F*EX use case: anti-hacker configuration

To prevent brute-force hacking attacks with guessed user/auth-ID you can use the function $max_fail_handler() which is undefined in default installations.

$max_fail_handler(remote_ip_address) is called when there are more than $max_fail failed login attempts.

For example, I have the following setup (on Linux):

A copy of the iptables programm with s-bit:

  fex@fex: ll /home/fex/bin/iptables
  -rwsr-sr-x root  root 47,480 2008-01-28 14:49:09 /home/fex/bin/iptables
so that the user fex can modify the local ip table firewalling.

And then in fex.ph I have:

  $iptables = '/home/fex/bin/iptables';
  $max_fail = 10;

  $max_fail_handler = sub { 
    my $ip = shift;
    local $_;
    system "$iptables -A BLOCK -s $ip -j LOGREJECT";
    if (open my $m,"| mailx -s 'FEX max_fail $ip' framstag") {
      print {$m} "@_\n\n";
      if ($faillog and open $faillog,$faillog) {
        print {$m} $_ while <$faillog>;
        close $faillog;
      close $m;
With this function every ip address will be blocked after there are more than 10 sequent login failures and a notification e-mail is sent to user framstag. A successfull login will reset the counter.

For the curious: If you have defined $max_fail_handler() and $max_fail in /home/fex/lib/fex.ph then you will find the last login failures in /home/fex/spool/.fail/

Another anti-hacking configuration can be done by defining $header_hook() in fex.ph to disallow certain headers. Example:

$header_hook = sub {
  my ($connect,$header,$ip) = @_;
  my (@dl);
  local $_;

  @dl = qw(

  foreach my $dp (@dl) {
    if ($header =~ /$dp/) {
      fexlog($connect,@log,"BADREQUEST $dp");