The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Account file Removals

Discussion in 'General Discussion' started by GaryT, Sep 7, 2010.

  1. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
    One of my clients put in a ticket via WHMCS why his site would not load, So I looked and checked there cPanel and they have no files, I can only assume his account was breached. Yes I know I can restore this via WHM but first of I want to locate how this was done, Now probably due to there own security but where and what do I do to check the logs, I can only assume it was done by FTP, so where do I check the full logs for his account to find the IP that did this ? Then once done we can advice him and he can then look it up via there database

    Thanks.
     
  2. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    The cPanel access log is located at the following path:
    Code:
    /usr/local/cpanel/logs/access_log
    FTP log messages may be found in the following system log:
    Code:
    /var/log/messages
    The aforementioned logs may be searched, such as by using grep, for an account username, remote IP address, or other criteria that may be relevant:
    Code:
    # grep "username" /usr/local/cpanel/logs/access_log
    # grep "username" /var/log/messages
     
  3. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
    Sorry for the slow reply, Thanks Don ! Ill check it out.
     
Loading...

Share This Page