User Tools

Site Tools


logging_file_acces_via_php

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

logging_file_acces_via_php [2016/07/14 09:02] (current)
admin created
Line 1: Line 1:
 +=====logging acces to attacked files under apache via php=====
  
 +Lets say my server is scanned by scripts from time to time. I see popping up a 404 error un the logs for
 +
 +/​libraries/​joomla/​exporter.php ​
 +
 +which is not a file belonging to joomla and exists only on hacked joomla instances, so theres no reason to GET this file other than malicious ones. So I've placed a file there, which logs the connection attempts
 +
 +Sure there are other ways like analyzing apachze logs, but i think this is more comfortable.
 +
 +<​code>​
 +<?php
 +
 +$line = date('​Y-m-d H:​i:​s'​) . " - $_SERVER[REMOTE_ADDR] - $_SERVER[REQUEST_URI] - $_SERVER[HTTP_USER_AGENT]";​
 +file_put_contents('​visitors.log',​ $line . PHP_EOL, FILE_APPEND);​
 +
 +echo "thx for supplying your IP skiddie";​
 +
 +?>
 +
 +touch visitors.log
 +chown www-data:​www-data visitors.log
 +chmod og-r visitors.log
 +</​code>​
logging_file_acces_via_php.txt ยท Last modified: 2016/07/14 09:02 by admin