL default '', `noRemove` tinyint(1) default '0', `auth` tinyint(1) default '0', PRIMARY KEY (`id`), KEY `ipaddr` (`ipaddr`) ) TYPE=MyISAM; </pre> <hr><br> Author: <i>Joseph Benden, Sr.</i><br> Last Updated: <i>04/22/2005 8:30 PM</i><br> <br><hr> <font size=2><b><i> © Copyright 2005 Thralling Penguin LLC.<br> All Rights Reserved<br> </i></b></font> <hr><br> </body> </html>