LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 02-03-2008, 10:53 PM   #1
pching
Member
 
Registered: Jan 2008
Location: Maryland US
Distribution: right now WindowsXP
Posts: 40

Rep: Reputation: 15
Where can I look to find any attacks on my web server?


Hi,

Recently I connected a web server on the Internet.

I wish to learn on "How to find out if some one has tried to hack
into (or attack) my server?"

I know the httpd/access_log is a place to see who has accessed the wed pages. Are there other places that I can look into it?

Is there software like "Attack reporting" that will alert me?

Thanks for your help.

Philip
 
Old 02-04-2008, 01:33 AM   #2
rvca
LQ Newbie
 
Registered: Dec 2005
Location: Vancouver
Distribution: Debian/Ubuntu
Posts: 28

Rep: Reputation: 15
A first place to begin is by installing snort http://www.snort.org/ and BASE, that is a webfront to snort.

Here's an initial place to look for an install tutorial.

http://www.howtoforge.com/intrusion_...ion_base_snort

Cheers,
 
Old 02-04-2008, 01:55 AM   #3
norbert74
Member
 
Registered: Apr 2006
Posts: 63

Rep: Reputation: 23
Here you find some tips for an initial investigation:
http://www.acodedb.com/146/some-tips...er-was-hacked/
 
Old 02-04-2008, 03:19 AM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,005
Blog Entries: 11

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
Hi,

welcome to LQ!

And I'm moving this over to security which is more appropriate
for this type of question.



Cheers,
Tink
 
Old 02-04-2008, 03:55 AM   #5
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 162Reputation: 162
Now that your post is in the security forum, take the time to look through the stickies, especially this one. In it, there's a section called "Compromise, breach of security, detection" and a link to the CERT Intruder Detection Checklist which is definitely worth a read.
 
Old 02-04-2008, 06:25 AM   #6
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by pching View Post
Hi,

Is there software like "Attack reporting" that will alert me?

Thanks for your help.

Philip
http://www.modsecurity.org/
http://www.snort.org/
 
Old 02-07-2008, 10:59 PM   #7
pching
Member
 
Registered: Jan 2008
Location: Maryland US
Distribution: right now WindowsXP
Posts: 40

Original Poster
Rep: Reputation: 15
Thanks!

Hi all,

Thank you for your reply to my question.

I'll study snort and start from there.

Philip
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mozilla flaws could allow attacks, data access into Firefox & Mozilla web browsers! t3gah Linux - Security 6 04-09-2006 05:00 AM
Can't find running web server carlg Linux - General 0 10-13-2004 07:58 PM
can we configure a Linux server with mail server,file server and web server kumarx Linux - Newbie 5 09-09-2004 07:21 AM
setting up password protected web forms on an apache web server AZDAVE Linux - Security 3 07-07-2004 01:03 PM
Can't access Linux web server web pages from LAN client jaydave Linux - Networking 4 03-16-2003 03:38 AM


All times are GMT -5. The time now is 11:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration