How Can I Use The Logs On My Server To Track Down An Attack?

Tracking down an attack on the internet can be a very difficult thing to do as there are a lot of variables that you have to worry about.

You have to scrutinize these variables so that you can be sure that you catch the person that you are after.

Most people are under the false assumption that the internet is totally anonymous – they believe that you can do anything and that no-one would be able to find out about their exploits unless they accidentally gave out their name or address but that is not the case at all and most professional hackers know this fact.

When it comes to surfing the internet you will always leave a footprint around somewhere.

Each digital footprint is left on a server somewhere around the world.

server-logs

Whether the person that is tracking you has the resources and the knowledge to be able to gather this information is the real question.

In this article I will show you how you can look at your logs and be able to find out who is attacking your server.

I will also discuss several reasons on why a person would attack your server in the first place.

If you know why they are coming after you then maybe you can defend yourself better.

What Is A Log Anyway?

When it comes to logs all operating systems have them and some of the programs that are on your computer may have them as well.

They are very handy things to have around and really help a lot when you are trying to find something wrong with your system.

For the people in the audience who might not know what a log is, I will give them a quick explanation –

A log is usually a text file but it can be another type of files as well, for example an XML file.

This file will document all of the steps that a program has taken.

For example, in your router that is connected to your network, you have a log that is being written out constantly.

It keeps track of the traffic that is coming in and out of your network and it tries its best to document it.

That way if some rogue element was able to get on the system, you can use the log to track down when it might have been infected and where it came from.

Another example is your operating system.

No matter if you use Windows, Mac OS X, or Linux, there is documentation being kept on the activities that you are doing on the computer.

As a matter of fact, your operating system may have several logs being built up in the system.

The operating system is built up of a lot of different pieces and more than one of them is going to need a log to keep track of it.

So now that you know what a log is, let’s get to how a log on the server helps you out when it comes to tracking down intruders.

Using Logs To Trace/Stop The Bad Guys

When the bad guys attack your server they are going to leave some sort of trace that goes back to them.

The key to tracking them down is whether you have the resources to be able to gather all of the information that you need.

For example, if the bad guy attacked you by use of a botnet, you could easily see this through your logs.

A botnet is when a black hat hacker takes over a bunch of computers without the person that is using them even knowing.

So now that they have the botnet coming after your server by way of a DDOS attack, it is easy to get the IP addresses of the computers that are pinging your servers.

You can get that information by use of a log.

If you go to the person who owns the computer and tell them the situation, you are still going to need to analyze the content of their computers to be able to track the person.

That usually means taking a look at the logs on their system.

Now you can keep back tracing in this sort of manner until you run across one of the servers that is leading the botnet.

Now that you found it, you can get it shut down.

So this is just one of the ways that you can use the logs on your server to be able to shut down a threat.

There are several more ways that the logs on your server can help you fight the battle.

Why Are They After Your Server?

The reasons why a black hat hacker might be after your server are plenty.

They might want to attack your users, or you might have valuable financial data on the server.

The server might not be well protected and the black hat hacker might be doing it just because they can – hackers love low lying fruit and your server might be just that.

If you make sure that the data on your server is protected then most hackers will see it as not worth the effort.

The logs on your server are very important; make sure that you check them on a regular basis.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] This post was mentioned on Twitter by cyberbofh and Bart P, Lee. Lee said: How Can I Use The Logs On My Server To Track Down An Attack? http://bit.ly/cc7HEr […]

Speak Your Mind

*