Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Tracking deleted files?

Discussion in 'Security' started by Abdel24hour, Jul 9, 2019.

Tags:
  1. Abdel24hour

    Abdel24hour Registered

    Joined:
    Sep 21, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Hello,

    I found a big directory is deleted today from my website and I saw a million logs. This directory is a WordPress and I checked cPanel, FTP, Apache, Access, Secure .. etc logs

    But what I notice that I can't figure out which IP has deleted the files. I saw a lot of logs before the directory disappeared but there are no specific words that this IP deleted this file or this directory.

    I even tried it by myself logged to cPanel and created and removed the file and I found my IP but It's all normal logs Get / .. etc

    There're no words such as " dropped, removed, deleted, .. etc" I checked also all the logs in /var/log

    I used grep, find with all options like grep -iR .. etc and filter the results.

    So any ideas how can I get accurate results?

    Thank you
     
    #1 Abdel24hour, Jul 9, 2019
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,482
    Likes Received:
    508
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    If the files were deleted through the UI you'd be able to check this through the access logs but if the files were removed over SSH you'd want to check the bash history.

    You can run the history command and it will print the bash history of the current user from oldest to newest. It's also stored in /home/$user/.bash_history
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelLauren, Jul 9, 2019
  3. Abdel24hour

    Abdel24hour Registered

    Joined:
    Sep 21, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Thank you, but I was asking for specific words, I checked the logs and I saw IP from other country but all the logs about GET and CSS files from file manager, how can I know which exactly files deleted ! .. cPanel doesn't give me this ability from logs ..
     
    #3 Abdel24hour, Jul 9, 2019
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,482
    Likes Received:
    508
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Actual removals of items through the UI will show a POST request in the access logs but you won't necessarily see "removed" as an output. If the files were removed through the UI in the file manager, unless you specifically check the box they are put into a trash bin which can be found at /home/$user/.trash and it might be worth checking there as well.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelLauren, Jul 10, 2019
    Abdel24hour likes this.
  5. Abdel24hour

    Abdel24hour Registered

    Joined:
    Sep 21, 2017
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    That's what I was looking for " POST " .. thank you
     
    #5 Abdel24hour, Jul 13, 2019
    cPanelLauren likes this.
(You must log in or sign up to post here.)
Loading...
Similar Threads - Tracking deleted files
  1. LoadFactor

    Tracking IMAP bandwidth use

    LoadFactor, Apr 3, 2019, in forum: E-mail Discussion
    Replies:
    12
    Views:
    664
    Metro2
    May 30, 2019
  2. Gareth-AWD

    Tracking down the cause of apache hanging processes

    Gareth-AWD, Jan 30, 2019, in forum: EasyApache
    Replies:
    5
    Views:
    418
    cPanelLauren
    Feb 11, 2019
  3. Joe Gold

    AWS Instance Usage Tracking?

    Joe Gold, Oct 31, 2018, in forum: General Discussion
    Replies:
    9
    Views:
    258
    cPanelLauren
    Nov 6, 2018
  4. jk_dc

    Email Tracking & Reporting

    jk_dc, Apr 20, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    769
    cPanelMichael
    Apr 20, 2018
  5. denverdataman

    Tracking Redirects

    denverdataman, Mar 27, 2018, in forum: Workarounds and Optimization
    Replies:
    4
    Views:
    443
    cPanelMichael
    Mar 28, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice