website security apache access log [Archive] - Cyber Tech Help Support Forums

masternige

September 26th, 2007, 07:21 PM

Hi folks,
I have started my own website as some people may allready know.When i was looking at the access log there was an ip address that i did not recognise.As only a handful of people know about my website and the url to it i think somebody has been a bit nosy.I am curious as to how someone would find my site on the net when it is not advertised?Also would like to know how i could block there ip address.I am from another thread trying to figure out how .htaccess works but that another story.

Is it possible to find out where an ip address originated from?

Regards Nige.

oracle128

September 27th, 2007, 10:15 AM

It could have been a lot of things. But most likely it was one of two:
-A search engine spider crawling the web and indexing your page
-A hacker/cracker, scanning random/sequential IP address looking for machines to attack

On my server I get all sorts of random crap, and my site's not advertised (at least, not until I put a link to it in my sig). If you have an IP address constantly show up and it's requesting weird pages that don't exist on your site, it's probably crackers. Exactly what requests they are depend on what scanner software is being used, and what vulnerabilities they're looking for.
If the requests are for the file robots.txt, it's a spider.

Yes it's possible to block by IP address See here (http://www.freebsddiary.org/apache-block.php). Though it's not a good idea to - it's not effective, it can block people falsely, and it's too difficult to manage. If you only want your site accessible by a select few, you should protect your site with a username/password system. It can be done quite easily with .htaccess and .htpasswd. Or you could use .htaccess in the opposite way as shown in the link - deny from all, all from (specific IP addresses). Again, doing it by IP is harder to manage than the username/password system. Especially if you have people with dynamic IPs. Which brings up another possibility; it was in fact one of your friends who accessed your site, just with a different IP (either because of dynamic IP, or they accessed it from a different connection).

You could also look up the address (http://www.dnsstuff.com/) to see if it relates to anything.