Skip to main content

How to check who delete an file (Maybe Hacked)

dezagus
Hello all! Today I was surprised by my alert system because maybe I was hacked. Misterelly, one of files with most traffic (router file) was deleted. So, I would like reserch who and how. It's possible with WHM logs, cPanel or SSH? Is in existence someone log? I start an emergency steeps.

Comments

2 comments

Date Votes
  • server9host
    Hello, You can check the that using access logs. /usr/local/cpanel/logs/access_log
    0
  • cPanelMichael
    Hello :) Could you elaborate on what file was removed? For instance, what is a router file? Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post