The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM activity / SSH activity

Discussion in 'General Discussion' started by ozmo, Jul 16, 2008.

  1. ozmo

    ozmo Active Member

    Joined:
    Jul 5, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Australia
    Hi all,

    I have recently employed a company to perform a security audit on one of my servers. They claim they have been working on the server for aprox. one week.

    I have seen no activity on the server via ssh. I simply ran the command (last -20) to see how long they had actually been working and low and behold there was absolutely no record of any other IP addresses apart from my home and my office.

    So my question is...

    I assume if they were accessing WHM to perform part of their audit, performance tweaking and installing software, I would be able find record of their activity somewhere, correct?

    Any advise would be very much appreciated.

    Thanks,

    oz
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    WHM access logs are located at /usr/local/cpanel/logs/access_log

    It will contain a log of all WHM, cPanel, and Webmail activity.
     
  3. n3tph4t

    n3tph4t Active Member

    Joined:
    Jan 31, 2004
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    I would say that they would find it very difficult to achieve much without shell....
    I'd be asking for a log of changes - they should be able to provide this (or else what plan were they working to - to secure the box).

    Consider getting chirpy to look at the box, the configserver services have been excellent and invaluable to me.

    Just my 2c/2p
     
  4. rgpayne

    rgpayne Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Texas
    I personally would recommend PSM myself, they tell you exactly what they are doing and when they are doing
     
  5. ozmo

    ozmo Active Member

    Joined:
    Jul 5, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Australia
    AdminGeekz

    I went with AdminGeekz. Best decision i ever made.

    The company in question was Server Wizards. Absolutely terrible.

    Try running a search on WHT, you'll see what I mean.
     
Loading...

Share This Page