Skip to main content

access logs

Comments

3 comments

  • quizknows
    If you're lucky, and you don't have default WHM tweak settings (or the user enabled log archiving) the logs will be available through: /home/$username/access-logs/domain.com or /home/$username/logs/domain.com[.gz] Best to 'stat' a hacked file, and look for that time in the logs.
    0
  • MaestriaNick
    First of all you need to find the timestamp on that phpforum files to see when they were uploaded. Then you can check the ftp logs (/home/user/access_logs/ftp.domainxxx ) and access logs (/home/user/access_logs/domainxxx) to see what all happened during that time. If you have any auto script install tools like softaculous / fantastico in cpanel, worth checking the cpanel logs as well (which may need root ). Any way, change the cpanel password for the account as soon as possible.
    0
  • cPanelMichael
    Hello :) Yes, after searching for the timestamp of the installation, you can check the domain access logs for the domain name within the following directory as mentioned in the other replies: /usr/local/apache/domlogs/
    Thank you.
    0

Please sign in to leave a comment.