PDA

View Full Version : Get IP addresses that accessed my site



thisObject
9th November 2006, 03:17 AM
Hi,

Is there any way to get IP addresses that accessed my website?
Is it possible later on by having these IPs determine from which country, city the site was accessed?

Thanks.

u-noneinc-s
9th November 2006, 03:43 AM
Apache log (/var/log/httpd/access_log) should tell you what addresses tried accessing and if they were ligitimate accesses or some "known hack" (usually a Windows target buffer overflow) and on the CLI,
whois xxx.xxx.xxx.xxx will tell you the owner of the IP (nore often than not it will be a dynamic IP often in your own dynamic IP block. All accesses should get logged there, and if you have a publicly viewable web page, those web page accesses will be there too.

At the moment I get quite a few hack attempts from 68.127.x.x IPs which happen to be the block I am currently assigned. When my IP changes, the attacks will continue and "most" will now be from within my new address range, maybe 68.121 or 69.116 (hypothetical figures).

There is also a few whois websites (same as the CLI) like ARIN APNIC RIPE
http://www.arin.net/whois/
http://www.betterwhois.com/

u-noneinc-s
9th November 2006, 03:45 AM
Type this in a terminal whois 64.233.167.99

brandor
9th November 2006, 03:59 AM
You should have webalizer installed if you installed apache... it should tell you all of this information.

You'll just have to configure it.

u-noneinc-s
9th November 2006, 04:11 AM
Hey, Thanks for the heads-up brandor. I had forgotten all about webalizer. It's been installed for ever, and I've never looked at it once.
I read the logs everyday, but webalizer... another cool interface to play with :D

thisObject
9th November 2006, 05:50 AM
thanks a lot for the info
Looks like I should to with webalizer
However it is pain to configure anything on Fedora :)

I've got several files in /var/log/httpd/
like access_log, access_log.1, access_log.2...
they only have IP within network - 127.0.0.1 or something like this

thanks.

thisObject
9th November 2006, 05:57 AM
looks like I can simply type
whois IP_ADDRESS
and it does what I need

I use tomcat and not apache
I assume there should be log file as well, right?
var/log/httpd is for apache only

Thanks

u-noneinc-s
9th November 2006, 05:59 AM
locate tomcat |grep log I would thek there would be one

thisObject
9th November 2006, 06:11 AM
yeah,
there are like thousands of them :)

thanks.

thisObject
9th November 2006, 07:00 AM
any ideas which one I need?
thanks.

u-noneinc-s
9th November 2006, 07:15 AM
I know nothing about tomcat, but I did some googling and tomcat is apache SW. http://tomcat.apache.org/tomcat-4.1-doc/html-manager-howto.html.
Just glancing in there, I didn't see anything about logs.

Do you have a /var/log/httpd/access_log? It may be the same for apache and tomcat.

thisObject
9th November 2006, 07:32 AM
yes i have this folder but logs get written in case I run Apache and not Tomcat
Tomcat itself has a folder for logs but those logs do not have data on IP addresses.

thanks.