Web Logs

A Simple Way To Detect Web Server Compromise

When an attacker finds a vulnerability that can be exploited on your site, he normally does a few things:

  • Upload some remote control software
  • Look for interesting files, or additional sites on the server, etc
  • Upload a defacement page, rootkit, iframe browser exploits, or any number of things

You can use your web logs as a burglar alarm to notify you that someone has broken in.  It won’t stop them, but it may give you a chance to.  Here’s how it works:

Be the first to comment - What do you think?  Posted by admin - April 11, 2009 at 8:20 pm

Categories: Security, Web Logs   Tags:

Recent Posts in the Syslog Forum

RSS Error: A feed could not be found at http://www.syslog.org/forum/.xml/?type=rss. A feed with an invalid mime type may fall victim to this error, or SimplePie was unable to auto-discover it.. Use force_feed() if you are certain this URL is a real feed.