The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logs/info on server for police

Discussion in 'General Discussion' started by jeroman8, Sep 3, 2004.

  1. jeroman8

    jeroman8 Well-Known Member

    Joined:
    Mar 14, 2003
    Messages:
    410
    Likes Received:
    0
    Trophy Points:
    16
    Hello!

    I have had a client who is a criminal and used his account for fraud etc.

    I need to know from which IP addresses they have connected to the FTP,
    and get their e.mails etc.

    Where can I see this ?

    The access logs in apache doesn't cover so long back and not the other logs either.
    They start over when they are too big.
    I closed their account 2 months ago and did the backup but didn't think
    about the logs.
     
  2. cPanelBilly

    cPanelBilly Guest

    You will most likely no longer have logs for this client.
     
  3. zentity

    zentity Well-Known Member

    Joined:
    Jun 16, 2004
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    The /home/user directory should contain a last login IP in the .lastlogin file if they accessed cpanel - Maybe that will have their IP it.

    /var/log/xferlog may contain the accesses that you need

    grep user /var/log/xferlog

    and also check the cpanel access logs

    grep user /usr/local/cpanel/logs/access_log

    (Change user for the account user name.)

    If you have mail that they sent/replied to, that also may contain the IP of their network connection within the headers. /home/user/mail/*
     
    #3 zentity, Sep 3, 2004
    Last edited: Sep 3, 2004
  4. jeroman8

    jeroman8 Well-Known Member

    Joined:
    Mar 14, 2003
    Messages:
    410
    Likes Received:
    0
    Trophy Points:
    16
    Thanks!

    There was alot in the xfer logs!
     
Loading...

Share This Page