proofofconcept icon indicating copy to clipboard operation
proofofconcept copied to clipboard

Published 20 hours ago verified publisher icon allofphysicsgraph

search server logs for patterns of behavior. What pages do visitors go to?

Open researcherben opened this issue 2 years ago • 4 comments

What can be learned from the logs available on the server?

~/proofofconcept/v7_pickle_web_interface/flask/logs$ ls -Shal
-rw-r--r--  1 pdg pdg 343M Feb 18 17:54 gunicorn_error.log
-rw-r--r--  1 pdg pdg 203M Feb 18 17:54 gunicorn_access.log
-rw-r--r--  1 pdg pdg 202M Feb 18 17:54 nginx_access.log
-rw-r--r--  1 pdg pdg  33M Feb 18 17:54 nginx_error.log

researcherben avatar Feb 18 '22 18:02 researcherben

the format of ~/proofofconcept/v7_pickle_web_interface/flask/logs/nginx_access.log is set in https://github.com/allofphysicsgraph/proofofconcept/blob/gh-pages/v7_pickle_web_interface/services/nginx/nginx.conf#L20

the format of ~/proofofconcept/v7_pickle_web_interface/flask/logs/gunicorn_access.log is set in https://github.com/allofphysicsgraph/proofofconcept/blob/gh-pages/v7_pickle_web_interface/gunicorn.config.py#L38

There is https://github.com/allofphysicsgraph/proofofconcept/blob/gh-pages/v7_pickle_web_interface/flask/templates/monitoring.html but the corresponding page doesn't seem to work.

researcherben avatar Feb 21 '22 01:02 researcherben

https://physicsderivationgraph.blogspot.com/2020/11/log-analysis-of-nginx-access-using.html

researcherben avatar Feb 21 '22 03:02 researcherben

See https://bastian.rieck.me/blog/posts/2022/server/ and https://news.ycombinator.com/item?id=30661852 for tips on securing a web server

bhpayne avatar Mar 13 '22 23:03 bhpayne

https://nishtahir.com/i-looked-through-attacks-in-my-access-logs-heres-what-i-found/ https://news.ycombinator.com/item?id=39165711

bhpayne avatar Jan 28 '24 20:01 bhpayne