Published: 3rd August 2023
Last updated: 6th August 2023
1
Today I’ve decided to publish the Apache access logs for this server and some basic statistics that you can pull out of the logs.
It seems a little strange at first glance but the audience of this site is a little different from the usual. There's a good chance you've spent plenty of time sifting through logs so you know that if your server environment is clean and hardened, then there's nothing really sensitive in the logs in the first place. If you think it through - there’s really not that much in an Apache access log that you couldn’t publish. Bar any secrets you’ve published on your server (why are you relying on obfuscation) and provided you haven't been nuked, the logs are generally boring and uninteresting. But don’t forget that the data collected by these logs is public information - are you going to argue your public IP address is sensitive? - and you can pull interesting information by running some basic queries over it.
One potentially useful collection which will come over the next few weeks is the idea of a live security list for fuzzing, based on real-world bot and sec lists. Tools like Burp, ZAP, and Dirbuster, etc. will rely on a dictionary list of likely URLs. When bots scan servers looking for obfuscated directories and other foothold information, they may hit upon these files by searching by brute force. Naturally those requests get logged too, but that means you can pull the data out of those logs and republish them as an active security list for scanning other applications of your own.
The dashboard is available now and I’ll continually add and refine to it, as I think of new ideas to do.
I also plan to add a few other logs from other servers (and honeypots) and make use of some free APIs (ipinfo comes to mind) to expand the usefulness of the content.
Seen something in your logs?