Site Logger ?

[d.shankar]

Consider a site www.example.com. It has some 10000 visitors per day.

 

Is it possible to develop a code that logs whatever the visitors type in the textbox or modify the URL of that site etc to a file ?

 

:o

 

Any ideas ???

[shocker-z]

could you explain what you mean a bit clearer as im not sure what your wanting to check for?

 

 

Liam

[Wuhtzu]

I personally do not understand what you want to do, please be a little more specific.

 

 

Right now it seem to me that you would like to track/log what URL your users type in the address bar when leaving your site?

 

 

 

[d.shankar]

Right now it seem to me that you would like to track/log what URL your users type in the address bar when leaving your site?

 

Yeah i want to track down the users type in the address bars and forms.

[d.shankar]

Actually i want to check whether if any user enters malicious input to the website.

Is it possible to log it in a file ???

[trq]

Is it possible to log it in a file

 

Its allready being logged in the Apache logs. However, if you don't have access to them, you could simply create your own using the $_SERVER[] array. The $_SERVER[] array contains quite a bit of information about each request.

[Wuhtzu]

Can you please show us the website, because what you are saying is very conflicting - at least in my world / understanding.

 

If you have a website with forms - those could be contact forms, forms for posting to a forum, forms for searching ect. - you hopefully do something with the data the user inputs... If it is a contact form you hopefully send the data to your e-mail, if it is a search form you hopefully build some search queries using the data, if it is a form for posting to a forum you hopefully saves the data to a database.

 

A part of dealing with forms are validating input and you hopefully do that if you have forms on your site. And if you validate the input the user will never submit malicious input because it will get caught by your validation.

 

If you do not validate the input of your forms or can't figure out how to store user inputs from a form you should do some basics about handling and validating forms. And if you want to save the input to a file read some about filehandling:

 

Form validation / handling: http://www.htmlcenter.com/tutorials/tutorials.cfm/149/PHP/

Form validation / handling: http://www.php-mysql-tutorial.com/form-validation-with-php.php

PHP form handling: http://www.w3schools.com/php/php_forms.asp

File handling - read/write: http://www.tizag.com/phpT/files.php (click continue to go through all file handling stuff)

[d.shankar]

Is it possible to log it in a file

 

Its allready being logged in the Apache logs. However, if you don't have access to them, you could simply create your own using the $_SERVER[] array. The $_SERVER[] array contains quite a bit of information about each request.

 

Wil check that out thorpe 

[d.shankar]

Can you please show us the website, because what you are saying is very conflicting - at least in my world / understanding.

 

If you have a website with forms - those could be contact forms, forms for posting to a forum, forms for searching ect. - you hopefully do something with the data the user inputs... If it is a contact form you hopefully send the data to your e-mail, if it is a search form you hopefully build some search queries using the data, if it is a form for posting to a forum you hopefully saves the data to a database.

 

A part of dealing with forms are validating input and you hopefully do that if you have forms on your site. And if you validate the input the user will never submit malicious input because it will get caught by your validation.

 

If you do not validate the input of your forms or can't figure out how to store user inputs from a form you should do some basics about handling and validating forms. And if you want to save the input to a file read some about filehandling:

 

Form validation / handling: http://www.htmlcenter.com/tutorials/tutorials.cfm/149/PHP/

Form validation / handling: http://www.php-mysql-tutorial.com/form-validation-with-php.php

PHP form handling: http://www.w3schools.com/php/php_forms.asp

File handling - read/write: http://www.tizag.com/phpT/files.php (click continue to go through all file handling stuff)

 

 

That was a quite good explanation wuhtzu.

 

Actually i want to design some sort of intrusion detection system matey... It should monitor the user inputs and if anything found malicious it should alert the web administrator.

 

Hope you get it now.

[cooldude832]

why instead of detecting and logging mlaicious just block it.  What sort of malicious are we talking swearing in forums or something else like trying to inject sql?

[trq]

You might want to look at the mod_security module for Apache. Best to catch these things at a server level than with php if possible.

[d.shankar]

why instead of detecting and logging mlaicious just block it.  What sort of malicious are we talking swearing in forums or something else like trying to inject sql?

 

Yea cooldude.. u are absolutely right [You are trying to say prevention is better than cure .. right !!]

 

In my case actually i want to know what is trying to cause the chaos.

 

Consider i have an FBI Site and it is already heavily secured but still there may some hackers trying to crack the site with malicious inputs.. so in this case i need to record that sort of inputs too.

 

[d.shankar]

You might want to look at the mod_security module for Apache. Best to catch these things at a server level than with php if possible.

 

 

Thanks again buddy !

[d.shankar]

Its allready being logged in the Apache logs. However, if you don't have access to them, you could simply create your own using the $_SERVER[] array. The $_SERVER[] array contains quite a bit of information about each request.

 

How to and where to catch the response from the user with the $_SERVER ???

 

Any ideas or help ?

 

 

 

[d.shankar]

Do i have to include the $_SERVER vars in all pages  ???

[trq]

Do i have to include the $_SERVER vars in all pages

 

Just log what you actually want. And yes, you will need to include all your log code within any page you want logged.

 

You could also (or instead of) create your own customlog via your .htaccess. Take a look at the relevent parts of the Apache manual.

[shocker-z]

or like someone else said just fix the issues that you have?

 

Submit it to the testing forum they will check for any SQL exploits and so on then fix the issues they state then it doesn't matter if people try as if they try and succeed then there aint much you can do to stop them as they have already done it! if they try and dont succeed then no need to log as they didnt succeed. If someone really wanted to harm your site logging them would do nothing anyway as they would access u via a proxy.

 

Liam

[d.shankar]

or like someone else said just fix the issues that you have?

 

Submit it to the testing forum they will check for any SQL exploits and so on then fix the issues they state then it doesn't matter if people try as if they try and succeed then there aint much you can do to stop them as they have already done it! if they try and dont succeed then no need to log as they didnt succeed. If someone really wanted to harm your site logging them would do nothing anyway as they would access u via a proxy.

 

Liam

 

Thanks liam.

 

If we have such feature configured in the site then no user will ever try to hack it.

They will fear that our actions are being noted so they will just ignore the site even though it is vulnerable !!!

[cooldude832]

Consider i have an FBI Site and it is already heavily secured but still there may some hackers trying to crack the site with malicious inputs.. so in this case i need to record that sort of inputs too.

 

I laughed at this, and agree.  You need to prevent intially and then watch all inputs for malicious attacks.  You can simply say on each page

<?php
foreach($_GET as $key => $value){
$insert = "Insert into `logger` (key, value) Values '".$key."','".$value."'";
mysql_query($insert) or die(mysql_error());
}
?>

and you can then log all get variable data in a table for viewing later, however if you are passing more than 5 variables you might want to look for a better method.  I was just trying to develop a catch all.

[d.shankar]

Heh heh i never thought that would really make you laugh  ;D

 

Thanks for the small prototype cooldude..

 

As thorpe explained about $_SERVER vars.. Does $_GET comes under that ?

What about $_POST ???

 

Sorry if i really make u mad !!

[d.shankar]

Hi guys with your guidance i checked out an example by myself.

 

Please tell me if i am in the right path !

 

<?php
?>

<html>

<body>
<form action=''>
<input type='text' name='txt1'>
<input type='submit' name='sub1'>
</form>
</body>
</html>

<?php
foreach($_REQUEST as $key => $value)
{
	//echo "The Key".$key;
	//echo "<br>";
	echo "User Submitted Value ".$value;
}

?>

 

 

Do reply guys.

[cooldude832]

Request is all the data a browser sends which I belive includes GET, POST, SESSION and a few other odds and ends.  It would probably best if your server isn't horrible to simply log all the REQUEST and SERVER data.  You could spead things up really quickly by not using mysql now, instead use a flat file to store this data (So you can store a single string instead of a million strings).  Then simply run a cron job that will convert all the flat files to mysql every 15 minuites.  Make each page load its own flat file.  This will make your cron job run almost 24/7, but you will have so much data that you can find just about anything you want.  Also you might want to make your table dynamic.  Such as the fields should be added as they are discovered so you can make a much more linear table than a 3 field table.  It be a lot of work, but it would be a powerful tool when completed.

[d.shankar]

Thanks cooldude you are awesome you ideas are big !!

 

 

[cooldude832]

although it knida leves you open to injection there as a person could just keep adding nonsense get variables and your table would be forced to grow in the fields for each get variable, reguardless of if it showed up more than once, maybe what you want to do is define all your server defined get variables then make a field called other_get and then for every get that doesn't match the given fields just put them there comma seperated like

KEY: Value, Key2: Value2

 

It will save your table from crashing.