enabled mod_dumpio and don't see anythign different.

C

chetanmadaan

Active Member
Jun 18, 2010
41
7
58
Hi -

we were recentlly hacked and after a lot of research i found out that we can enable the apache module mod_dumpio which would let us see the post content as well along with the post and get log.

Now, i went ahead and Recompiled apache using EasyApache and enabled mod_dumpio in WHM... and did some post and get request on the site and then downloaded the Raw Apache Log file and don't see anything different.

Wouldn't this write logs to the main log file or is there a different log file created for this?

Thanks
 
arunsv84

arunsv84

Well-Known Member
Oct 20, 2008
372
1
68
127.0.0.1
cPanel Access Level
Root Administrator
I believe you need to enable the following in Apache config file.

DumpIOLogLevel debug
DumpIOOutput On

Check the LogLevel set in your Apache config file.

Cheers!!!
 
C

chetanmadaan

Active Member
Jun 18, 2010
41
7
58
I assume you meant adding information right to the httpd.conf file... as editing that file is not recommend... i added the above two lines to the one of the includes files.

is that cool enough... i guess i will know in a while mysql.

Thanks

- - - Updated - - -

Hi -

i still don't see anything... i just did a post and this is all i see in the log file.

103.x.200.xx - - [22/Apr/2013:15:54:52 -0500] "POST /administrator/index.php HTTP/1.1" 303 - "http://www.site.com/administrator/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0"
 
arunsv84

arunsv84

Well-Known Member
Oct 20, 2008
372
1
68
127.0.0.1
cPanel Access Level
Root Administrator
Have you restarted httpd? Make sure the Include file is enabled in httpd.conf.

Thanks!

chetanmadaan said:
I assume you meant adding information right to the httpd.conf file... as editing that file is not recommend... i added the above two lines to the one of the includes files.

is that cool enough... i guess i will know in a while mysql.

Thanks

- - - Updated - - -

Hi -

i still don't see anything... i just did a post and this is all i see in the log file.

103.x.200.xx - - [22/Apr/2013:15:54:52 -0500] "POST /administrator/index.php HTTP/1.1" 303 - "http://www.site.com/administrator/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0"
Click to expand...
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
D Breached cPanel - multiple logged logins even with 2FA enabled Security 2
L i get email regarding succesfull cpanel login even after i enabled 2 factor authentication Security 1
J Need to have 2FA enabled for WHM for multiple co-workers Security 7
A Domain without LetsEncrypt redirect to another domain with SSL enabled Security 6
PCZero Security items displayed in cPanel for use who is not enabled for them Security 5
Similar threads
Breached cPanel - multiple logged logins even with 2FA enabled
i get email regarding succesfull cpanel login even after i enabled 2 factor authentication
Need to have 2FA enabled for WHM for multiple co-workers
Domain without LetsEncrypt redirect to another domain with SSL enabled
Security items displayed in cPanel for use who is not enabled for them
Top Bottom