Using Raw access logs to find website abuser

Forum Moderators: DixonJones

Message Too Old, No Replies

Using Raw access logs to find website abuser

yonki

7:37 am on Jun 16, 2005 (gmt 0)

Last Saturday a new competitor used a form on my webpage to e-mail, one by one, all my clients and suggest that they change over to him.
I know the exact time of the e-mails but, stupidly, I didnt record the IP address. I am trying to access my raw logs to find all this data but the log analysers all show me fancy statistics and all I want is written proof of what happenen on Saturday.
I tried to read the raw access log in textpad but got a load of nonsense.

Any ideas? I would be really grateful as this guy is doing many things to unfairly get rid of his competition.

Many thanks for your help.

Jon

gregbo

8:44 pm on Jun 16, 2005 (gmt 0)

If it's a common log format access_log, the fourth and fifth (space separated columns) should look like this:

[08/Jun/2005:07:36:41 -0400]

The fourth column is the date and time, the fifth the offset from GMT. Since you know when the abuse occurred, you can use the date and time in the access_log to find the abusive traffic.

yonki

10:53 pm on Jun 16, 2005 (gmt 0)

Unfortunately I dont think it opens correctly in textpad - it is far too short and mekes absolutley no sense whatso ever. There is something not quite right.....

recksul

2:15 pm on Jun 17, 2005 (gmt 0)

your raw logs may be zipped (ie .gz format) . You probably have to unzip it before you can read it.

cgrantski

3:09 pm on Jun 17, 2005 (gmt 0)

And it's possibly you're not looking at the right logs; a server has a lot of things with "log" in the name. If Apache, the logs will have "access" in the filename. If IIS, the logs will use the name format "ex[yymmdd].log".

It can be a shock to open the wrong kind of log in TextPad!

curlykarl

3:21 pm on Jun 17, 2005 (gmt 0)

Try opening them in Excel, works for me.

Karl

yonki

3:23 pm on Jun 17, 2005 (gmt 0)

I just clicked on "Download Access logs" from my control panel that my server provides. It took a while to download but all I can see it a short page of stuff. My computer seems to think it is an MS-Dos application and it is over 300 MB.

I have no idea ....

Dijkgraaf

10:51 pm on Jun 17, 2005 (gmt 0)

Well what is the file that you downloaded called?
That might give us some clue.