This article covers some concepts of log analysis to web attacks for LAMP.
Analyzing the logs
we can check the apache access log for the query “union select 1,2,3,4,5” in the URL. It will show some SQL Injection.
$sudo cat /var/log/apache2/access.log | grep "union"
To searche for requests that try to read “/etc/passwd”, which is obviously a Local File Inclusion attempt.
$sudo cat /var/log/apache2/access.log | grep "etc/passpwd"
- [ January 30, 2018 ] How to install and config Termux on Android 5.x or later
- [ January 30, 2018 ] Automatically enable HTTPS on your website with EFF's Certbot
- [ January 29, 2018 ] Wireless network management in Raspberry Pi
- [ January 28, 2018 ] Install pycharm by Ubuntu make
- [ December 22, 2016 ] Deploying Django Apps with mod_wsgi on Ubuntu 16.04
- [ December 19, 2016 ] Top Things to do after Ubuntu 16.04 Installation
- [ December 19, 2016 ] Setting up Vim for Python
- [ December 19, 2016 ] PHP5.2 Parse error: syntax error, unexpected T_FUNCTION
- [ December 19, 2016 ] Automatically enable HTTPS on your website with EFF's Certbot
- [ December 15, 2016 ] How to install php5.6 on Ubuntu 16.04