The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security question for logs

Discussion in 'Security' started by speckados, Aug 28, 2004.

  1. speckados

    speckados Well-Known Member

    Joined:
    May 21, 2003
    Messages:
    291
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Acequias :: Granada :: España
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Well, after last day, I looking on logs for acces to cpanel and log of doamin hacked.

    First. Access log get only stupid 127.0.0.1 or localhost how IP of remote machine. Also on my configuration are checked "Try to resolve each client's ip to a domain name when a user connects to WHM/cPanel/cppop. (speed degradation)" (and now probe without this option)

    Second.- On combined log for access on Apache Logs, I see a seriuos problem.

    There`re a lot of ISp that use a Proxy. Actual common log not get real ip of machine and that it's possible with a little changes on httpd.conf, but there're alot of chnges (on all virtual host) fo add two Customlog with use setennif directive.

    Exxample:
    Code:
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%{Client-ip}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" proxy:%h" proxy
    
    SetEnvIf Client-ip . client-ip-request
    
    <VirtualHost XXXXXXZ>
    CustomLog domlogs/domainname combined env=!client-ip-request 
    CustomLog domlogs/domainname proxy env=client-ip-request
    
    That it's very important ofr legal considerations on SPain Law, and for security foresinc works.

    I'm looking for a system for modify all <virtualhost> with my CUstomlog but I don't see any for this work.

    Any sugestion?

    Thks. :cool:
     
Loading...

Share This Page