Looking for an intrusion detection script for a website.
Results 1 to 8 of 8

Thread: Looking for an intrusion detection script for a website.

  1. #1
    Senior Member
    Join Date
    Jul 2002
    Posts
    167

    Looking for an intrusion detection script for a website.

    Anybody know of a script that will scan your website logs, and create a PHP or HTML readout of the results. I'm not looking for SNORT but something where I can read the results online.

    EDIT: I should add that i have access to the access and error logs, but not root access to the server.

  2. #2
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Detox, what are you looking for specifically? Attacks against the website? Like SQL-Injection attempts? Or attacks against the server i.e. buffer overflow, known application vulnerability attempts, etc. that might be in your site logs (instead of the server log)? I am certain there is a plethora of Perl code out there to do this...I might have some laying around here. I'll go look, but give us a more specific idea of what you want to find. "Looking for an intrusion detection script for a website" is kind of broad.

    /* Edit: what format? Apache? 1.3x, 2.x? IIS? */
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  3. #3
    Senior Member
    Join Date
    Jul 2002
    Posts
    167
    OS: RedHat Linux
    Apache 2.0
    PHP 4.3.2

    I'm looking for a script that can go through the log files and find password mismatches, cgi vulnerably scans as well as unicode attacks. Things of that nature. Then grep this info and display an HTML generated page of the results. I know there are a lot of command line tools that will do this. I'm more interested in catting the results out to a webpage. Maybe even use the GD library to make a nice graph of the results.

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    I thought we used something more obscure, but I guess not...our webserver admin guru swears by and uses AWStats with some scripting and such he's added for specific reports.

    Sorry, thought I had more info... a quick look doesn't show everything you've mentioned, but it was cursory...should give you a starting point for research tho.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Senior Member
    Join Date
    Jan 2005
    Posts
    128
    yeah awstats is probably not exactly what your looking for detox but if you like hacking scripts, then awstats is what your lookin for .... You just may need to learn how apache is writing its logs
    http://sfx-images.mozilla.org/affili...88x31/take.gif
    If You\'ve Done Something Right. People Wont Know You\'ve Done Anything At All - God (futurama)

  6. #6
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    Hmm, you can try Auditing tools such as Retina

  7. #7
    Member
    Join Date
    Jun 2004
    Posts
    77

    Re: Looking for an intrusion detection script for a website.

    Originally posted here by detoxsmurf
    Anybody know of a script that will scan your website logs, and create a PHP or HTML readout of the results. I'm not looking for SNORT but something where I can read the results online.

    EDIT: I should add that i have access to the access and error logs, but not root access to the server.
    Do you have permission to install SNORT/other IDS? Snort or any other IDS software is what you need to do what you want..

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Yep. Snort in combination with Base, Acid, Snort Report, Snort-rep and/or SnortSnarf.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •