I cannot seem to get our machine to dump the POST data to the error logs. We are doing this due to a heavy amount of most likely (99% sure) malicious attacks against one of our user's website. They are constantly up to 5 times a second sending POST requests to the website. This is a non-stop thing. An example:
151.75.212.143 - - [31/Jul/2013:16:25:38 -0500] "POST / HTTP/1.1" 200 30757 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
We've tried doing this, using these lines in our HTTPD.conf:
DumpIOInput On
DumpIOLogLevel debug
DumpIOOutput On
And by default, the error log line is set to -> ErrorLog "logs/error_log".
We've checked in that log file, numerous times, while attacks are going on, and it doesn't log anything to it. Am I missing something here or is there an issue with Dump_IO and cPanel? We've made sure that easyApache installed the dumpio_module.
Any help would be very much appreciated! Thanks!
Software specs/versions:
WHM 11.38.1 (build 15) VPS Optimized
[email protected][*] [/usr/local/apache/conf]# uname -a
Linux [*].[*].com 2.6.32-220.7.1.el6.i686 #1 SMP Tue Mar 6 21:21:22 GMT 2012 i686 i686 i386 GNU/Linux
Server version: Apache/2.2.25 (Unix)
Server built: Jul 30 2013 16:48:44
Cpanel::Easy::Apache v3.20.6 rev9999
PHP 5.3.27 (cli) (built: Jul 30 2013 16:56:53)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2013 Zend Technologies
with Zend Guard Loader v3.3, Copyright (c) 1998-2010, by Zend Technologies
[email protected][*] [/usr/local/apache/conf]# apachectl -t -D DUMP_MODULES
Loaded Modules:
core_module (static)
authn_file_module (static)
authn_default_module (static)
authz_host_module (static)
authz_groupfile_module (static)
authz_user_module (static)
authz_default_module (static)
auth_basic_module (static)
dumpio_module (static)
include_module (static)
filter_module (static)
log_config_module (static)
logio_module (static)
env_module (static)
expires_module (static)
headers_module (static)
unique_id_module (static)
setenvif_module (static)
version_module (static)
proxy_module (static)
proxy_connect_module (static)
proxy_ftp_module (static)
proxy_http_module (static)
proxy_scgi_module (static)
proxy_ajp_module (static)
proxy_balancer_module (static)
ssl_module (static)
mpm_prefork_module (static)
http_module (static)
mime_module (static)
status_module (static)
autoindex_module (static)
asis_module (static)
info_module (static)
suexec_module (static)
cgi_module (static)
negotiation_module (static)
dir_module (static)
actions_module (static)
userdir_module (static)
alias_module (static)
rewrite_module (static)
so_module (static)
bwlimited_module (shared)
php5_module (shared)
security2_module (shared)
Syntax OK
151.75.212.143 - - [31/Jul/2013:16:25:38 -0500] "POST / HTTP/1.1" 200 30757 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
We've tried doing this, using these lines in our HTTPD.conf:
DumpIOInput On
DumpIOLogLevel debug
DumpIOOutput On
And by default, the error log line is set to -> ErrorLog "logs/error_log".
We've checked in that log file, numerous times, while attacks are going on, and it doesn't log anything to it. Am I missing something here or is there an issue with Dump_IO and cPanel? We've made sure that easyApache installed the dumpio_module.
Any help would be very much appreciated! Thanks!
Software specs/versions:
WHM 11.38.1 (build 15) VPS Optimized
[email protected][*] [/usr/local/apache/conf]# uname -a
Linux [*].[*].com 2.6.32-220.7.1.el6.i686 #1 SMP Tue Mar 6 21:21:22 GMT 2012 i686 i686 i386 GNU/Linux
Server version: Apache/2.2.25 (Unix)
Server built: Jul 30 2013 16:48:44
Cpanel::Easy::Apache v3.20.6 rev9999
PHP 5.3.27 (cli) (built: Jul 30 2013 16:56:53)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2013 Zend Technologies
with Zend Guard Loader v3.3, Copyright (c) 1998-2010, by Zend Technologies
[email protected][*] [/usr/local/apache/conf]# apachectl -t -D DUMP_MODULES
Loaded Modules:
core_module (static)
authn_file_module (static)
authn_default_module (static)
authz_host_module (static)
authz_groupfile_module (static)
authz_user_module (static)
authz_default_module (static)
auth_basic_module (static)
dumpio_module (static)
include_module (static)
filter_module (static)
log_config_module (static)
logio_module (static)
env_module (static)
expires_module (static)
headers_module (static)
unique_id_module (static)
setenvif_module (static)
version_module (static)
proxy_module (static)
proxy_connect_module (static)
proxy_ftp_module (static)
proxy_http_module (static)
proxy_scgi_module (static)
proxy_ajp_module (static)
proxy_balancer_module (static)
ssl_module (static)
mpm_prefork_module (static)
http_module (static)
mime_module (static)
status_module (static)
autoindex_module (static)
asis_module (static)
info_module (static)
suexec_module (static)
cgi_module (static)
negotiation_module (static)
dir_module (static)
actions_module (static)
userdir_module (static)
alias_module (static)
rewrite_module (static)
so_module (static)
bwlimited_module (shared)
php5_module (shared)
security2_module (shared)
Syntax OK
