Where Do Hackers Live: A Deep Dive into My Website's Security Logs

Where Do Hackers Live: A Deep Dive into My Website’s Security Logs

I was casually doing a security audit on my blog recently and decided to look a little deeper into my security logs. With a bit of Linux command line kung fu, some Golang, and Google sheets, I was able to get a pretty good idea of where the attacks are coming from.

1 Like

Based on the log file you have showed a few more data that could be useful would be:

1- date of the attack;
2- time of the attack;
3- cross relate #2 (above) and city/country time zone to get their time of the attack;
4- try to acquire and parse keywords to represent the type/nature (?) of the attack (I know potato about sec…);
5- I guess ports would be useful too (again, I know potato…)
6- Dump it on a CSV and keep on exploring.

You could then try to find an attack pattern/behaviour (or just the statiscts…) to deploy regular (time/period based) countermeasures or just strengthen against the most common attacked vector.

Sorry for long answer!

PS: Just for the lolz, you could launch an attack against whoever is attacking you (based on #6), that would be fun in a I’ll-take-this-no-more kind of way, I guess…