logging acces to attacked files under apache via php
Lets say my server is scanned by scripts from time to time. I see popping up a 404 error un the logs for
which is not a file belonging to joomla and exists only on hacked joomla instances, so theres no reason to GET this file other than malicious ones. So I've placed a file there, which logs the connection attempts
Sure there are other ways like analyzing apachze logs, but i think this is more comfortable.
<?php $line = date('Y-m-d H:i:s') . " - $_SERVER[REMOTE_ADDR] - $_SERVER[REQUEST_URI] - $_SERVER[HTTP_USER_AGENT]"; file_put_contents('visitors.log', $line . PHP_EOL, FILE_APPEND); echo "thx for supplying your IP skiddie"; ?> touch visitors.log chown www-data:www-data visitors.log chmod og-r visitors.log
logging_file_acces_via_php.txt · Last modified: 2016/07/14 07:02 by admin