Apache 2.x module mod_anticrack


The mod_anticrack module is designed to thwart attempts at cracking into password protected paths of your web site. The module uses a MySQL server database to store invalid login attempts from IP addresses. After a cracker exceeds the configured threshold, they are given 403 HTTP codes no matter what they enter. This effectively blocks their access and stops the possibility of them gaining access to your password protected sites.

This modules is best employed in scenarios where you have paying content locked behind a password protected area, and you are prone to cracking attempts.

This module was compiled and tested against Apache 2.0.48 on SuSE 8.2. Installation instructions are discussed here.

The most current version of mod_anticrack can be found at: 

  http://www.UglyBoxIndustries.com/

Author

Please contact Joseph Benden <joe at thrallingpenguin.com> with any questions, concerns, or suggestions regarding this module.

Directives

AntiCrackLevel

Syntax: AntiCrackLevel integer
Default: None
Context: server config, <VirtualHost>, <Directory>
Module: mod_anticrack
Compatibility: 2.0.48

The AntiCrackLevel directive sets the threshold at which a cracker will be denied further attempts at entering your web site. A reasonable value is about 20. This gives the user a few wrong tries, but definitely stops automated cracking.

NOTE: Some browsers send the 401 and 403 HTTP codes along with requests for the pages graphics. If you set this value too low and have many graphics on your page, then you can ban users before they've even TRIED to enter a username and password. Be careful!

AntiCrackExpires

Syntax: AntiCrackExpires integer
Default: None
Context: server config, <VirtualHost>, <Directory>
Module: mod_anticrack
Compatibility: 2.0.48

The AntiCrackExpires directive sets the number of seconds an entry in the attempted cracking table is kept. After this number of seconds, the entries are purged from the database table. A reasonable value is about 600. This effectively stops the attack, but frees the entry up. You may want to set a higher value, but keep in mind that many users are DHCP assigned, and a valid customer may actually be assigned a valid IP address that a previous cracker used.

AntiCrackPermit

Syntax: AntiCrackPermit ip address
Default: None
Context: server config, <VirtualHost>, <Directory>
Module: mod_anticrack
Compatibility: 2.0.48

The AntiCrackPermit directive may appear multiple times and adds IP addresses that will never be banned.

Free Tip: Add yourself to the configuration.

AntiCrackDebug

Syntax: AntiCrackDebug boolean
Default: off
Context: server config, <VirtualHost>, <Directory>
Module: mod_anticrack
Compatibility: 2.0.48

The AntiCrackDebug directive sets how much information is logged to the Apache log. If it's set to on, then a verbose amount of debugging information is logged.

AntiCrackHost

Syntax: AntiCrackHost string
Default:none
Context: server config, <VirtualHost>, <Directory>
Module: mod_anticrack
Compatibility: 2.0.48

The AntiCrackHost directive sets the host name of the MySQL server.

AntiCrackDB

Syntax: AntiCrackDB string
Default:none
Context: server config, <VirtualHost>, <Directory>
Module: mod_anticrack
Compatibility: 2.0.48

The AntiCrackDB directive sets the database name used.

AntiCrackTable

Syntax: AntiCrackTable string
Default:none
Context: server config, <VirtualHost>, <Directory>
Module: mod_anticrack
Compatibility: 2.0.48

The AntiCrackTable directive sets the database table used.

AntiCrackUser

Syntax: AntiCrackUser string
Default:none
Context: server config, <VirtualHost>, <Directory>
Module: mod_anticrack
Compatibility: 2.0.48

The AntiCrackUser directive sets the username used to connect to the database server.

AntiCrackPass

Syntax: AntiCrackPass string
Default:none
Context: server config, <VirtualHost>, <Directory>
Module: mod_anticrack
Compatibility: 2.0.48

The AntiCrackPass directive sets the password used to connect to the database server.

Example:

 # Load the anticrack module
 LoadModule mod_anticrack /usr/lib/apache2/mod_anticrack.so

 <Directory "/var/www/htdocs/mywebsite/members">
    AntiCrackHost localhost
    AntiCrackDB ban_mywebsite
    AntiCrackUser root
    AntiCrackPass shhh-quiet
    AntiCrackTable ban
    AntiCrackLevel 20
    AntiCrackDebug on
    AntiCrackPermit 216.206.238.17
 </Directory>

Installation

To install mod_anticrack:

Unpack the latest mod_anticrack source code, then follow the these steps: 
  make

Note: You must have apache2-devel and mysql-devel RPMs installed on SuSE 8.2 to build the source. The source code uses the apxs2 tool for building the modules.

Database table

The module requires MySQL to function. This document will not cover any aspects of using, configuring, building MySQL as there are plenty of sites dedicated to that. However, the module does require the specific table structure shown below. The table name and database name may be anything you like; however, it must be properly configured for it to function. 
CREATE TABLE `anticrack` (
  `id` int(8) unsigned NOT NULL auto_increment,
  `lastattempt` timestamp(14) NOT NULL,
  `counter` int(8) unsigned NOT NULL default '0',
  `ipaddr` char(24) NOT NULL default '',
  `noRemove` tinyint(1) default '0',
  `auth` tinyint(1) default '0',
  PRIMARY KEY  (`id`),
  KEY `ipaddr` (`ipaddr`)
) TYPE=MyISAM;

Author: Joseph Benden, Sr.
Last Updated: 04/22/2005 8:30 PM

© Copyright 2005 Thralling Penguin LLC.
All Rights Reserved