Hi there, I am coding a script that detects any suspicious activity (example: uploading shells to the server, etc.) and works great, but I was thinking of searching the session id thought the access.log on Apache2 so they can get their IP and account banned.
I used phpinfo(); for session.save_path but in the directory, there are not the session files.
Where is the location of them?
EDIT: I know that some "hackers" or "script kiddies" will going to change their IP thought any VPN, but I am already done on that part.
Also i was wondering if there is a way to hide the session id from the url for more security (example: save on a cookie)?