Access logs, file manager logs etc
Hi
Client had a breach to their website, got the access logs and fount the culprit and their IP. FTP logs show no access. Access logs show once inside cpanel then went into file manager. This where they deleted public_html folder.
Where do i find a log that tells me they deleted this folder?
Re: Access logs, file manager logs etc
Try searching through:
This file contains access_log data for the cPanel/WHM interface, and you can search through the GET strings for 'frontend/x3/filemanager' (or whatever skin is used).Code:/usr/local/cpanel/logs/access_log
NDCHost (ProVPS): Xen VPS / Dedicated / Co-Location
Contact us for your cPanel Licensing needs! We price match, provide better support, and take care of our customers!
Re: Access logs, file manager logs etc
Hi
I've had a look through them and indeed got results from the criminals IP which shows GET requests. But what am i looking for that shows a request "delete public_html" ?
Re: Access logs, file manager logs etc
I'm not sure that there are log files for the File Manager itself, hopefully I'll be corrected here by someone. I've just created and then deleted a directory via FM and can find no traces of those actions in my logs.
Re: Access logs, file manager logs etc
There is logs of said person accessing file manager.
Thing is my client wants to process legal action and needs said logs... bit lacking if logs are provided for GET accesses to FM but not rm -rf requests?
Re: Access logs, file manager logs etc
Correct.There is logs of said person accessing file manager.
I agree. If there are tracks left for actual actions in File Manager I'm not sure where they'd be.bit lacking if logs are provided for GET accesses to FM but not rm -rf requests?
That said, how did they get into the account? If the user did not have a hard-to-guess password this type of damage should be expected. Restoring the account from backup and setting a much harder password, and, scanning this users home computer for any sort of problems is suggested.
Good luck!
Re: Access logs, file manager logs etc
Yeah I store back ups for clients, so I resorted this for them within 20mins of it going down. Reset passwords and provided it via phone (too risky to provide by email at that point) The breach was from an ex-friend of theirs, they guessed my clients google mail security questions and gained access to confidential emails and credentials.
The access logs are enough for a small claims court here in the UK. Just one of those things ain't it.... although logs of what people do in file manager would of been handy at this point.
Thanks for your help.
LinkBack URL
About LinkBacks
Reply With Quote