What can Code Blue do for me?
It can help you understand what is really happening on your web server in the context of security. The report helps you identify worms, bad robots (eg spam harvesters), vulnerability scanners and so on.
I'm running ...... web server, does Code Blue support its log format(s)?
At the moment Code Blue supports Common Log Format and Combined Log Format as well as IIS so that should cover most web servers unless you've customized your log.
Should I perform the analysis statically or dynamically?
Dynamic analysis should be performed on a live log as new entries are constantly added to the file while static analysis is more suited to scanning files that are not being updated like backup logs for example.
Can I update the vulnerability database?
The vulnerability database has been created and maintained by Sullo as part of his excellent Nikto web server vulnerability scanner. It is updated frequently and can be downloaded manually. Just overwrite the older version of the database. We are thinking of providing an automatic update feature in future versions of Code Blue.
What if I only want to look for specific things like vulnerability scanners and not worms?
Settings option allows you to configure the program according to your requirements. You can set it to scan for particular vulnerability types as you wish.
'Number of 4** errors before alert' option in the settings sounds important, but what WTF is that?
This option refers to number of 400 - 499 (meaning error from the user side) errors that occur from the same IP before alerting you in the report. This allows you to monitor whether someone is trying to compromise your server by using automatic vulnerability scanner or is trying to do it manually by changing the query string. 'Number of database entries before alert' option provides greater flexibility for you in terms of report output.
How far is the program from stable release?
To be honest, we think there's a fair way to go yet. We really appreciate your feedback, whether it's a bug report, a feature request or simply your thoughts on the program.
I'd like to participate in the project, what can I do?
Please contact us!