开发者

How to track hacking attempts on a website

Assuming that I've tried my best to write secure code: database isn't easy for sql injection, output is filtered from xss, and other. The next question is how do I track that someone has tried to hack a website. What can a developer do that doesn't involve them reading through logs of every URL requ开发者_StackOverflow社区est that came to their website? (not that I even know how to do that).

I use PHP so tools or answers specific to PHP are welcome.


Obvious - read the system logs

Not so obvious - Install this: https://github.com/PHPIDS/PHPIDS

Found that website some time ago, and since you're on PHP I believe that you'll love the demo ;)


Try get from logs (eg. apache) logs to your website, group them to groups with contains same records (queries) but from different IP addresses, and get this list with ordering by count accidents ascending, then you get unexpected queries to your website then you have easily manual get view on this and get find some try of attacks.

You cant automate this process, because this is searching a code "undefined behavior".


If there was an easy simple answer for that, then the security business would be out of business.

You could log suspicious behavior (trying to access files that do not exist, a lot of logins failed from the same IP etc).


you can never track an attack that's passed your security because it just done just that, best practice would be make sure the data send is actually the kind of data it's suppose to be(numers beeing nr etc) and everything out of the ordniary gets saved to a txt/database or whatever you find fit f


Read the logs.

Most stupid hack attempts try to access a few domains or run SQL injections.

Look for...

  • yourdomain.com/admin
  • yourdomain.com/wp-admin
  • yourdomain.com/administrator
  • yourdomain.com/?q=" OR 1=1

etc...

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜