VPS Logs

Discussion in 'Linux VPS/Dedicated - cPanel' started by Sherrie, Apr 22, 2010.

  1. Sherrie

    Sherrie Member

    Can someone tell me what logs can show me what someone whom logging in through my root password accesses on my server, e.g. whether they down load any of my files etc. I found out today someone hacked in and I was interested in finding out what they got up to in case anything else has been compromised.

    Cheers
     
  2. KH-Paul

    KH-Paul CTO Staff Member

    Sherrie,

    On cPanel systems logs can be found at the following locations:

    /var/log/messages - one of the main system log files, also contains entries logged by the FTP server;
    /var/log/exim_* - exim mail server log files;
    /var/log/maillog - courier-imap log entires can be found in this file;
    /usr/local/apache/domlogs/[domainname] - site access log files;
    /usr/local/cpanel/logs/access_log - cPanel/WHM access log

    Please feel free to submit a ticket if any assistance with logs checking is required.

    Regards,
    Paul
     
  3. Dan

    Dan Moderator

    Hi Sherrie,

    There is a little file here /root/.bash_history that will show command history. Assuming they didn't clean it or delete it. Or create another user with root privileges. You might want to get support to look in on it :)
     
  4. khiltd

    khiltd New Member

    You really shouldn't allow root logins without an SSH key at all.
     

Share This Page