Learn about Centmin Mod LEMP Stack today
Register Now

Server Logs and inspection

Discussion in 'System Administration' started by hitman, Apr 6, 2016.

  1. hitman

    hitman Member

    117
    10
    18
    Jul 18, 2014
    Ratings:
    +14
    Local Time:
    11:03 PM
    hello
    is there a list of the location of all the logs in centminmod?
    if no, how can i find them?

    i am asking because i would like to inspect an old server which i believe is backdoored.
    Is there any advice on what to look for or anything similar?
    (i know that the best solution is to reinstal the OS but i also would like to learn if i can how to spot a threat)

    thank you
     
  2. Jimmy

    Jimmy Premium Member Premium Member

    1,165
    256
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +626
    Local Time:
    4:03 PM
    1.13.x
    MariaDB 10.1.x
    • Like Like x 1
    • Informative Informative x 1
  3. hitman

    hitman Member

    117
    10
    18
    Jul 18, 2014
    Ratings:
    +14
    Local Time:
    11:03 PM
    thank you very much jimmy
    (the js works for me fine)

    any tips/tricks to diagnose a compromised server?
     
    • Like Like x 1
  4. Jimmy

    Jimmy Premium Member Premium Member

    1,165
    256
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +626
    Local Time:
    4:03 PM
    1.13.x
    MariaDB 10.1.x
    Yea, if in any way shape or form the server has been compromised, start over. Back the thing up, create a new server and move your sites over to another server.

    Diagnosing a hacked server could take awhile and you might never find out the extent of damage done if the hacker was a true professional... they would've deleted all traces of their presence.

    Best of luck! :)
     
    • Like Like x 1
  5. Jimmy

    Jimmy Premium Member Premium Member

    1,165
    256
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +626
    Local Time:
    4:03 PM
    1.13.x
    MariaDB 10.1.x
    Forget it @eva2000 dropdown is now working for me. Had to clear cookies and cache for centminmod.com.
     
    • Like Like x 1
  6. hitman

    hitman Member

    117
    10
    18
    Jul 18, 2014
    Ratings:
    +14
    Local Time:
    11:03 PM
    hello
    i am monitoring the processes and i am noticing that postfix is being used sometimes a lot
    the server has 5 sites on and they are all sending emails through php

    if i am not mistaken postfix should not run in case mails sending from php correct???
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,867
    6,905
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,397
    Local Time:
    7:03 AM
    Nginx 1.13.x
    MariaDB 5.5
    postfix is responsible for sending outbound emails via both php mailers and also server system emails itself i.e. emails to root user etc
     
    • Like Like x 1