Assuming that I’ve tried my best to write secure code: database isn’t easy for sql injection, output is filtered from xss, and other. The next question is how do I track that someone has tried to hack a website. What can a developer do that doesn’t involve them reading through logs of every URL request that came to their website? (not that I even know how to do that).
I use PHP so tools or answers specific to PHP are welcome.
Try get from logs (eg. apache) logs to your website, group them to groups with contains same records (queries) but from different IP addresses, and get this list with ordering by count accidents ascending, then you get unexpected queries to your website then you have easily manual get view on this and get find some try of attacks.
You cant automate this process, because this is searching a code “undefined behavior”.
Obvious – read the system logs
Not so obvious – Install this: https://github.com/PHPIDS/PHPIDS
Found that website some time ago, and since you’re on PHP I believe that you’ll love the demo 😉
If there was an easy simple answer for that, then the security business would be out of business.
You could log suspicious behavior (trying to access files that do not exist, a lot of logins failed from the same IP etc).
you can never track an attack that’s passed your security because it just done just that,
best practice would be make sure the data send is actually the kind of data it’s suppose to be(numers beeing nr etc) and everything out of the ordniary gets saved to a txt/database or whatever you find fit
Read the logs.
Most stupid hack attempts try to access a few domains or run SQL injections.
- yourdomain.com/?q=” OR 1=1