Somebody hammering your Moodle? Try vanishing.
This script checks your mdl_log
table for repeated authentication failures. When any client IP surpasses your threshold for failures, this script adds IPTABLES rules to drop all their packets.
IPTABLES will be reset when you reboot, unless you preserve these changes somehow. (I don't preserve them.)
- Copy
config-dist.py
toconfig.py
and make sure it's in the same directory asmoodle-dict-attack-dropper.py
. - Edit config.py and fill in your information. (Most of the fields should probably just match your moodle's config.php.)
- Set moodle-dict-attack-dropper.py up to run regularly via cron. Example (running as root):
*/5 * * * * /path/to/your/moodle-dict-attack-dropper.py