access logs
Hello
It seems that one of my clients were hacked and someone installed a phpbb forum on its account. How can I see from witch ip has been done this?
Thanks
-
If you're lucky, and you don't have default WHM tweak settings (or the user enabled log archiving) the logs will be available through: /home/$username/access-logs/domain.com or /home/$username/logs/domain.com[.gz] Best to 'stat' a hacked file, and look for that time in the logs. 0 -
First of all you need to find the timestamp on that phpforum files to see when they were uploaded. Then you can check the ftp logs (/home/user/access_logs/ftp.domainxxx ) and access logs (/home/user/access_logs/domainxxx) to see what all happened during that time. If you have any auto script install tools like softaculous / fantastico in cpanel, worth checking the cpanel logs as well (which may need root ). Any way, change the cpanel password for the account as soon as possible. 0 -
Hello :) Yes, after searching for the timestamp of the installation, you can check the domain access logs for the domain name within the following directory as mentioned in the other replies: /usr/local/apache/domlogs/
Thank you.0
Please sign in to leave a comment.
Comments
3 comments