跟踪出站连接 [英] Tracking outbound connections

问题描述

我正在为完成的任务而苦苦挣扎.我被要求将所有产品的电子商务网站的库存重置为0.我这样做了，但是，几个小时后，库存被更新回原始值.接下来的两次尝试相同.

I am struggling with a task I've been given. I was asked to reset an e-commerce site's stock to 0 for all products. I did that, however, after few hours, the stock was updated back to the original values. Same thing for next two attempts.

该客户告诉我，较早时，他在此站点与另一个具有相同产品的站点之间存在某种桥梁"，并且库存可能仍在从那里更新. 但是，我现在花了数小时来浏览所有脚本，却找不到与该站点的任何连接.我还检查了CRON列表，它是空的，因此它是由商店中的某个事件触发的，还是由另一个站点(我现在开始研究)触发的.

The client has told me, that earlier, he had some sort of a "bridge" between this site, and his another site with the same products, and that the stock could be still updating from there. However, I have now spent hours looking through all the scripts and failed to find any connection to that site whatsoever. I have also checked the CRON list, and it's empty, so it's either being triggered by some event on the store, or the update is triggered from the other site (which I am starting to investigate now).

同时，在我可以访问另一个站点之前，有没有办法从第一个站点跟踪可能的出站连接?会有一个.php脚本连接到第二个站点的数据库，或者连接到第二个站点的某种XML提要-是否可以记录这些连接，或者以某种方式找出初始化它的脚本?

Meanwhile, before I get access to the other site, is there a way to track the possible outbound connection from the first one? There would be a .php script that would connect either to the database of the second site, or to some sort of XML feed from it - is there a way to log these connections, or somehow find out which script initialised it?

预先感谢您的任何建议

推荐答案

对于出站，是的，例如，通过wireshark.但这对于普通人来说是沉重的负担.

For outbound, yes, thru wireshark, for instance. But that is heavy lifting for the average guy.

对于入站，您可以查看常规查询日志.

For inbound, you can look at the general query log.

select @@general_log; -- a 1 indicates it is turned on for capture
select @@general_log_file; -- the file that it logs to

因此可以将所有查询 记录到 honeypots 适用于入侵者:p

So all the queries can be logged to the General Query Log if the setting is turned on. And as you can load it in a text editor, you can search on, say, table name. It shows date and time. Or at least a date offset and time. You can search on "connect". Or, my favorite, "Access denied for user" to see if my honeypots are working for intruders :p

还要查看手册页上的错误日志 ，注意警告级别和基于您的版本的详细程度设置.

Check out the manual page for The Error Log too, noting warning levels, and verbosity settings based on your version.

我建议您按日期创建备份副本(如此命名)并将其删除以重新开始.它的大小可以快速增长.不要忘记您当前是否打开或关闭了该设置.

I would recommend that one create a backup copy by date (named as such) and delete it to start fresh. It can grow in size rapidly. Don't forget whether or not you have the setting turned on or off at the moment.

这篇关于跟踪出站连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！