Hey...
Is there anything in particular in the Apache log files that will tell
me if someone or something tried to gain access/control/hack, etc?
And if they were successful?
Alternatively, any other PHP, etc. logs?
Win2003 server
Apache 2.0.55
PHP 5.1.6
MySQL 5.0.18-nt
Thanks. Trying to learn.
On Nov 30, 2:14 am, JaxDawg
> Hey...
> Is there anything in particular in the Apache log files that will tell
> me if someone or something tried to gain access/control/hack, etc?
> And if they were successful?
> Alternatively, any other PHP, etc. logs?
>
> Win2003 server
> Apache 2.0.55
> PHP 5.1.6
> MySQL 5.0.18-nt
>
> Thanks. Trying to learn.
yes but it will depend on how well you know your applications
weakspots, and if you know what to look for.
look for long URLs in the access log, and for multiple 500/404 in the
error log. note the times, look for last modified times in your
filesystem of similar times - the files shouldnt be writeable by the
apache/php (if running php as a module) user to avoid being pwned.
also go to apachelounge and pick up and install mod_security and add
the cool rules confs and you will be immediately safer, that will
provide you with additional logging to security.conf which can help in
diagnosing issues.
If you use query logging, check them for naugty queries, and set up
your mysql user so it only has write access where it should.
theres loads more, but basically if you are worried about attacks
UPGRADE YOUR SOFTWARE!!!
cos there are known issues with the stuff you are running.
On Dec 1, 11:00 am, shimmyshack
> On Nov 30, 2:14 am, JaxDawg
>
> > Hey...
> > Is there anything in particular in the Apache log files that will tell
> > me if someone or something tried to gain access/control/hack, etc?
> > And if they were successful?
> > Alternatively, any other PHP, etc. logs?
>
> > Win2003 server
> > Apache 2.0.55
> > PHP 5.1.6
> > MySQL 5.0.18-nt
>
> > Thanks. Trying to learn.
>
> yes but it will depend on how well you know your applications
> weakspots, and if you know what to look for.
> look for long URLs in the access log, and for multiple 500/404 in the
> error log. note the times, look for last modified times in your
> filesystem of similar times - the files shouldnt be writeable by the
> apache/php (if running php as a module) user to avoid being pwned.
> also go to apachelounge and pick up and install mod_security and add
> the cool rules confs and you will be immediately safer, that will
> provide you with additional logging to security.conf which can help in
> diagnosing issues.
> If you use query logging, check them for naugty queries, and set up
> your mysql user so it only has write access where it should.
> theres loads more, but basically if you are worried about attacks
> UPGRADE YOUR SOFTWARE!!!
> cos there are known issues with the stuff you are running.
oh yeah and of course, lock down windows 2003, and run a restrictive
firewall which cannot be configured by anyone other than you. Is your
2k3 box running as administrator etc.... set up the apache mysql
services as restricted users onlyhaving access to parts of the
filesystem, it is actually fun to lock your machine down, and decrease
the surface area. of course before you do it, you should plan ahead so
that you arent making life hard for you when you start to need
external programs to be started off by php, but hardening on 2k3 can
be and is done, good luck.
Great info! Thanks... been running it for a year (personal, not
commercial) and I don't have any reason to believe I've been hit - but
its time to get serious, for sure.
I appreciate all the input... this is a very complex subject.