Apache: Count Visits on Console

If you use a Webserver like Apache, you can use a small script to Analyse your Logs. Create a analyse-web.sh Script with:

 $sudo nano /home/user/analyse-web.sh 

insert:
#!/bin/bash
cat /var/log/apache2/access.log | awk '{ print $1 }' | sort | uniq -c
exit 0

System Output:
1573  www.domain2.de
3568  www.domain3.de
..

If you change the „$1“ to other value like „$8“ you will get the count of touched files or folders! This shows you attacks on single Files by abnormal high counts! You can use cron to run it every 15Minutes and send it to mailbox of a user. And this way does not need a PHP Tool with special PHP rights like webalizer or else..

Major Webserver Setup Rules: The „must“ do!

If you want to setup a fresh secure Webserver then use this list

  • dont ever upload data, files, images on the Webserver who are classified as „secret“
  • setup daily full backup with Cron
  • view daily the system logs, auth, www, errors …
  • setup a local firewall with less opened ports 80,25 ..
  • setup daily automatic updates by cron
  • reduce the count of users who can login
  • use no logical usernames
  • force long passwords by rules min 15 digits
  • setup a daily load monitor by „uptime“ to log
  • setup a realtime network monitor by „iftop“
  • use „nmap“ as local portscan to test settings
  • remove unneeded software packages and services, less is more..
  • change monthly passwords forced by rules
  • upload only via encrypted SFTP and use Login Keys
  • copy hourly your Logs on /var/log to a other external place (scp/rsync) by cron
  • use ECC-RAM to have save RAM usage againts RAM attacks
  • use 2 HDD’s as Raid 1 and setup mail of root to post failures to your box
  • mount the Webserver root file system readonly, that no one can modify /etc
  • dont use Java, PHP, Tomcat, or other Adminpanels if you really need them!

I hope this rules help you to protect your Server..