Windows system >> Windows tutorial synthesis  >> System FAQ

Find clues about hackers in web servers

  

Now things like servers are very afraid of viruses or hackers. Once they are attacked, they have a lot of damage. So, if you want to see if your server is hacked, you can track the clues of hackers. How to track them? Here, I will tell you below.

Today's network, security is getting more and more attention from everyone. When building a network security environment, it is gradually strengthened in terms of technical means and management systems, setting up firewalls, installing intrusion detection systems, and so on. However, network security is a comprehensive problem. Ignoring which point will cause the barrel effect, making the entire security system useless. This article analyzes the logging records of the Web server to identify vulnerabilities and prevent attacks, thus enhancing the security of the Web server.

Web services are the most abundant and richest services provided by the Internet. Various web servers are naturally the most attacked. We have adopted many measures to prevent attacks and intrusions. The records of viewing web servers are the most. Direct, most commonly used, and more effective one method, but the logging record is very large. It is very cumbersome to view the logging record. If you can't grasp the key points, the attack clues are easy to be ignored. Let's take an attack on the two most popular types of Web servers: Apache and IIS, and then find the clues of the attacks in numerous records, so take appropriate measures to strengthen prevention.

1, the default web record

For IIS, the default record is stored in c:\\winnt\\system32\\logfiles\\w3svc1, the file name is the date of the day, and the record format is standard W3C. The extended record format can be parsed by various record analysis tools. The default format includes time, visitor IP address, access method (GETorPOST…), requested resource, HTTP status (represented by number), and so on. For the HTTP status, we know that 200-299 indicates successful access; 300-399 indicates that client response is required to satisfy the request; 400-499 and 500-599 indicate client and server errors; commonly used such as 404 indicates that the resource was not found. , 403 indicates that access is prohibited.

Apache's default record is stored in /usr/local/apache/logs. The most useful log file is access_log, which includes client IP, personal identifier (usually empty), username (if needed) Authentication), access method (GETorPOST…), HTTP status, number of bytes transferred, etc.

2, Collecting Information

We simulate the usual mode of hacking a server, first collecting information and then implementing the intrusion step by step through remote commands. The tool we use is netcat1.1forwindows, the web server ip is 10.22.1.100, and the client IP is 10.22.1.80.

C:>nc-n10.22.1.10080

HEAD/HTTP/1.0

HTTP/1.1200OK

Server: Microsoft-IIS/4.0

Date:Sun,08Oct200214:31:00GMT

Content-Type:text/html

Set-Cookie:ASPSESSIONIDGQQQQQPA=IHOJAGJDECOLLGIBNKMCEEED;path=/

System FAQ
Windows system
How to check the CPU temperature of the computer?

When the CPU temperature of the computer is too high, there will be a blue screen, a crash, or even

Microsoft: The operating system application platform has been gradually formed

Microsoft at the Build 2014 conference last night, for the users to show the Win8.1 Update and WP8.1
The reason why ntldr is missing when the computer is turned on is

In the process of starting the computer, some troubles will inevitably occur. Recently, some users a
How to clear the search history of files in your computer

         The specific operation steps are as follows: 1. Press Win+R to open the run, enter regedit
Causes and solutions for abnormal color of computer monitors

In daily life, the discoloration of computer monitors is a common thing. There are various reasons f
How can I solve the problem that the software cannot be opened after the computer is turned on?

Recently, many users reflected that after booting the computer, they booted into the system interfac
  • About windows
  • System FAQ
  • System installation tutorial
  • Windows information
  • Windows skills
  • System command
  • System Optimization
  • U disk mount

    • Win7 file associated file and program "marriage" (1)

    Users are worried about the privacy rights of Win10 system.

    How to set up win8 virtual memory?

    Win10 function introduction windows10 system function evaluation video

    Win 8 how to change the status of the default browser of ie10?

    Hard disk partition assistant - solid state hard disk installation ghost win7 essential artifact

    Win10 input method icon does not show the solution of only the keyboard input box left

    Win7 system appears "can not resolve the server's DNS address" treatment

    Wonderful use of Win7 comes with features to easily burn CDs

    How does Win8 turn off Windows automatic updates?

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved