RE: Website access alert

["bugtraq" <bugtraq.news () arcor de>]

hi all,

i have made a php script that checks my Apache access.log every 2minutes for
certain entrys...
when it finds an entry like:
------------------------------------------
"GET
/t.gif?/zu/a=petz () polizia it/s=WEBZUGRIFF/t=Gfader%20Peter%20(petz@polizia.i
t) HTTP/1.1" 200 49 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
.NET CLR 1.0.3705)" 
------------------------------------------

then it sends an email to my email adress with the provided information...

in webpages, which should have an email-alert i include somewhere the tiny
little picture like this...
< img
src="http://myWebServer/t.gif?/zu/a=petz () polizia it/s=WEBZUGRIFF_PERSONAL_HO
MEPAGE/t=Gfader%20Peter%20(petz () polizia it)" .... />

greets
peter


-----Original Message-----
From: Guillome Main [mailto:guillome.main () axelero hu] 
Sent: Saturday, July 31, 2004 7:38 PM
To: security-basics () securityfocus com
Subject: Website access alert

 Hi All,

Do you know any solution for my problem? It is the following: I have a
website on my webserver. I want to have and alert sent to me by email is
anyone access the website itself. I know it is logged into w3svc, but I
would like to have instant alert sent by email, who accessed it from which
IP and what time. Do you know any alerting method ffor this need?
Anyway if I take a look at w3svc log it says always that the source IP is
the machine itself. How could I do that it shows the real source address. It
is on a w2k3 server with isa 2004. I know there is a setting somewhere
regarding the original header, but I don't know where. Could you please help
me?!

Thanx in advance,

Guillome 


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Attachment: check_access_log.php
Description:

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------