To have any specific discussion, I think we need a more explicit term than "cyberattacks."

There are various attacks in cyberland:

• Denial of Service (DoS)

• Ransomware

• Viruses

• Worms

• Man in the middle (MITM)

• Drive-by

• Pharming

• Phishing

• Script Injection

• Vector

• Trojans

• Spyware & Adware

Are all hacking attempts that try to break into a web site or server, for Apache, logged in the raw access log?

Depending on how your server access or server error log is set up, yes all requests either successful or failed should be logged.

Most server logs are set up to display failed requests in both the access log and the error log, although often reflecting some different information.

Are all hacking attempts that try to break into a web site or server, for Apache, logged in the raw access log?

As above: what kind of hacking attempts? Anything in the form of an http request--GET, POST, PUT (hahahaha)--will show up in logs. They’re the ones with long convoluted query strings containing code that is supposed to execute and Do Bad Things; look for suspicious numbers of \ backslashes and { braces }. But those tend to be trivially easy to block. If you have your own server, you may have a firewall that prevents some requests from even reaching the server, so those won't show up in access logs, though you will probably log them in some other way.

What happens on other ports will depend on what the server has been set up to do with them. Take the most elementary example: if a server contains no secure sites, it may not even be listening on port 443, so any attempted entries will simply time out.

I can't imagine setting up a server to listen on all possible ports by default. It would be like leaving all your ground-floor doors and windows open on the off chance that your cat might one day want to come in by a non-standard route.

:: detour to MAMP config file, followed by Apache docs ::

Yeah, that's what I thought. You have to tell it the specific ports to listen on. In fact, in Apache 2.2 and later you must include a Listen directive.

>>• Vector

i thought vector just meant a 'type' of attack eg. Phishing is a vector ... i could be wrong though!

>>I have been playing with various open source hacking software which you can state a specific port to use for an attack

i'd say generally most servers are locked down with only a few open ports:
80 443 8080 (for http access)
if the server is also a mail server then typically: 25, 110, 143, 465, 587, 993
there might also be open ports for MySQL, ftp and ssh
possibly other ports for various apps that could be running on specific ports
... al other ports are generally shut!

... quite honestly MySQL and ssh should be firewalled to allow acces from specific IPs only
and no-one should be using ftp anymore either so that should be shut - ftp should be through the ssh or other methods.

thus most attacks would be through the 80, 443 or 8080 ports

these would most likely be logged by apache - assuming you have setup the logs accordingly.

as lucy24 said :
>.They’re the ones with long convoluted query strings containing code that is supposed to execute and Do Bad Things; look for suspicious numbers of \ backslashes and { braces }.

this is generally some kind of injection attack that should be blocked somewhere in your code one way or another
- for instance you can check query string length and anything longer than expected then deal with it accordingly.

you wil notice in your logs loads of request to various wordpress or other similar type files - these are effectively probes checking to see if those files exist ... if they do then a hack attempt will follow.
one of the advantages of home grown code - is that even if it is not as well written as other code, assuming you don't publish it, then no-one knows how to exploit it, the big cms systems (if open source) are available for anyone to analyse.

i know you haven't asked this but another line of defence is making sure your data is encrypted... so even if you ae hacked then at least the data stolen isn't in plaintext.
obviously product descriptions etc don't matter as they are presumably available on your website anyway, but private customer data is another matter.

Thanks very much. I was just curious. If someone was to attack a server I'd like to know that if I monitor the raw access log I'd have a front row seat for all the action, and perhaps to launch a defense.

I already get the usual Wordpress attacks, so I'm familiar with them. Thanks, All.

If you don’t already do so, ftp into your site periodically. Make sure nothing is there that shouldn’t be, and that any datestamps are what they ought to be.