benoitjpnet/POSTSuspect.sh

Created October 20, 2014 13:46

Star (1) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/benoitjpnet/7cf4385c7f42d9ee429a.js"></script>
Save benoitjpnet/7cf4385c7f42d9ee429a to your computer and use it in GitHub Desktop.

Download ZIP

Search for suspects POST in apache.log (often attacks)

Raw

POSTSuspect.sh

grep -Eo '"POST .*.php' access.log | grep -ve cron -e login -e admin -e xmlrpc -e trackback -e comment -e 404 | sort -u

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment