The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

enabled mod_dumpio and don't see anythign different.

Discussion in 'Security' started by chetanmadaan, Apr 18, 2013.

  1. chetanmadaan

    chetanmadaan Member

    Joined:
    Jun 18, 2010
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Hi -

    we were recentlly hacked and after a lot of research i found out that we can enable the apache module mod_dumpio which would let us see the post content as well along with the post and get log.

    Now, i went ahead and Recompiled apache using EasyApache and enabled mod_dumpio in WHM... and did some post and get request on the site and then downloaded the Raw Apache Log file and don't see anything different.

    Wouldn't this write logs to the main log file or is there a different log file created for this?

    Thanks
     
  2. arunsv84

    arunsv84 Well-Known Member

    Joined:
    Oct 20, 2008
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    I believe you need to enable the following in Apache config file.

    DumpIOLogLevel debug
    DumpIOOutput On

    Check the LogLevel set in your Apache config file.

    Cheers!!!
     
  3. chetanmadaan

    chetanmadaan Member

    Joined:
    Jun 18, 2010
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I assume you meant adding information right to the httpd.conf file... as editing that file is not recommend... i added the above two lines to the one of the includes files.

    is that cool enough... i guess i will know in a while mysql.

    Thanks

    - - - Updated - - -

    Hi -

    i still don't see anything... i just did a post and this is all i see in the log file.

    103.x.200.xx - - [22/Apr/2013:15:54:52 -0500] "POST /administrator/index.php HTTP/1.1" 303 - "http://www.site.com/administrator/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0"
     
  4. arunsv84

    arunsv84 Well-Known Member

    Joined:
    Oct 20, 2008
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    Have you restarted httpd? Make sure the Include file is enabled in httpd.conf.

    Thanks!

     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    941
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    It looks like you're looking at the sites access-log, you need the apache error log most likely for dumpio output.
     
Loading...

Share This Page