I have installed my PHP scripts which runs over Apache server in a Windows machine in my office LAN network. It is an internal contest application. Now I want to secure the machine from all sort of intrusions and I would like to log all the intruder's details and what sort of intrusion they have tried. Is it possible to implement through code or is there any existing tool to implement these functions?
I know that there are options to get external user's data like $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_REFERER'], $_SERVER['HTTP_USER_AGENT']. I have a little script for tracking these details. And many of the ports are closed and I am running an AV in it for the purpose. These data will not be enough to get the intrusion type that they have attempted. I want to make the system more secure from all sort of vulnerability and attacks. Can any one point me to a right tool?
I suggest you the following subjects:
At the operating system level, you can use these tools:
Monitoring Windows Firewall: http://technet.microsoft.com/en-us/library/cc775693(WS.10).aspx This can log all the connection attempts towards your computer.
Intrusion detection system: http://en.wikipedia.org/wiki/Intrusion_detection_system This can alert you, if somebody is trying to use your available backdoors*.
*very simplified, see the wikipedia entry for correct information
Also, there is GFI's ( http://www.gfi.com/ ) products, which can test your server for common misconfiguration and report to you before the incidents could happen.
At the apache level you can use: Module mod_access: http://httpd.apache.org/docs/1.3/mod/mod_access.html This is only an access control, so i don't think it can create detailed logs, but the apache.log / error.log stores every attempt.
At the application level (php) you can use: Logging: log every request you serve and log every command/sql query you do, later, you can review them for security audit.
Get information from the "attackers": You can only get a limited amount of information, and they can also reject your information-requesting attempt, securing, cloaking themselfs in the network.
But, as Col. Shrapnel said in the comments, this is 5 years of education and experience.