Anything Forums

I was just digging through the logs that I have not checked in ages and this is searches that were actually made, and notice how high we rank for some of these vague keywords!

This is great!

Proper case airflow
http://www.google.ca/search?hl=en&ie=UTF-8...le+Search&meta=

pictures telecom room
http://www.google.ca/search?hl=en&ie=UTF-8...ecom+room&meta=

msn webcam settings
http://search.yahoo.com/search?p=msn+webca...UTF-8&fr=fp-top

setting up a web server at home
http://www.google.com/search?q=setting+up+...=UTF-8&oe=utf-8

compter cooling forum (bad spelling is used as ranking trick here... )
http://search.yahoo.com/search?p=compter+c...n=20&fl=0&x=wrt

msn messenger 6 port audio
http://www.google.co.uk/search?hl=en&ie=UT...ort+audio&meta=

setting up an ethernet network
http://search.yahoo.com/search/msie?p=sett...&vm=i&n=20&fl=0

There's WAY more hits (that's like umm, the first few pages of 1 day's worth of logging. And this log only logs certain referrers such as known search engines and such).

Let's keep up the good work, the more we post, the more we apear on google!

And Josh, you did a good job posting that msn messenger thread, it's all over the net.

Archived topic from Iceteks, old topic ID:1219, old post ID:10759

Wow! That's cool!

Iceteks rocks. Long live Iceteks.

Archived topic from Iceteks, old topic ID:1219, old post ID:10760

Yep. While it's me that programs it, it's all of you that make it what it is. You all rock!


Archived topic from Iceteks, old topic ID:1219, old post ID:10765

Yes, but you are doing all the work here, Red. All we have to do is post. I wouldn't know a mysql from yoursql!

Archived topic from Iceteks, old topic ID:1219, old post ID:10768

Wren wrote: Yes, but you are doing all the work here, Red. All we have to do is post. I wouldn't know a mysql from yoursql! 

yoursql

Yeah that is true though. I made this site progress a lot since the past. I wish I would have took screen shots before switching stuff though. It would be cool to take a look back.

Archived topic from Iceteks, old topic ID:1219, old post ID:10769

Yep, you could have kept a record of your progress.

Archived topic from Iceteks, old topic ID:1219, old post ID:10770

I do have the old version of IceTeks on a CD though, right before it was shut down when our server was reported. But opening it is only a bunch of php as it does not parse locally. I have this program that actually grabs all the pages and saves them as they are viewed online so next time I'll probably use that to spider the whole site and keep it on disc. Something I should do once in a while.

Archived topic from Iceteks, old topic ID:1219, old post ID:10771

Now how do your logs let you know what people used to search for your site?




Archived topic from Iceteks, old topic ID:1219, old post ID:10831

Here's the last few entries in my logs for todays:

ip - [August 15, 2003, 9:00:50 pm]-> (http://www.google.com/search?q=Opera+vs ... 8&oe=utf-8) -> (/forums/index.php?act=ST&f=17&t=755&) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.11 [en]
ip - [August 15, 2003, 9:02:55 pm]-> (http://www.google.ca/search?hl=en&ie=UT ... 50ul&meta=) -> (/store.php) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Avant Browser [avantbrowser.com]; .NET CLR 1.1.4322)
ip - [August 15, 2003, 9:04:26 pm]-> (http://www.google.com/search?hl=en&lr=l ... ry&spell=1) -> (/forums/index.php?act=ST&f=17&t=969&) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
ip - [August 15, 2003, 9:10:35 pm]-> (http://www.google.com/search?hl=en&lr=& ... access.txt) -> (/articles/parser.php?article=server) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; T312461)
ip - [August 15, 2003, 9:21:28 pm]-> () -> (/) Googlebot/2.1 (+http://www.googlebot.com/bot.html)
ip - [August 15, 2003, 9:29:29 pm]-> () -> (/link2us.htm) Googlebot/2.1 (+http://www.googlebot.com/bot.html)
ip - [August 15, 2003, 9:32:17 pm]-> (http://www.google.ca/search?q=messenger ... l=en&meta=) -> (/forums/index.php?act=ST&f=17&t=927&) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
ip - [August 15, 2003, 9:32:48 pm]-> () -> (/articles/parser.php?article=enervacuum) Googlebot/2.1 (+http://www.googlebot.com/bot.html)
ip - [August 15, 2003, 9:35:31 pm]-> () -> (/affiliate.htm) Googlebot/2.1 (+http://www.googlebot.com/bot.html)
ip - [August 15, 2003, 10:16:25 pm]-> (http://www.google.com/search?q=trojan+k ... =0&start=0) -> (/articles/parser.php?article=netsecure) Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02
ip - [August 15, 2003, 11:06:53 pm]-> (http://www.google.com/search?q=%22moder ... rt=10&sa=N) -> (/forums/index.php?act=ST&f=17&t=918&) Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1
ip - [August 15, 2003, 11:14:26 pm]-> () -> (/) Googlebot/2.1 (+http://www.googlebot.com/bot.html)
ip - [August 15, 2003, 11:22:51 pm]-> (http://www.google.com/search?hl=en&lr=& ... adio+shack) -> (/articles/parser.php?article=fan) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
ip - [August 15, 2003, 11:37:08 pm]-> (http://www.google.com/search?q=Computer ... rt=10&sa=N) -> (/store.php) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)
ip - [August 15, 2003, 11:59:13 pm]-> (http://search.yahoo.com/search?p=funny+ ... &fr=fp-top) -> (/forums/index.php?act=ST&f=15&t=594&) Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; YComp 5.0.8.6; yplus 1.0)

It shows referrers, and the search keywords are in them. If I type that in the address bar I get the same search so I can see where my site is. Because listings continuously change, sometimes my site is a page further or so.

The way the system works is that most of my pages have a script embeded into it, and it checks information on the connection to see if it's worth logging, and then it logs it. "worth logging" simply means wether it matches a logger rule or not. These are set by a script I made and I simply enter words such as "google", so anything that has google in it will log. If I put ".gov", any .gov site will get logged. I can set these as 0 flag (log but no alert) or 1 flag (security status log + java alart + ip rule creation) a 1 flag is to keep off the bad sites such as bitbender. When an IP rule is created, it ads their IP as a logger rule so that script on every page will also check up the IP.

A "1" rule also requires a message, I can set something like "we have detected that you come from a bad site, you will be blocked" then it sets an IP rule with the same message. A "0" flag simply logs it but does not trigger anything, while a "1" flag will display a scada alarm at http://security.iceteks.com

Later on I might add another feature where it will also implant a cookie when a "1" flag is found, that way using a proxy won't work. If it detects the cookie, it will block the proxy. If they delete their cookies, it will just re add it.

Only way out would be to delete cookies, use a proxy, and reopen the page. (just refreshing would keep the same referrer and reset the security status).

But playing with this system simply adds many alarms in my scada system, thus, making it easier to track and gives more info to send to isps if the person does cause trouble.

I can also manually add ip rules to pop a message, so if I catch someone on here that should not be, I quickly set it to tell them to get off. Freaked 'em out. I'm never fast enough though.

I'm planing to redesign this whole system though. This is sort of two systems working together, and I want to turn it into one and also have a web interface for logs, I can filter logs by IP, referrer etc.

The main difference between this and normal apache logs is that this filters less important stuff such as someone browsing the site, it only logs their entry. While I loose some info, I get more important info and all security-related info.

There's a lot more to this system, but this is the skeleton of it.

Archived topic from Iceteks, old topic ID:1219, old post ID:10837