VPS Logs


Can someone tell me what logs can show me what someone whom logging in through my root password accesses on my server, e.g. whether they down load any of my files etc. I found out today someone hacked in and I was interested in finding out what they got up to in case anything else has been compromised.


On cPanel systems logs can be found at the following locations:

/var/log/messages - one of the main system log files, also contains entries logged by the FTP server;
/var/log/exim_* - exim mail server log files;
/var/log/maillog - courier-imap log entires can be found in this file;
/usr/local/apache/domlogs/[domainname] - site access log files;
/usr/local/cpanel/logs/access_log - cPanel/WHM access log

Please feel free to submit a ticket if any assistance with logs checking is required.

Hi Sherrie,

There is a little file here /root/.bash_history that will show command history. Assuming they didn't clean it or delete it. Or create another user with root privileges. You might want to get support to look in on it :)