ANALYSIS OF BRUTE FORCE ATTACK LOGS TOWARD NGINX WEB SERVER ON DASHBOARD IMPROVED LOG LOGGING SYSTEM USING FORENSIC INVESTIGATION METHOD

Rio Pradana Aji; Yudi  Prayudi; Ahmad  Luthfi

doi:10.52436/1.jutif.2023.4.1.644

Rio Pradana Aji Program Studi Informatika Program Magister Fakultas Teknologi Industri, Universitas Islam Indonesia
Yudi Prayudi Program Studi Informatika Program Magister Fakultas Teknologi Industri, Universitas Islam Indonesia
Ahmad Luthfi Program Studi Informatika Program Magister Fakultas Teknologi Industri, Universitas Islam Indonesia

DOI: https://doi.org/10.52436/1.jutif.2023.4.1.644

Keywords: Bruteforce, Digital Forensics, Monitoring, Wazuh, Website

Abstract

Since it was first launched in 1990, the Web Server is still in use today. No exception, almost all companies entering industry 4.0 use Web Servers to show the existence of the company's website and its products. Starting from the websites provided for free by WordPress and Blogspot to independent websites created by their respective companies. The web server itself is available in several types, ranging from apache, nginx, litespeed, etc. Of course, the use of a Web Server for websites cannot be separated from internet crimes or cyber crimes. One of the crimes committed is the hacker's attempt to login to the website Administrator page. The loophole used by hackers is brute force or forced entry by trying every combination of existing Administrator User and Password. This research focuses on building and updating a website monitoring dashboard system with Wazuh technology. The method used in this study is the Quantitative Forensic Investigation Method by examining the logs generated by the System Dashboard using Digital Forensic procedures. This monitoring process aims to detect brute force threats on managed websites by showing the website Administrator login activity log. The results of the metadata log shown by the optimized dashboard show the number of brute force attacks on managed websites. The number of attacks recorded was 259646 attacks on the first cluster and 288676 attacks on the second cluster. In addition, the results of the metadata log can be investigated further to find the location of the Hacker. The location of the hackers found was only limited to the VPN (Virtual Private Network) server used. One of the VPN servers used in this case is Amazon Data Center.

Downloads

Download data is not yet available.

References

I. Arnomo, “Simulasi Pengamanan Database Web Server Repository Institusi Melalui Jaringan Lan Menggunakan Remote Access,” Jurnal Sistem Informasi, Teknologi Informasi dan Komputer, vol. 9, no. 1, pp. 65–65, Sep. 2018.

C. W. Hukama, B. D. Yuwono, and A. L. Nugraha, "Pembuatan Sistem Informasi Gnss Cors Undip Berbasis Web," Jurnal Geodesi UNDIP, vol. 7, no. 1, pp. 90-99, Jan. 2018.

I. K. Satwika and K. N. Semadi, “Perbandingan performansi web server Apache dan Nginx Dengan menggunakan ipv6,” SCAN - Jurnal Teknologi Informasi dan Komunikasi, vol. 15, no. 1, 2020.

T. Butar, “Pertanggungjawaban Pidana Pelaku Yang Melakukan Pembobolan Website Pengadilan Negeri Yang Mengakibatkan Sistem Elektronik Tidak Bekerja (Studi Putusan No.25/Pid.Sus/2019/PN Unh).,” Repository Universitas HKBP Nommensen, pp. 1–52, Feb. 2022.

A. Antoni, “Kejahatan Dunia Maya (cyber crime) Dalam Simak online,” Nurani: Jurnal Kajian Syari'ah dan Masyarakat, vol. 17, no. 2, pp. 261–274, Feb. 2018.

Kris Andre Prasetyo, Mohammad Idhom, and Henni Endah Wahanani, “Sistem Pencegahan Serangan Bruteforce Pada Multiple Server Dengan Menggunakan Fail2ban”, JIFoSI, vol. 1, no. 3, pp. 789-796, Nov. 2020.

N. K. Ulya, L. E. Nugroho, and D. Adhipta, “Evaluasi Sistem Otentikasi Graphical Password Menggunakan Random Color Berbasis Web,” Repository Universitas Gadjah Mada, pp. 1–86, 2017.

A. D. Septian, “Monitoring 3 Log Web Server Menggunakan Splunk,” Repository Universitas Muhammadiyah Malang, pp. 1–38, Dec. 2021.

W. Sholihah, S. Pripambudi, and A. Mardiyono, “Log event management server menggunakan elastic search Logstash Kibana (elk stack),” JTIM : Jurnal Teknologi Informasi dan Multimedia, vol. 2, no. 1, pp. 12–20, May 2020.

D. Lintang, “Monitoring Aktivitas User pada System dengan Menggunakan EFK (Elasticsearch, Fluentd, Kibana) Stack,” Repository Universitas Islam Indonesia (dspace), pp. 1–62, Nov. 2019.

R. P. Aji, “‘Pengembangan Dasbor Sistem Pencatatan Log Server Menggunakan Elasticsearch-Fluentd- Kibana (Efk) Stack,” Automata, vol. 1, no. 2, Jun. 2020.

F. Nova, M. D. Pratama, and D. Prayama, “Wazuh Sebagai log event management Dan Deteksi Celah Keamanan Pada server dari serangan dos,” JITSI : Jurnal Ilmiah Teknologi Sistem Informasi, vol. 3, no. 1, pp. 1–7, Mar. 2022.

R. Watrianthos, A. Iskandar, A. F. Pakpahan, E. B. Wagiu, J. Simarmata, O. K. Sulaiman, and Jamaludin, “Prinsip dan Metodologi Forensika Digital,” in Forensika Digital, A. Rikki, Ed. Medan, Sumatra Barat: Yayasan Kita Menulis, 2021, pp. 5–5.

F. C. Freiling and B. Schwittay, “A Common Process Model for Incident Response and Computer Forensics (2007),” Proceedings of Conference on IT Incident Management and IT Forensics, 2007.

F. Mulyadi, L. A. Annam, R. Promya, and C. Charnsripinyo, “Implementing dockerized elastic stack for security information and event management,” 2020 - 5th International Conference on Information Technology (InCIT), Oct. 2020..