Today I used the following command to check for hacking attempts against an Apache webserver.
grep 'GET.*/winnt/' access_log|awk '{print $1}' | sort | uniq |
This will give a sorted list of unique IP addresses that tried to run naughty stuff.
Adding “| wc -l” of course will give the number of hackers (or trojans) trying to get in.
Script to check hacks.
# Script to check hack attempts on apache server
apache_log=/apps/apache_1.3.26/logs/access_log
no_hacks=grep -E 'GET.*/winnt/|default.ida' $apache_log | awk '{print $1}' | sort | uniq | wc -l
echo "There were $no_hacks hack attempts found in the access log.\n"
echo "Here are the last 10 attempts...\n"
grep -E 'GET.*/winnt/|default.ida' $apache_log | awk '{print " ",$1,$4}' | tail -10
echo "\nFinished." |
