User Tools

Site Tools


logging_file_acces_via_php
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


logging_file_acces_via_php [2016/07/14 07:02] (current) – created admin
Line 1: Line 1:
 +=====logging acces to attacked files under apache via php=====
  
 +Lets say my server is scanned by scripts from time to time. I see popping up a 404 error un the logs for
 +
 +/libraries/joomla/exporter.php 
 +
 +which is not a file belonging to joomla and exists only on hacked joomla instances, so theres no reason to GET this file other than malicious ones. So I've placed a file there, which logs the connection attempts
 +
 +Sure there are other ways like analyzing apachze logs, but i think this is more comfortable.
 +
 +<code>
 +<?php
 +
 +$line = date('Y-m-d H:i:s') . " - $_SERVER[REMOTE_ADDR] - $_SERVER[REQUEST_URI] - $_SERVER[HTTP_USER_AGENT]";
 +file_put_contents('visitors.log', $line . PHP_EOL, FILE_APPEND);
 +
 +echo "thx for supplying your IP skiddie";
 +
 +?>
 +
 +touch visitors.log
 +chown www-data:www-data visitors.log
 +chmod og-r visitors.log
 +</code>
logging_file_acces_via_php.txt · Last modified: 2016/07/14 07:02 by admin