Log outgoing apache traffic for 7 days

qba82

Verified User
Joined
Jun 26, 2018
Messages
50
Hi,
I would like to log outgoing apache traffic with possibility to check which user make that traffic.

I know there is apache log in DA, but it doesn't log ip of server, that I am connecting to, for example:

User use proxy php script, which is used for brute-force login page of some external wordpress. After some time I get abuse email, that my server made brute-force attack for website on ip xxx.xxx.xxx.xxx. The problem is that ip xxx.xxx.xxx.xxx is not logged anywhere. How can I also log destination IP, for last 7 days if possible.
 
Last edited:

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Hello,

There are 2 options:

1. In order to log all outgoing bandwidth to remote 80, 443 ports and include requested URLs, you need to set a transparent proxy: 3proxy, squid are possible solutions here. Then you need to route outgoing requests through the transparent proxy using iptables (firewall), and still the traffic won't include UIDs.

2. You can use firewall without a transparent proxy to log outgoing connections (packets) with UIDs, it won't include an URL though be default.

For your case the second option might be enough. Logs from iptables can be easily reviewed for repeated requests on per user bases using grep.

Or combine the both options and use them at the same time.

Directadmin does not offer anything of this, so it's up to you to set the things up. Feel free to contact me for a paid service.
 
Top