Is there a way to block the enumeration of users ie By doing this hackers could discover valid usernames on the system and attempt a brute force attatck. Any suggestions are welcome in preventing this.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Prevent Enumeration of Users
- Thread starter mezanine
- Start date
sleipnir214
Programmer
Does the URL [ignore][/ignore] actually have to be valid?
If so, there's not much you can do short of have a script examine your httpd error log(s) for attempts to hit the per-user web pages of invalid users, then lock that IP out of your server.
If not, you could simply disable mod_userdir.
Want the best answers? Ask the best questions!
TANSTAAFL!!
If so, there's not much you can do short of have a script examine your httpd error log(s) for attempts to hit the per-user web pages of invalid users, then lock that IP out of your server.
If not, you could simply disable mod_userdir.
Want the best answers? Ask the best questions!
TANSTAAFL!!
- Thread starter
- #3
If it's a DSO, don't load it. Comment out the line that looks like "LoadModule userdir_module modules/mod_userdir.so".
If it's compiled in statically, I think that removing the AddModule directive takes care of it. Not positive, though.
If it's compiled in statically, I think that removing the AddModule directive takes care of it. Not positive, though.
- Status
Similar threads