Apache: Count Visits on Console

If you use a Webserver like Apache, you can use a small script to Analyse your Logs. Create a analyse-web.sh Script with:

 $sudo nano /home/user/analyse-web.sh 

insert:
#!/bin/bash
cat /var/log/apache2/access.log | awk '{ print $1 }' | sort | uniq -c
exit 0

System Output:
1573  www.domain2.de
3568  www.domain3.de
..

If you change the „$1“ to other value like „$8“ you will get the count of touched files or folders! This shows you attacks on single Files by abnormal high counts! You can use cron to run it every 15Minutes and send it to mailbox of a user. And this way does not need a PHP Tool with special PHP rights like webalizer or else..

Security: Harden DSL Routers and Networks against attacks

Last days there was a high count of news about the Bot Attacks against T-Com Telekom Router devices. To understand the behavior about this up comming security problems you should know following points :

  • Every network supported device can be a goal for a attack ( Routers, Modems, PC, Fridges,IP-TV, IP Switches, IP-Cams…)
  • You have to update the OS for each device monthly, if not supported by the manufacter, then dont buy!
  • Try to get Opensource Hardware with Opensource Software for full access (ssh / console) to have full control
  • Reduce the count of devices who are connected direct to the web!
  • If you must use a ISP Modem / DSL Router of your ISP Provider, then install a second Opensource Router with Firewall behind for more security
  • Use small Firewalls to seperate WIFI and LAN Networks!
  • DISABLE if possible „auto update“ and „ISP Remote Control“ at the DSL Router / Modem cause more and more comfort functions are hacked to break the systems.
  • Updates must be tested on non productive Routers!
  • Keep clean backups of fresh installed Routers / Modems and restore the backup every 3 month to overwrite bad possible changes!!
  • Connect the Routers to a clocktimer to unplug and hard reboot the Router every night! (againts RAM Hacks)
  • Control every month the Router logs and ISP-Settings ( IP-Phones) cause hackers want to route calls to asia!
  • Dont trust blind every commercial hardware! much bugs like open doors, default passwords are set!
  • Test your System with free tools like „nmap“ Portscan and „iftop“
  • Change Passwords, WIFI Passwords, Wifi-IDs! min. 12 signs

Major Webserver Setup Rules: The „must“ do!

If you want to setup a fresh secure Webserver then use this list

  • dont ever upload data, files, images on the Webserver who are classified as „secret“
  • setup daily full backup with Cron
  • view daily the system logs, auth, www, errors …
  • setup a local firewall with less opened ports 80,25 ..
  • setup daily automatic updates by cron
  • reduce the count of users who can login
  • use no logical usernames
  • force long passwords by rules min 15 digits
  • setup a daily load monitor by „uptime“ to log
  • setup a realtime network monitor by „iftop“
  • use „nmap“ as local portscan to test settings
  • remove unneeded software packages and services, less is more..
  • change monthly passwords forced by rules
  • upload only via encrypted SFTP and use Login Keys
  • copy hourly your Logs on /var/log to a other external place (scp/rsync) by cron
  • use ECC-RAM to have save RAM usage againts RAM attacks
  • use 2 HDD’s as Raid 1 and setup mail of root to post failures to your box
  • mount the Webserver root file system readonly, that no one can modify /etc
  • dont use Java, PHP, Tomcat, or other Adminpanels if you really need them!

I hope this rules help you to protect your Server..