Hello,
I found a big directory is deleted today from my website and I saw a million logs. This directory is a WordPress and I checked cPanel, FTP, Apache, Access, Secure .. etc logs
But what I notice that I can't figure out which IP has deleted the files. I saw a lot of logs before the directory disappeared but there are no specific words that this IP deleted this file or this directory.
I even tried it by myself logged to cPanel and created and removed the file and I found my IP but It's all normal logs Get / .. etc
There're no words such as " dropped, removed, deleted, .. etc" I checked also all the logs in /var/log
I used grep, find with all options like grep -iR .. etc and filter the results.
So any ideas how can I get accurate results?
Thank you
I found a big directory is deleted today from my website and I saw a million logs. This directory is a WordPress and I checked cPanel, FTP, Apache, Access, Secure .. etc logs
But what I notice that I can't figure out which IP has deleted the files. I saw a lot of logs before the directory disappeared but there are no specific words that this IP deleted this file or this directory.
I even tried it by myself logged to cPanel and created and removed the file and I found my IP but It's all normal logs Get / .. etc
There're no words such as " dropped, removed, deleted, .. etc" I checked also all the logs in /var/log
I used grep, find with all options like grep -iR .. etc and filter the results.
So any ideas how can I get accurate results?
Thank you