Logs
Your log files are the best way to detect any trouble brewing. In your administrative duties, you will want to make it a part of your daily regimen. The key things to remember are:
What is the status code?
What is the user agent string?
What did the visitor do or attempt to do?
What errors did the system report?
If you see multiple attempts at something that is "just not right", then block them.
See the .htaccess section for more.
Apache Status Codes
See: http://www.askapache.com/.
Apache offers a number of error codes conveniently grouped into five areas. You will need to review your error log on a regular basis to make sure your system is working.
1xx Info / Informational
|
100 Continue |
HTTP_CONTINUE |
|
101 Switching Protocols |
HTTP_SWITCHING_PROTOCOLS |
|
102 Processing |
HTTP_PROCESSING |
2xx Success / OK
|
200 OK |
HTTP_OK |
|
201 Created |
HTTP_CREATED |
|
202 Accepted |
HTTP_ACCEPTED |
|
203 Non-Authoritative Information |
HTTP_NON_AUTHORITATIVE |
|
204 No Content |
HTTP_NO_CONTENT |
|
205 Reset Content |
HTTP_RESET_CONTENT |
|
206 Partial Content |
HTTP_PARTIAL_CONTENT |
|
207 Multi-Status |
HTTP_MULTI_STATUS |
3xx Redirect
|
300 Multiple Choices |
HTTP_MULTIPLE_CHOICES |
|
301 Moved Permanently |
HTTP_MOVED_PERMANENTLY |
|
302 Found |
HTTP_MOVED_TEMPORARILY |
|
303 See Other |
HTTP_SEE_OTHER |
|
304 Not Modified |
HTTP_NOT_MODIFIED |
|
305 Use Proxy |
HTTP_USE_PROXY |
|
307 Temporary Redirect |
HTTP_TEMPORARY_REDIRECT |
4xx Client Error
|
400 Bad Request |
HTTP_BAD_REQUEST |
|
401 Authorization Required |
HTTP_UNAUTHORIZED |
|
402 Payment Required |
HTTP_PAYMENT_REQUIRED |
|
403 Forbidden |
HTTP_FORBIDDEN |
|
404 Not Found |
HTTP_NOT_FOUND |
|
405 Method Not Allowed |
HTTP_METHOD_NOT_ALLOWED |
|
406 Not Acceptable |
HTTP_NOT_ACCEPTABLE |
|
407 Proxy Authentication Required |
HTTP_PROXY_AUTHENTICATION_REQUIRED |
|
408 Request Time-out |
HTTP_REQUEST_TIME_OUT |
|
409 Conflict |
HTTP_CONFLICT |
|
410 Gone |
HTTP_GONE |
|
411 Length Required |
HTTP_LENGTH_REQUIRED |
|
412 Precondition Failed |
HTTP_PRECONDITION_FAILED |
|
413 Request Entity Too Large |
HTTP_REQUEST_ENTITY_TOO_LARGE |
|
414 Request-URI Too Large |
HTTP_REQUEST_URI_TOO_LARGE |
|
415 Unsupported Media Type |
HTTP_UNSUPPORTED_MEDIA_TYPE |
|
416 Requested Range Not Satisfiable |
HTTP_RANGE_NOT_SATISFIABLE |
|
417 Expectation Failed |
HTTP_EXPECTATION_FAILED |
|
422 Unprocessable Entity |
HTTP_UNPROCESSABLE_ENTITY |
|
423 Locked |
HTTP_LOCKED |
|
424 Failed Dependency |
HTTP_FAILED_DEPENDENCY |
|
425 No code |
HTTP_NO_CODE |
|
426 Upgrade Required |
HTTP_UPGRADE_REQUIRED |
5xx Server Error
|
500 Internal Server Error |
HTTP_INTERNAL_SERVER_ERROR |
|
501 Method Not Implemented |
HTTP_NOT_IMPLEMENTED |
|
502 Bad Gateway |
HTTP_BAD_GATEWAY |
|
503 Service Temporarily Unavailable |
HTTP_SERVICE_UNAVAILABLE |
|
504 Gateway Time-out |
HTTP_GATEWAY_TIME_OUT |
|
505 HTTP Version Not Supported |
HTTP_VERSION_NOT_SUPPORTED |
|
506 Variant Also Negotiates |
HTTP_VARIANT_ALSO_NEGOTIATES |
|
507 Insufficient Storage |
HTTP_INSUFFICIENT_STORAGE |
|
510 Not Extended |
HTTP_NOT_EXTENDED |
Common Log Format
Apache allows you to change logs the way you want, but the prime out-of-the-box method is Common Log Format.
It is expressed by the following variables:
"%h %l %u t %r %>s "
Each of these variables represents a piece of the puzzle:
%h =Remote IP Address; where the request came from (can be a fake address)
%l = Identity of visitor (not in common use)
%u= Email address of vistor (not in common use)
%t = Date and time of request
%r = Resource requested (iow: what they wanted from your site)
%>s = Status code (errors, status, informational)
Country Information: Top-Level Domain Codes
If you are noting attacks or attempted attacks, the country of origin can be critical. While it changes over time, there are specific countries that are known to be launching attacks.
Note
You will use the following information to identify the country of origin for the visitors of your site. One note of caution: A zombie (a machine "owned" by a hacker) may reside in a different country than the attacker.
|
.AC |
Ascension Island |
|
.AD |
Andorra |
|
.STA |
Servei de Telecomunicacions d'Andorra |
|
.AE |
country-code—United Arab Emirates |
|
.AERO |
Reserved for members of the air-transport industry |
|
.AF |
Afghanistan |
|
.AG |
Antigua and Barbuda |
|
.AI |
Anguilla |
|
.AL |
Albania |
|
.AM |
Armenia |
|
.AN |
Netherlands Antilles |
|
.AO |
Angola |
|
.AQ |
Antarctica |
|
.AR |
Argentina |
|
.ARPA |
infrastructure—Reserved exclusively to the Internet Architecture Board |
|
.AS |
American Samoa |
|
.AS |
Domain Registry |
|
.ASIA |
Restricted to the Pan-Asia and Asia Pacific community |
|
.AT |
Country-code—Austria |
|
.AU |
Australia |
|
AW |
Aruba |
|
.AX |
Aland Islands |
|
.AZ |
Azerbaijan |
|
.BA |
Bosnia and Herzegovina |
|
.BB |
Barbados |
|
.BD |
Bangladesh |
|
.BE |
Belgium |
|
.BF |
Burkina Faso |
|
.BG |
Bulgaria |
|
.BH |
Bahrain |
|
.BI |
Burundi |
|
.BIZ |
Generic-restricted (Restricted for Business) |
|
.BJ |
Benin |
|
.BL |
Saint Barthelemy |
|
.BM |
Bermuda |
|
.BN |
Brunei Darussalam |
|
.BO |
Bolivia |
|
.BR |
Brazil |
|
.BS |
Bahamas |
|
.BT |
Bhutan |
|
.BV |
Bouvet Island |
|
.BW |
Botswana |
|
.BY |
Belarus |
|
.BZ |
Belize |
|
.CA |
Canada |
|
.CAT |
Reserved for the Catalan linguistic and cultural community |
|
.CC |
Cocos (Keeling) Islands |
|
.CD |
Congo, The Democratic Republic of the |
|
.CF |
Central African Republic |
|
.CG |
Congo |
|
.CH |
Switzerland |
|
.CI |
Cote d'Ivoire |
|
.CK |
Cook Islands |
|
.CL |
Chile |
|
.CM |
Cameroon |
|
.CN |
China |
|
.CO |
Colombia |
|
.COM |
Generic top-level domain |
|
.COOP |
Reserved for cooperative associations |
|
.CR |
Costa Rica |
|
.CU |
Cuba |
|
.CV |
Cape Verde |
|
.CX |
Christmas Island |
|
.CY |
Cyprus |
|
.CZ |
Czech Republic |
|
.DE |
Germany |
|
.DJ |
Djibouti |
|
.DK |
Denmark |
|
.DM |
Dominica |
|
.DO |
Dominican Republic |
|
.DZ |
Algeria |
|
.EC |
Ecuador |
|
.EDU |
Reserved for post-secondary institutions accredited by an agency on the U.S. Department of Education's list of Nationally Recognized Accrediting Agencies |
|
.EE |
Estonia |
|
.EG |
Egypt |
|
.EH |
Western Sahara |
|
.ER |
Eritrea |
|
.ES |
Spain |
|
.ET |
Ethiopia |
|
.EU |
European Union |
|
.FI |
Finland |
|
.FJ |
Fiji |
|
.FK |
Falkland Islands (Malvinas) |
|
.FM |
Micronesia, Federated States of |
|
.FO |
Faroe Islands |
|
.FR |
France |
|
.GA |
Gabon |
|
.GB |
United Kingdom—Reserved Domain—IANA |
|
.GD |
Grenada |
|
.GE |
Georgia |
|
.GF |
French Guiana |
|
.GG |
Guernsey |
|
.GH |
Ghana |
|
.GI |
Gibraltar |
|
.GL |
Greenland |
|
.GM |
Gambia |
|
.GN |
Guinea |
|
.GOV |
Reserved exclusively for the United States Government |
|
.GP |
Guadeloupe |
|
.GQ |
Equatorial Guinea |
|
.GR |
Greece |
|
.GS |
South Georgia and the South Sandwich Islands |
|
.GT |
Guatemala |
|
.GU |
Guam—University of Guam—Computer Center |
|
.GW |
Guinea-Bissau |
|
.GY |
Guyana |
|
.HK |
Hong Kong |
|
.HM |
Heard Island and McDonald Islands |
|
.HN |
Honduras |
|
.HR |
Croatia |
|
.HT |
Haiti |
|
.HU |
Hungary |
|
.ID |
Indonesia |
|
.IE |
Ireland—University College Dublin—Computing Services Computer Centre |
|
.IL |
Israel—Internet Society of Israel |
|
.IM |
Isle of Man—Isle of Man Government |
|
.IN |
India |
|
.INFO |
Generic— Generic top-level domain |
|
.INT |
Used only for registering organizations established by international treaties between governments—Internet Assigned Numbers Authority |
|
.IO |
British Indian Ocean Territory |
|
.IO |
Top Level Domain Registry |
|
.IQ |
Iraq—National Communications and Media—Commission of Iraq |
|
.IR |
Iran, Islamic Republic of—Institute for Studies in Theoretical Physics & Mathematics (IPM) |
|
.IS |
Iceland |
|
.IT |
Italy |
|
.JE |
Jersey |
|
.JM |
Jamaica |
|
.JO |
Jordan |
|
.JOBS |
Reserved for human resource managers |
|
.JP |
Japan |
|
.KE |
Kenya |
|
.KG |
Kyrgyzstan |
|
.KH |
Cambodia |
|
.KI |
Kiribati |
|
.KM |
Comoros |
|
.KN |
Saint Kitts and Nevis |
|
.KP |
Korea, Democratic People's Republic of |
|
.KR |
Korea, Republic of—National Internet Development Agency of Korea |
|
.KW |
Kuwait—Ministry of Communications |
|
.KY |
Cayman Islands—The Information and Communications Technology Authority |
|
.KZ |
Kazakhstan—Association of IT Companies of Kazakhstan |
|
.LA |
Lao People's Democratic Republic |
|
.LB |
Lebanon |
|
.LC |
Saint Lucia |
|
.LI |
Liechtenstein |
|
.LK |
Sri Lanka |
|
.LK |
Domain Registrar |
|
.LR |
Lesotho |
|
.LT |
Lithuania |
|
.LU |
Luxembourg |
|
.LV |
Latvia |
|
.LY |
Libyan Arab Jamahiriya |
|
.MA |
Morocco |
|
.MC |
Monaco |
|
.MD |
Moldova |
|
.ME |
Montenegro |
|
.MF |
Saint Martin |
|
.MG |
Madagascar |
|
.MH |
Marshall Islands |
|
.MIL |
Reserved exclusively for the United States Military |
|
.MK |
Macedonia, The Former Yugoslav Republic of |
|
.ML |
Mali |
|
.MM |
Myanmar |
|
.MN |
Mongolia |
|
.MO |
Macao University of Macau |
|
.MOBI |
Reserved for consumers and providers of mobile products and services |
|
.MP |
Northern Mariana Islands |
|
.MQ |
Martinique |
|
.MR |
Mauritania |
|
.MS |
Montserrat |
|
.MT |
Malta |
|
.MU |
Mauritius |
|
.MUSEUM |
Reserved for museums |
|
.MV |
Maldives |
|
.MW |
Malawi |
|
.MX |
Mexico |
|
.MY |
Malaysia |
|
.MZ |
Mozambique |
|
.NA |
Namibia |
|
.NAME |
Reserved for individuals |
|
.SC |
Seychelles |
|
.SD |
Sudan |
|
.SE |
Sweden |
|
.SG |
Singapore |
|
.SH |
Saint Helena |
|
.SI |
Slovenia |
|
.SJ |
Svalbard and Jan Mayen |
|
.SK |
Slovakia |
|
.SL |
Sierra Leone |
|
.SM |
San Marino |
|
.SN |
Senegal |
|
.SO |
Somalia |
|
.SR |
Suriname |
|
.ST |
Sao Tome and Principe |
|
.SU |
Soviet Union (being phased out) |
|
.SV |
El Salvador |
|
.SY |
Syrian Arab Republic |
|
.SZ |
Swaziland |
|
.TC |
Turks and Caicos Islands |
|
.TD |
Chad |
|
.TEL |
Reserved for businesses and individuals to publish contact data |
|
.TF |
French Southern Territories |
|
.TG |
Togo |
|
.NC |
New Caledonia |
|
.NE |
Niger |
|
.NET |
Generic top-level domain |
|
.NF |
Norfolk Island |
|
.NG |
Nigeria—Government c/o National Information Technology Development Agency (NITDA) |
|
.NI |
Nicaragua |
|
.NL |
Netherlands |
|
.NO |
Norway |
|
.NP |
Nepal |
|
.NR |
Nauru |
|
.NU |
Niue |
|
.NZ |
New Zealand |
|
.OM |
Oman |
|
.ORG |
Generic top-level domain |
|
.PA |
Panama |
|
.PE |
Peru |
|
.PF |
French Polynesia |
|
.PG |
Papua New Guinea |
|
.PH |
Philippines |
|
.PK |
Pakistan |
|
.PL |
Poland |
|
.PM |
Saint Pierre and Miquelon |
|
.PN |
Pitcairn |
|
.PR |
Puerto Rico |
|
.PRO |
Restricted to credentialed professionals and related entities |
|
.PS |
Palestinian Territory, Occupied |
|
.PT |
Portugal |
|
.PW |
Palau |
|
.PY |
Paraguay |
|
.QA |
Qatar |
|
.RE |
Reunion |
|
.RO |
Romania |
|
.RS |
Serbia |
|
.RU |
Russian Federation |
|
.RW |
Rwanda |
|
.SA |
Saudi Arabia |
|
.SB |
Solomon Islands |
|
.TH |
Thailand |
|
.TJ |
Tajikistan |
|
.TK |
Tokelau |
|
.TL |
Timor-Leste |
|
.TM |
Turkmenistan |
|
.TN |
Tunisia |
|
.TO |
Tonga |
|
.TP |
Portuguese Timor (being phased out) |
|
.TR |
Turkey |
|
.TRAVEL |
Reserved for entities whose primary area of activity is in the travel industry |
|
.TT |
Trinidad and Tobago |
|
.TV |
Tuvalu |
|
.TW |
Taiwan |
|
.TZ |
Tanzania, United Republic of |
|
.UA |
Ukraine |
|
.UG |
Uganda |
|
.UK |
United Kingdom |
|
.UM |
United States Minor Outlying Islands |
|
.US |
United States |
|
.UY |
Uruguay |
|
.UZ |
Uzbekistan |
|
.VA |
Holy See (Vatican City State) |
|
.VC |
Saint Vincent and the Grenadines |
|
.VE |
Venezuela |
|
.VG |
Virgin Islands, British |
|
.VI |
Virgin Islands, U.S. |
|
.VN |
Viet Nam |
|
.VU |
Vanuatu |
|
.WF |
Wallis and Futuna |
|
.WS |
Samoa |
|
.YE |
Yemen |
|
.YT |
Mayotte |
|
.YU |
Yugoslavia (being phased out) |
|
.ZA |
South Africa |
|
.ZM |
Zambia |
|
.ZW |
Zimbabwe |
