Pro-active log review is a good idea. No argument. I'd been incredibly lazy about log reviews on my two vps's. I started looking through the logs weekly and was incredibly freaked out by what I saw. There are almost constant attacks on the machines (obviously script kiddies), and it was just my initial setup of the linux environment that probably saved me (ssh key based auth, basic iptables, fail2ban etc). It's kind of like when I installed a security camera at the back door of my house (we'd been robbed a couple of times) - it was a pandoras box, prior to the camera going in I was under the illusion that no one ever ventured on to the property. Once the camera went in, I discovered it wasn't a rare event. Same with log reviews, once you start looking, you find attacks are common, and it's actually incredibly unnerving.<p>Web server logs are another example, once you have a publicly accessible website, you'll see thousands of requests just trolling for phpmyadmin installs, versions of php forum software, known exploitable cgi scripts. I certainly felt better about it when I was ignorant of what was going on with my servers!<p>However, the example the author provided seems a little far fetched though? Could someone seriously pull this off?<p>Seems like a house of cards that would fall down the first moment he was required to talk with a colleague about some bit of code he'd committed to source control, he'd have to be a pretty good liar.
Google cache: <a href="http://webcache.googleusercontent.com/search?q=cache:EGh4ld_KwXUJ:securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/+http://securityblog.verizonbusiness.com/2013/01/14/case-study-pro-active-log-review-might-be-a-good-idea/&cd=1&hl=en&ct=clnk&gl=us" rel="nofollow">http://webcache.googleusercontent.com/search?q=cache:EGh4ld_...</a>
I bet 'Bob' read the 'The 4-Hour Workweek'. His only problem was that he still had to spend time in the office … for Chinese contractors, this story is of course a great free ad.