WHM activity / SSH activity

**ozmo** · 07-16-2008 11:07 AM

Hi all,

I have recently employed a company to perform a security audit on one of my servers. They claim they have been working on the server for aprox. one week.

I have seen no activity on the server via ssh. I simply ran the command (last -20) to see how long they had actually been working and low and behold there was absolutely no record of any other IP addresses apart from my home and my office.

So my question is...

I assume if they were accessing WHM to perform part of their audit, performance tweaking and installing software, I would be able find record of their activity somewhere, correct?

Any advise would be very much appreciated.

Thanks,

oz

**sparek-3** · 07-16-2008 11:20 AM

WHM access logs are located at /usr/local/cpanel/logs/access_log

It will contain a log of all WHM, cPanel, and Webmail activity.

**n3tph4t** · 07-16-2008 11:28 AM

Originally Posted by ozmo

Hi all,

I have recently employed a company to perform a security audit on one of my servers. They claim they have been working on the server for aprox. one week.

I have seen no activity on the server via ssh. I simply ran the command (last -20) to see how long they had actually been working and low and behold there was absolutely no record of any other IP addresses apart from my home and my office.

So my question is...

I assume if they were accessing WHM to perform part of their audit, performance tweaking and installing software, I would be able find record of their activity somewhere, correct?

Any advise would be very much appreciated.

Thanks,

oz

I would say that they would find it very difficult to achieve much without shell....
I'd be asking for a log of changes - they should be able to provide this (or else what plan were they working to - to secure the box).

Consider getting chirpy to look at the box, the configserver services have been excellent and invaluable to me.

Just my 2c/2p

**rgpayne** · 07-21-2008 03:08 AM

I personally would recommend PSM myself, they tell you exactly what they are doing and when they are doing

**ozmo** · 07-21-2008 08:44 AM

I went with AdminGeekz. Best decision i ever made.

The company in question was Server Wizards. Absolutely terrible.

Try running a search on WHT, you'll see what I mean.

LinkBack

Thread Tools

WHM activity / SSH activity

AdminGeekz

How do you check developers activity?

How to log SSH activity

How To : MySql Activity monitor

suspecious activity on the server

Log for Frontpage activity?