I've installed my PHP scripts which runs over Apache server inside a Home windows machine during my office LAN network. It's an internal contest application. Now I wish to secure the equipment all kind of makes use of and I must log all of the intruder's particulars and what kind of invasion they've attempted. Can you really implement through code or perhaps is there any existing tool to implement these characteristics?
I understand that you will find choices to get exterior user's data like $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_REFERER'], $_SERVER['HTTP_USER_AGENT']. I've got a little script for monitoring these particulars. And most of the ports are closed and i'm running an Audio-video inside it with the objective. These data won't be enough to obtain the invasion type they have attempted. I wish to result in the system safer all kind of vulnerability and attacks. Can anyone point me to some right tool?
It is best to the next subjects:
In the operating-system level, you should use these power tools:
Monitoring Home windows Firewall: http://technet.microsoft.com/en-us/library/cc775693(WS.10).aspx This could log all of the connection attempts towards your pc.
Invasion recognition system: http://en.wikipedia.org/wiki/Intrusion_detection_system This could alert you, if somebody is attempting to apply your available backdoors*.
*very simplified, begin to see the wikipedia entry for correct information
Also, there's GFI's ( http://www.gfi.com/ ) items, which could test out your server for common misconfiguration and are accountable to you prior to the occurrences might happen.
In the apache level you should use: Module mod_access: http://httpd.apache.org/docs/1.3/mod/mod_access.html This really is only an access control, and so i don't believe it may create detailed logs, however the apache.log / error.log stores every attempt.
In the application level (php) you should use: Logging: log every request you serve and log every command/sql query you need to do, later, you are able to review them for security audit.
Get information in the "attackers": You are able to only obtain a limited quantity of information, plus they may also reject your data-asking for attempt, acquiring, cloaking themselfs within the network.
But, as Col. Shrapnel stated within the comments, this really is five years of your practice and experience.