Exotic log entry database

Forum Moderators: DixonJones

Message Too Old, No Replies

Exotic log entry database

...useful when analysing ones logs

Jack_Hughes

8:32 pm on Jun 7, 2005 (gmt 0)

Hello everybody,

where can i find information about attacks on apache & the log entries they create?

i have written a log analyser (open source) & would like some good log entries to through at it.

is this sort of thing covered best at security oriented web sites.

jatar_k

5:28 am on Jun 10, 2005 (gmt 0)

hmmm,
>> attacks on apache

not really sure, most web based attacks are directed towards a certain product usually, apache has very few exploits and the ones I know of don't come from logs.

Do you mean just various exploits for various web based products?

not really sure, not the kind of thing I have looked for except in regards to a specific product.

ronburk

11:38 pm on Jun 12, 2005 (gmt 0)

Just run a public web server; you should pick up plenty of sample attacks in your logs in short order. Alas, many of them will be attacks designed to work on IIS, transmitted by attackbots too dumb to adapt to the server type.

Most common things I see include: illegal method, too damn long in one or more fields, 404s reaching for published vulnerabilities, and tests to see if I'll proxy (e.g., "GET [other_domain_not_mine.com...] HTTP/1.1").

Jack_Hughes

10:09 am on Jun 14, 2005 (gmt 0)

thanks all,

I have several gigs of logs, so i guess I should just go through them & find the hacks.