IIS - Script for repeated hacks on a website

Question

I currently have a site that is armored by ELMAH as its reporting mechanism. Each time someone hits a URL that is incorrect it notifies me or logs to the system. This is annoying for someone fat-fingering the URL with a misspelling but great when a hacker is trying to crack a site of mine. Has anyone ever written a script for IIS 7 on Win 2K8 that blocks an IP based on repeated attempts to hit a website? I've looked at Snort and other IDS systems but if I could get a script that could be linked to my ELMAH system it might be the perfect thing.

PowerScript, etc. is what I was thinking. Hints and recommendations are wonderful and if you think a true intrusion detection system is recommended give me your ideas.

Thanks in advance.

score 0 · Answer 1 · answered Dec 27 '10 at 17:37

0

Wouldn't you be better served by an IDS, thereby stopping the activity at the perimeter of your network rather than trying to stop the activity once it's already entered your network and gotten to your web server?

answered Dec 27 '10 at 17:37

joeqwerty

108,377
6
80
171

do you have any IDS in mind as a recommendation on Windows? – dodegaard Dec 27 '10 at 19:30

score 0 · Accepted Answer · answered May 04 '11 at 07:06

0

Tried Dynamic IP Restrictions?

http://www.iis.net/download/DynamicIPRestrictions

answered May 04 '11 at 07:06

TristanK

8,953
2
27
39

this looks like the ticket....will try it – dodegaard Jun 21 '11 at 21:14

IIS - Script for repeated hacks on a website

2 Answers2