Welcome to WebmasterWorld Guest from 23.20.221.93

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

Using Raw access logs to find website abuser

Using Raw access logs to find website abuser

     
7:37 am on Jun 16, 2005 (gmt 0)

New User

10+ Year Member

joined:June 16, 2005
posts:3
votes: 0


Last Saturday a new competitor used a form on my webpage to e-mail, one by one, all my clients and suggest that they change over to him.
I know the exact time of the e-mails but, stupidly, I didnt record the IP address. I am trying to access my raw logs to find all this data but the log analysers all show me fancy statistics and all I want is written proof of what happenen on Saturday.
I tried to read the raw access log in textpad but got a load of nonsense.

Any ideas? I would be really grateful as this guy is doing many things to unfairly get rid of his competition.

Many thanks for your help.

Jon

8:44 pm on June 16, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 18, 2005
posts:817
votes: 0


If it's a common log format access_log, the fourth and fifth (space separated columns) should look like this:

[08/Jun/2005:07:36:41 -0400]

The fourth column is the date and time, the fifth the offset from GMT. Since you know when the abuse occurred, you can use the date and time in the access_log to find the abusive traffic.

10:53 pm on June 16, 2005 (gmt 0)

New User

10+ Year Member

joined:June 16, 2005
posts:3
votes: 0


Unfortunately I dont think it opens correctly in textpad - it is far too short and mekes absolutley no sense whatso ever. There is something not quite right.....
2:15 pm on June 17, 2005 (gmt 0)

New User

10+ Year Member

joined:Jan 9, 2004
posts:23
votes: 0


your raw logs may be zipped (ie .gz format) . You probably have to unzip it before you can read it.
3:09 pm on June 17, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 14, 2004
posts:1107
votes: 1


And it's possibly you're not looking at the right logs; a server has a lot of things with "log" in the name. If Apache, the logs will have "access" in the filename. If IIS, the logs will use the name format "ex[yymmdd].log".

It can be a shock to open the wrong kind of log in TextPad!

3:21 pm on June 17, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 11, 2002
posts:481
votes: 0


Try opening them in Excel, works for me.

Karl

3:23 pm on June 17, 2005 (gmt 0)

New User

10+ Year Member

joined:June 16, 2005
posts:3
votes: 0


I just clicked on "Download Access logs" from my control panel that my server provides. It took a while to download but all I can see it a short page of stuff. My computer seems to think it is an MS-Dos application and it is over 300 MB.

I have no idea ....

10:51 pm on June 17, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2005
posts:1108
votes: 0


Well what is the file that you downloaded called?
That might give us some clue.