[plug] Detecting Apache Attacks...
ryan at is.as.geeky.as
ryan at is.as.geeky.as
Thu Oct 24 10:50:47 WST 2002
> Does anyone know of a comprehensive up-to-date analyser that can look at a
> bunch of webserver logs, and produce a brief report on what attacks were
> attempted against the server?
As garry said, snort detects web attack, but my version only does IIS
attempts:
=======================================
Date:
10/24 06:57:16
Name:
WEB-IIS cmd.exe access
IP info:
209.42.212.241:4642 -> 203.15.140.22:80
=======================================
Date:
10/23 09:09:03
Name:
WEB-IIS CodeRed v2 root.exe access
IP info:
61.218.40.117:14507 -> 203.15.140.22:80
=======================================
It will not detect brute force auth runs and other stuff that will show up
in the error logs.
A lot of people rave about http://logreport.org but i've never tried it.
Ryan
More information about the plug
mailing list