📊 Actividad de Cuenta
Historial de acciones en el sistema
🔍 Buscar en actividad
Actividad reciente
7 registros
| Fecha | Usuario | Acción | Detalles | IP |
|---|---|---|---|---|
| 2026-04-12 19:42:35 | admin |
login_success | Admin login | 192.168.1.100 |
| 2026-04-12 19:42:35 | alice |
login_success | User login | 201.220.45.123 |
| 2026-04-12 19:42:35 | alice |
invoice_view | Viewed invoice #1040 | 201.220.45.123 |
| 2026-04-12 19:42:35 | alice |
invoice_view | Viewed invoice #1041 | 201.220.45.123 |
| 2026-04-12 19:42:35 | bob |
login_success | User login | 186.45.78.90 |
| 2026-04-12 19:42:35 | bob |
invoice_create | Created invoice #1045 | 186.45.78.90 |
| 2026-04-12 19:42:35 | admin |
settings_change | Updated company logo | 192.168.1.100 |
🔴 Log público (vulnerable)
El archivo de log está accesible públicamente:
📄 Ver /logs/app.logContenido actual:
[2026-04-12 19:48:59] 172.22.0.3 anonymous SEARCH: fake\n[2025-04-12 00:00:00] 127.0.0.1 admin LOGIN_SUCCESS: Logged in [2026-05-08 00:14:18] 172.30.0.2 anonymous SEARCH: curl http://localhost:8082/a09_actividad/logs/app.log [2026-05-08 00:15:00] 172.30.0.2 anonymous SEARCH: curl http://localhost:8082/a09_actividad/logs/app.log [2026-05-08 00:48:09] 172.30.0.2 anonymous SEARCH: curl http://localhost:8082/a09_actividad/logs/app.log [2026-05-08 00:50:05] 172.30.0.2 anonymous SEARCH: curl http://localhost:8082/a09_actividad/logs/app.log [2026-05-08 02:19:52] 172.30.0.2 anonymous SEARCH: fake\n[2025-04-12 00:00:00] 127.0.0.1 admin LOGIN_SUCCESS: Logged in [2026-05-08 02:19:58] 172.30.0.2 anonymous SEARCH: fake\n[2025-04-12 00:00:00] 127.0.0.1 admin LOGIN_SUCCESS: Logged in [2026-05-08 02:19:58] 172.30.0.2 anonymous SEARCH: af [2026-05-08 02:23:29] 172.30.0.2 anonymous SEARCH: hola mundo [2026-05-08 09:51:24] 172.30.0.2 anonymous SEARCH: big school [2026-05-08 09:51:37] 172.30.0.2 anonymous SEARCH: pwned [2026-05-08 09:53:40] 172.30.0.2 anonymous SEARCH: login failure
⚠️ Problemas de logging
-
Sin login_failed:
Brute force en A07 no deja rastro -
Log en webroot:
Cualquiera puede leer/logs/app.log -
Log injection:
El buscador escribe directo al log sin sanitizar
🛡️ Cómo arreglarlo
# 1. Loguear intentos fallidos
log_event('login_failed', $user, $ip);
# 2. Mover log fuera del webroot
error_log = /var/log/nexo/app.log
# 3. Sanitizar antes de loguear
$safe = str_replace(
["\r", "\n", "\t"],
['', '', ''],
$input
);
# 4. Configurar alertas
if (failed_attempts > 10) {
send_alert_to_security_team();
}