Forum

Exploit log

FossXplorer
3 May 2015, 13:47
Hi,
I'm using Hiawatha with a control panel, namely Kloxo-MR. It's used as reverse proxy with Apache as the backed. Earlier i was able to see what kind of attack attempt Hiawatha was blocking in the exploit.log, but now it's empty. The mtime of that log file is also before the last time i restarted Hiawatha. I'd like to an article to document Hiawatha's ability to block XSS, CSRF and SQL-injection attacks as i'm writing a paper.


Any help is appreciated!



Hiawatha version: 9.12
Operating System: CentOS 6.6
Hugo Leisink
3 May 2015, 19:27
Are the access rights correct?
FossXplorer
4 May 2015, 14:02
Yes, Hiawatha is run with the user apache and
]# ll /var/log/hiawatha/*.log
-rw-r----- 1 apache apache 0 May 3 03:25 /var/log/hiawatha/access.log
-rw-r----- 1 apache apache 1500 May 4 01:10 /var/log/hiawatha/error.log
-rw-r----- 1 apache apache 0 May 3 03:25 /var/log/hiawatha/exploit.log
-rw-r----- 1 apache apache 77 May 4 00:10 /var/log/hiawatha/garbage.log
-rw-r----- 1 apache apache 31651 May 4 13:59 /var/log/hiawatha/system.log

Should for instance a request of http://mysite.com/<script>alert("123");</script> be logged in exploit.log?

Hugo Leisink
4 May 2015, 17:04
Only if you set 'PreventXSS = yes'.
This topic has been closed.