Learn about Centmin Mod LEMP Stack today
Become a Member

Server Logs and inspection

Discussion in 'System Administration' started by hitman, Apr 6, 2016.

  1. hitman

    hitman Member

    110
    9
    18
    Jul 18, 2014
    Ratings:
    +13
    Local Time:
    2:52 AM
    hello
    is there a list of the location of all the logs in centminmod?
    if no, how can i find them?

    i am asking because i would like to inspect an old server which i believe is backdoored.
    Is there any advice on what to look for or anything similar?
    (i know that the best solution is to reinstal the OS but i also would like to learn if i can how to spot a threat)

    thank you
     
  2. Jimmy

    Jimmy Premium Member Premium Member

    1,026
    231
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +555
    Local Time:
    7:52 PM
    1.13.x
    MariaDB 10.1.x
    • Like Like x 1
    • Informative Informative x 1
  3. hitman

    hitman Member

    110
    9
    18
    Jul 18, 2014
    Ratings:
    +13
    Local Time:
    2:52 AM
    thank you very much jimmy
    (the js works for me fine)

    any tips/tricks to diagnose a compromised server?
     
    • Like Like x 1
  4. Jimmy

    Jimmy Premium Member Premium Member

    1,026
    231
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +555
    Local Time:
    7:52 PM
    1.13.x
    MariaDB 10.1.x
    Yea, if in any way shape or form the server has been compromised, start over. Back the thing up, create a new server and move your sites over to another server.

    Diagnosing a hacked server could take awhile and you might never find out the extent of damage done if the hacker was a true professional... they would've deleted all traces of their presence.

    Best of luck! :)
     
    • Like Like x 1
  5. Jimmy

    Jimmy Premium Member Premium Member

    1,026
    231
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +555
    Local Time:
    7:52 PM
    1.13.x
    MariaDB 10.1.x
    Forget it @eva2000 dropdown is now working for me. Had to clear cookies and cache for centminmod.com.
     
    • Like Like x 1
  6. hitman

    hitman Member

    110
    9
    18
    Jul 18, 2014
    Ratings:
    +13
    Local Time:
    2:52 AM
    hello
    i am monitoring the processes and i am noticing that postfix is being used sometimes a lot
    the server has 5 sites on and they are all sending emails through php

    if i am not mistaken postfix should not run in case mails sending from php correct???
     
  7. eva2000

    eva2000 Administrator Staff Member

    29,031
    6,588
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,780
    Local Time:
    9:52 AM
    Nginx 1.13.x
    MariaDB 5.5
    postfix is responsible for sending outbound emails via both php mailers and also server system emails itself i.e. emails to root user etc
     
    • Like Like x 1