Whether you are running Drupal,Wordpress, Expression engine, Joomla or in fact any web site one of the regular tasks you should carryout on your web site is a bit of log analysis. It is often left up to modules, plug ins or someone else to protect your web site until it too late.
We all rely on Google Analytics to tell us about visitors and maybe use our log analysis software (AWStats, Webaliser etc) to report on log entries - but it is always worth using tools locally to dig deeper into your logs. These can range from simple reports on accesses to your site to more detailed forensic analysis of site activity.
By doing this we get to know better how visitors are accessing our site and can uncover some interesting answers to questions such as:

• How often is Google actually spidering my site?
• How many errors am I getting and what are they?
• Who is stealing my content?
• Is anyone trying to crack my site?

In this post I will briefly cover some useful techniques to analyse you logs and see if any one is abusing your hospitality.

When you first install Drupal it creates the master user (1) - this should ideally not be used to create content and it is good practice to create a new user for administrative purposes (not called admin but with an equivalent set of permissions) and an administrators group so that the super user doesn't get used - it may even be worth blocking the super user once you have done that. But be aware that some modules need to impersonate that user. If you want to restrict login for that user you can create an Access Rule to deny Admin for user name - this will effectively disallow logging in as Admin.

Issue: In a Drupal site a logged in user gets a 403 page (access denied) if they browse to the user/login page. Well? (I hear you ask) Why do you want to see the login page if you are logged in?? Good question - but it is not really an error or an access denial issue is it - it is more a 'user path/flow' issue. A good solution would be to see the user's own profile page.

It is easy to forget that the files in your web site are visible to anyone even if they are not linked to or are not files normally requested. In this post we look at how to use the.htaccess file to control access to your site.