Detect ShellShock Attempts in Apache Logs

  A very simple query to detect attempts at running Linux commands on an Apache web server.  The POST http request is where the command is injected.  By searching the “request” field for tell tale signs of the attempt you can understand when and where the attack is occurring and take the appropriate actions. […]

Continue Reading →

Apache access_logs status code reporting

###this query is to report on status code description#####

# Find Website Status Over time

# Reports on Webserver error 500.

# Reports on Most used Web Browsers

# Reports on most used devices / platforms

Find Out Top 10 referencing websites

Continue Reading →