Currently set to No Index

Security Aspects to Watch for in Your Server Logs

computer code

If you’ve started taking a closer eye on security for your web site then you’ve probably at some point started looking at the actual logs of users visiting your web site. These can go by a lot of different names: we’ll stick with the blunt “web logs” for this article. These are files that show you exactly who is doing, or trying to do, what with your web site, where they’re doing it from, and how they’re doing it (what browser they are using, often what operating system, and more information depending on your host’s web server software).

If you have a busy website then it quickly becomes prohibitive to go through every line every day, and you want to be able to scan it for problems. This is a good idea, but to be able to do so, you will need to have some idea of what kinds of problems you’re looking for. Here is a summary of some of what you’re going to try to keep an eye out for:

RELATED:   Why Entire Web Hosts Can Be Destroyed by Cyber Attacks

Hits to non-existent pages

To scan your logs effectively you need to be able to know the names of the actual pages on your web site without looking, meaning that you also need to know immediately if you are looking at an attempted hit to a non-existent page.  There are a few common pages that you’ll see from someone trying to infiltrate.  “index.php” is one, and no, this won’t accomplish anything on their end if all you have is “index.html”: the “.html” extension does make it a completely separate page.

OK, we’ll then what’s the danger?  Nothing, immediately.  The reason that you’ll see these attempts is that some web design software packages have built-in bugs.  These create pages with vulnerabilities that have predictable names.  These hits are attempts to access those.

RELATED:   Plesk: The Most Diverse Control Panel

One important note about this, though, is that this isn’t always bad news.  Search engine spiders often do the same auto-browsing, but in this case they are looking for pages that contain instructions for the search engine, like “robots.txt.”

Funny URLs

Not “ha ha” funny, either. There are two things you’re looking for here:

Lots of non-ASCII characters

These can either be control characters or other characters down the character set.  You’ll recognize them by a syntax like “%056”.  Again, these need some script on your end to do something with them (they send unauthorized instructions to said script), but it’s a sign that someone’s trying.

Attempted login information

Password protection is common.  So are people who don’t realize that you need a password other than “password”.  If you see a URL that is long, sent to a .cgi, .php or other executable page, and the URL contains in it what looks like a username/password combo, then that is what it probably is.

RELATED:   How Secure Is Your WordPress Website?

What to do if you have a busy website?

We’ve discussed this many times what to do when you see these things. The quick solution:

  • Block the IP addresses you need to, and don’t block any more than that, lest you risk filtering out legitimate traffic.
  • Also don’t be afraid to ask your web host for an extra set of eyes if there’s something you’re suspicious of. Not only do they have more experience, but if there’s an attack affecting multiple users, then they might recognize something about its footprint that you wouldn’t be able to.

This is your website, your livelihood. There’s nothing wrong with being as secure about it as you want to be. Keep an eye on your log files and stay safe!

How-to Start a Blog – Review of the Best 10 Blogging Platforms
How-to Start a Blog – Review of the Best 10 Blogging Platforms

If you want to start a blog as fast as possible, then you need to consider choosing a blogging platform. Thankfully, there are some excellent free and paid blogging platforms...

How Referral Marketing Can Benefit Web Hosts
How Referral Marketing Can Benefit Web Hosts

Even if the niche of web hosts are fully loaded with a lot of companies they are still one of the easiest to promote because you could write your own...

Broken Links: How to Find, Fix, and Benefit from Broken Links
Broken Links: How to Find, Fix, and Benefit from Broken Links

Links are what holds the web together. Essentially, the web is named as such because of the ability for pages and sites to link to other sources and relevant information....

Brand Value & the Most Powerful Brands (with Infographic)
Brand Value & the Most Powerful Brands (with Infographic)

Brand value – everyone wants it, however, only few are able to achieve it. The subject of “brand value” holds a significant position amongst marketers, executives, and entrepreneurs. Let’s discuss...

Reasons why your business should shift to Cloud hosting
Reasons why your business should shift to Cloud hosting

Cloud hosting has been on the rise since its inception. The improvement to your website performance and business efficiency that comes with Cloud hosting is almost tangible.

Why We Love the IT Support Career?
Why We Love the IT Support Career?

In almost all of my posts I was talking about the stressful side of the IT – the long hours, end user issues, migrations, midnight calls and the like. But...

IT Manager: Ways To Show Your Appreciation To Your Team
IT Manager: Ways To Show Your Appreciation To Your Team

Surely your team struggled hard and made things happen. You cannot say “this is what you get paid for” and just leave – you cannot keep your IT staff that...

Feeling Insecure In Your Current Job Position?
Feeling Insecure In Your Current Job Position?

Job security is one of our primary concerns. We everyday we live with the question of whether or not we will be working the next day. Loyalty is not the...

Leave a Reply

Your email address will not be published. Required fields are marked *