A Simple Way To Detect Web Server Compromise
When an attacker finds a vulnerability that can be exploited on your site, he normally does a few things:
- Upload some remote control software
- Look for interesting files, or additional sites on the server, etc
- Upload a defacement page, rootkit, iframe browser exploits, or any number of things
You can use your web logs as a burglar alarm to notify you that someone has broken in. It won’t stop them, but it may give you a chance to. Here’s how it works: