Quick way to check threats on your webserver

Since the most common language used to build sites on the Internet is PHP a majority of attacks to a web server will be looking for “PHPy” stuff.

If you build a non-PHP site you can have a quick look at the “PHP attacks” on your web server using a simple Linux cat+grep command on your web server’s access log.

Here’s an example for nginx:

sudo cat /var/log/nginx/access.log | grep php


Looking at the output it’s apparent that some sort of automated script is accessing a number of well known vulnerabilities in PHP based web frameworks. The “myadmin” threat is probably trying to take over the MySQL database of the site. Of course in this example all of these are 404s which means the attacker did not get through.

If you want something more comprehensive than simple Linux commands try GoAccess. It’s a neat little utility which parses your web server’s log and gives a cool terminal based Dashboard.

But the important thing is to regularly “keep an eye” on your web server’s access logs for potential threats that may take your site down.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s