-
January 4th, 2005, 06:35 PM
#1
Looking for an intrusion detection script for a website.
Anybody know of a script that will scan your website logs, and create a PHP or HTML readout of the results. I'm not looking for SNORT but something where I can read the results online.
EDIT: I should add that i have access to the access and error logs, but not root access to the server.
-
January 4th, 2005, 09:36 PM
#2
Detox, what are you looking for specifically? Attacks against the website? Like SQL-Injection attempts? Or attacks against the server i.e. buffer overflow, known application vulnerability attempts, etc. that might be in your site logs (instead of the server log)? I am certain there is a plethora of Perl code out there to do this...I might have some laying around here. I'll go look, but give us a more specific idea of what you want to find. "Looking for an intrusion detection script for a website" is kind of broad.
/* Edit: what format? Apache? 1.3x, 2.x? IIS? */
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
January 4th, 2005, 10:11 PM
#3
OS: RedHat Linux
Apache 2.0
PHP 4.3.2
I'm looking for a script that can go through the log files and find password mismatches, cgi vulnerably scans as well as unicode attacks. Things of that nature. Then grep this info and display an HTML generated page of the results. I know there are a lot of command line tools that will do this. I'm more interested in catting the results out to a webpage. Maybe even use the GD library to make a nice graph of the results.
-
January 4th, 2005, 10:40 PM
#4
I thought we used something more obscure, but I guess not...our webserver admin guru swears by and uses AWStats with some scripting and such he's added for specific reports.
Sorry, thought I had more info... a quick look doesn't show everything you've mentioned, but it was cursory...should give you a starting point for research tho.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
January 5th, 2005, 03:57 AM
#5
Senior Member
yeah awstats is probably not exactly what your looking for detox but if you like hacking scripts, then awstats is what your lookin for .... You just may need to learn how apache is writing its logs
-
January 5th, 2005, 04:22 AM
#6
Hmm, you can try Auditing tools such as Retina
-
April 2nd, 2005, 05:48 AM
#7
Member
Re: Looking for an intrusion detection script for a website.
Originally posted here by detoxsmurf
Anybody know of a script that will scan your website logs, and create a PHP or HTML readout of the results. I'm not looking for SNORT but something where I can read the results online.
EDIT: I should add that i have access to the access and error logs, but not root access to the server.
Do you have permission to install SNORT/other IDS? Snort or any other IDS software is what you need to do what you want..
-
April 4th, 2005, 11:59 AM
#8
Yep. Snort in combination with Base, Acid, Snort Report, Snort-rep and/or SnortSnarf.
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|