Grep /var/log for hacker/script kiddy activity and e-mail?

Posted by Jason on Server Fault See other posts from Server Fault or by Jason
Published on 2012-09-06T02:44:26Z Indexed on 2012/09/06 3:39 UTC
Read the original article Hit count: 186

Filed under:

apache2

|

httpd

|

centos6

|

grep

CentOS 6 Apache Server version: Apache/2.2.15 (Unix)

Thinking about how to automatically, once a day, grep all the logs in /var/log/httpd for hacker, phishing, etc activity and e-mail it to myself so I can evaluate what I might need to do.

But what are the patterns I can look for?

IE, we dont run Wordpress and we see a lot of attempts to access Wordpress related content, obviously for an exploit. Same with PHPMyAdmin.

I could do something like repeatedly, matching common patterns we see.

# grep -r -i wp-content /var/log/httpd/

# grep -r -i php-my-admin /var/log/httpd/

How do I e-mail myself this the results of each grep command or better yet all Grep results in a single e-mail?

© Server Fault or respective owner

Related posts about apache2

apache2: Could not open configuration file /etc/apache2/apache2.conf: Permission denied

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I recently upgraded Ubuntu to the latest LTS edition on my work laptop, which I use as a LAMP development platform. The upgrade was from 12.4 to 14.4. Now I'm having trouble getting apache up and running again. Here is the output from an attempt: antonc@antonc-laptop:/etc/apache2$ sudo service apache2… >>> More
Apache segfault glibc segfault

as seen on Server Fault - Search for 'Server Fault'
I keep getting (about every 5-6 hours) this segfault in apache: [Tue Jun 26 12:43:10 2012] [notice] child pid 26810 exit signal Aborted (6) *** glibc detected *** /usr/sbin/apache2: free(): invalid pointer: 0xb68c2628 *** ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(+0x6ff22)[0xb75aef22] /lib/i386-linux-gnu/libc… >>> More
Localhost not working after installing PHP on Mountain Lion

as seen on Server Fault - Search for 'Server Fault'
I've installed php using brew install php54 --with-mysql, I've set up all the path correctly. which php will give me /usr/local/bin/php php -v will give me PHP 5.4.8 (cli) (built: Nov 20 2012 09:29:31) php --ini will give me: Configuration File (php.ini) Path: /usr/local/etc/php/5.4 Loaded Configuration… >>> More
Apache 2 Virtual Hosts no working on OSX 10.6

as seen on Server Fault - Search for 'Server Fault'
This is my first MacBook and I'm trying to get virtual hosts up and running so as it's going to be my dev machine. I've got apache/php/mysql running fine, the problem is that what ever address I go to I just get one of the virtual hosts I've setup. I can't even get to the root site anymore. I had… >>> More
apache2 error Could not open configuration file /etc/apache2/conf.d/: No such file or directory

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have just upgraded my Ubuntu 13.10 and apache2 is not working. When I try to start the apache2 server it is printing following errors: * Starting web server apache2 * The apache2 configtest failed. Output of config test was: apache2: Syntax error on line 263 of /etc/apache2/apache2.conf: Could… >>> More

Related posts about httpd

Web site not responding

as seen on Super User - Search for 'Super User'
I have website working fine before. But now its not able to connect to the server(I believe that is the problem). But its strange that the message not able to connect to the server is not coming and its keep connecting... for infinite time. Here is the screenshot. Here are some of the useful… >>> More
Httpd + Expect Script Fail (no more ptys) if httpd is not run through cli

as seen on Server Fault - Search for 'Server Fault'
I have a CentOS virtual server through Vmware. The server runs an httpd daemon which serves an php page with a form. The users complete the form, and by clicking submit the php page calls an expect scripts. If i run the httpd throught the default init.d script i get a "no more ptys" error, but if… >>> More
Difference between httpd and httpd-devel package on CentOS 5

as seen on Server Fault - Search for 'Server Fault'
I'm trying to update PHP 5.1 to 5.3 on CentOS 5.10. On the server, httpd-devel is installed but trying to install php53 on CentOS 5, it wants to install httpd. This is a production server so I need to know if it's safe to install httpd when httpd-devel is already installed. The php package (5.1.6)… >>> More
Redirect particular hostname from https to httpd in httpd/apache2

as seen on Server Fault - Search for 'Server Fault'
I have a webserver that has an ssl certificate applied to a subdomain https://shop.mydomain.com. I also have the hostname http://mydomain.com that has no ssl certificate. When invoking https://mydomain.com, browsers issue a warning that a certificate could not be verified because the webserver is… >>> More
Optimizing apache server load

as seen on Server Fault - Search for 'Server Fault'
We have an issue with a dedicated server load. We have 16 processors with 4 core @ 2.40GHz, if I understood correctly cat /proc/cpuinfo output. Unfortunately, I don't have access to free -m or vmstat. But from top I got that we have 24 GB. And snapshot from top about processes: As far as I see… >>> More