Finding Number of Unique IP Addresses Involved in an Attack

Linux command line programWeb servers sometimes get lots of requests from bots looking to exploit security holes. For example previously I have written about brute force WordPress login attempts. Attacks like these can involve thousands of IP addresses and how you block the attack depends on how many unique IPs are involved and the frequency with which they are used. Here’s how you can find out.
Continue reading

Localhost as remote host in Apache log file

ApacheI recently noticed something weird in my Apache access log files. There were entries like this: localhost - - [09/May/2013:14:26:47 +0500] "POST /wp-login.php HTTP/1.0" 200 3784 "" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0"

Now the second column above is supposed to contain the remote host that made this request i.e. the user’s computer. But here it is shown as localhost. One possibility is that the requests originated on my server but I ruled that out. So how is this possible?

Continue reading