Unix Server Log Analyzer

Thanks for trying out the Log Analyzer script. This script parses through your server logs and summarizes all sorts of goodies, like membership area accesses, frequent visitors, possible hackers, etc...

Introduction

Briefly, this script will show you:
* A summary of your log file and traffic to your website
* A summary of the traffic to password protected areas of your website
* How to stop hackers from attacking your members area

Installation of the system

Download the LAnalyzer.zip file from the Groundbreak.com website and extract it using a program such as Win-Zip (www.winzip.com)

You should have all of the following files:
parselog.cgi
readme.txt
.htaccess

OK, here we go:

1. First and foremost, you need to know if your server has a log file that
you have access to. Check with your hosting company. If you have a Unix server
most likely the log file is compatible with this script.

2. Open the parselog.cgi file in a text editor and edit the five variables
found at the top of the script:

  • $path_to_server_log is the FULL PATH to your log file
    home is your base url without an ending slash
  • $how_many_items_to_list is the number ranked pages you want
  • $main_htaccess_file is the FULL PATH to the .htaccess file in your main web directory. You will be adding the IP addresses of hackers or individuals that you don't want to see your site here.
  • $password_file is the FULL PATH to your standard HTTP Basic Authentication text file filled with username:password combinations. This script will modify (but not delete) usernames that are being abused.

3. Upload the parselog.cgi file to your cgi-bin directory.

4. CHMOD it 755

5. Upload the .htaccess file to your root web directory if you want to BAN certain visitors/hackers from your website completely.

5. Execute parselog.cgi in your browser and view the info.

Hacker prevention

This script also includes to routines that help you stop hackers from attacking your website. There are essentially two attacks that can be found and stopped using this script:

A username/password combination has been distributed on the internet.

RESULT: There will be many instances of this username logging in by
different IP addresses.

FIX: If you see this happening with a certain username in the script, just
click on the link and that username will be disabled (but not deleted)
from your unix htpasswd password file by putting a "*******_inactivated_********" next to it.

Someone is trying to log in with a variety of different username/password combos.

RESULT: There will be many different usernames tried (often one time only) by
the same IP address. This is usually done by a special script that bombards your members area with the different combinations.

FIX: If you see this happening, the script will BAN that IP address from visiting
your whole website by adding the offenders IP address to the .htaccess file
that you will place in your main web directory

Here is an example of mine:

AuthType Basic
AuthName MySite
<Limit GET POST>
deny from 212.205.246.161
deny from 24.0.198.230
deny from 195.86.250.18
deny from 195.86.58.244
deny from 24.48.22.116
deny from 24.48.22.48
</Limit>

So, the people with those IP addresses have been banned from my website...:-)

© 1998 - present Groundbreak.com, All Rights Reserved