After the Lighttpd mod security post and the DDoS attack that followed, I began working on a script that parses the Lighttpd server-error.log and inserts matched records into MySQL. The result? Check it out here: security.nullamatix.com Daily Security Reports. With the abundance of ideas I have for the project, it's far from complete, but definitely worth a beta release. Plans for the future include, but aren't limited to:
- SSL Certificate for https support
- An API to enable client submissions
- Details information about individual IPs (blacklists, rDNS, ASN, db frequency, etc)
- Auto generated links to ProjectHoneyPot, Robtex, Stop Forum Spam, and more
- Get the search working correctly
- Discussion/comment form on each IP to enable visitor interaction
- Auto generated IP tables/null route rules for IPs/netblocks
So, as I said, the tool is far from complete, and I need your help. What sort of features would you like to see? Could the tool eventually have a value to the Internet community, or just me? Don't be shy - leave your comments, suggestions, criticisms, or questions below.
Also, WordPress users that like to know about the source of their commentators should check out my first official WordPress plug-in: IP Intelligence.
Merry Chrimmus and eehh... bah-hum-bug.
Word Count: 262
Tags: exploit, Lighttpd, Logs, mod_security, php, rfi, tools
