System log tweaking

**matzah** · 10-10-2007, 07:01 PM

Hi All:

I am now a proud member of the hacked club... lucky for me it was one of my business accounts and not a customer's account or the whole VPS

So, been working on tweaks and such to get things right.

I currently monitor the basic services from 2 different remote PCs on 2 different networks to make sure they are always up. But these 2 IP addresses are filling a bunch of un-needed info the log files. Is there any way to have all of the system logs (whether configured universally or one-by-one) to parse out/skip logging from specific IP addresses?

Any thoughts or ideas are appreciated.

Thanks

**thisisit3** · 10-11-2007, 12:10 AM

How did you get hacked? did you find a vulnerable script?

Check the "syslog" man pages, since the syslog is doing all the work on log files.

**Vin DSL** · 10-11-2007, 01:56 AM

Originally Posted by thisisit3

How did you get hacked? did you find a vulnerable script?

Little known fact...

I've been hacked twice, since 2003, and both times it was by Iranians! They don't seem to like General George Patton quotes!

What do you think?!?!?!?

**thisisit3** · 10-11-2007, 02:12 AM

I believe they should find something better to do than to deface sites.

Why not ask them to submit the remote exploits to the authors of the vulnerable script?

**Vin DSL** · 10-11-2007, 02:20 AM

Originally Posted by thisisit3

I believe they should find something better to do than to deface sites.

Why not ask them to submit the remote exploits to the authors of the vulnerable script?

The U.S. government will set probably set off a thermonuclear device in Phoenix, Seattle or Portland in the next month, and blame it on Iran -- in which case, we WILL turn Iran into 'glass' - or at least 850 (or so) places in Iran.

In the scheme of things, what difference does defacing of web sites make?

They should have left Patton alone...

**Frank Broughton** · 10-11-2007, 09:13 AM

Originally Posted by Vin DSL

They should have left Patton alone...

Better yet, Ike should have left him alone and we would have half the world as ours and all the oil!

**Vin DSL** · 10-11-2007, 12:42 PM

Originally Posted by Frank Broughton

Better yet, Ike should have left him alone and we would have half the world as ours and all the oil!

Yeah, I guess, but the root cause of this situation is the Brits...

They're the ones that busted up the Persian Empire - and the Persians are busy putting Humpty Dumpty back together again!

I don't know if you realize it, but Turkey is bombing the crap out of Northern Iraq, as we 'speak', softening them up for the invasion - at which point, the Kurds are gonna be stomped out of existence via ground troops, already amassed at the border.

Yep! This is going to be interesting...

I assume you read about the leak last month, when the Black OPs were ferrying the thermonuclear tipped cruise missles into position around the USA - the Air Force plane that accidently got caught.

It's back on schedule for October...

**Frank Broughton** · 10-11-2007, 03:47 PM

Have not heard - I am safe though, my best friend is the next ruler of the world!

**matzah** · 10-11-2007, 11:04 PM

It was a hole in a script that I run, that they claim was fixed in 2004, but I was never notified about ("it aint broke dont fix" just went out the door).

The script has been taken off line until I can get the hole plugged.

Any thoughts on the logging and having the logs ignore specific IP addresses?

**Ron** · 10-12-2007, 09:31 AM

Do you mean blocking certain IPs from using your site?

**matzah** · 10-12-2007, 10:52 AM

Blocking IP addresses is what I am working on now (good timing)... any suggestions you have there are appreciated. The WHM IP blocker does not work for squatt.

What I am trying to accomplish is causing the system logging to ignore documenting actions from specific IP addresses (my machines basically)

**Ron** · 10-12-2007, 01:52 PM

in .htaccess you can deny by IP and IP range.
An example is

Code:

order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all

I've never looked into trying to get the system not to log activity..

**Vin DSL** · 10-15-2007, 05:46 PM

Originally Posted by Vin DSL

[10-11-2007, 11:42 AM] I don't know if you realize it, but Turkey is bombing the crap out of Northern Iraq, as we 'speak', softening them up for the invasion - at which point, the Kurds are gonna be stomped out of existence via ground troops, already amassed at the border.

Yep! This is going to be interesting...

No comment[s]?

http://www.foxnews.com/story/0,2933,301821,00.html

Kinda scary how I know this stuff, huh?