0

I've a website developed using PHP.

I encountered one major issue on my website, a security breach. So I checked the access logs of apache present at location "/var/log/apache2/access.log" on server.

I got following log which caused the error but I'm not able to understand what does each part of this log means. Can some one please give me step-by-step explanation of the below log?

70.39.61.42 - - [12/Jul/2015:17:05:12 +0000] "POST /user/register/javascript.void(0)/index.php?do=/user/register/ HTTP/1.1" 302 398 "http://www.mywebsite.com/user/register/javascript.void(0)" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"

Actually this is the request which has created a major issue on my website. But I'm not able to figure out what parameters that request contained and what was the response, etc., etc.

Thanks in advance.

PHPLover
  • 1
  • 51
  • 158
  • 311
  • That 'error' code is signifying that your request is being redirected. You don't happen to have a site built on MVC or something similar where everything is being directed through an over-zealous `index.php` that might be changing the request do you? – Daniel Waghorn Jul 16 '15 at 08:10
  • 1
    At 17:05:12 GMT on 12th July this year, an HTTP 1.1 POST request was received from 70.39.61.42 for url user/register/javascript.void(0)/index.php?do=/user/register. The server returned a 302 status (a redirect) – Mark Baker Jul 16 '15 at 08:11
  • @MarkBaker:Actually my issue is invalid users got registered even after appying server side validations. I'm not getting how did it bypass the validations. – PHPLover Jul 16 '15 at 08:13
  • @DanielWaghorn: Actually my issue is invalid users got registered even after appying server side validations. I'm not getting how did it bypass the validations – PHPLover Jul 16 '15 at 08:13
  • @user2839497 well, it might be that your server side validations does not work. We are not oracles, we can not possibly know what is going on in your system. – Matiss Jul 16 '15 at 08:14

1 Answers1

2

70.39.61.42 This is a IP address of someone who sent a request to your server

[12/Jul/2015:17:05:12 +0000]

This is a date when perpetrator did it

"POST /user/register/javascript.void(0)/index.php?do=/user/register/ HTTP/1.1"

This explains POST request was sent to your server to given URL

302 - This is a status code of the response - HTTP 302

398 - Indicates the size of the response sent

"http://www.mywebsite.com/user/register/javascript.void(0)"

This is a URL address of where the perpetrator came from

"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"

This is the user agent of the visitor.

Matiss
  • 341
  • 4
  • 17