/ Register

Welcome to Centmin Mod Community
Become a Member

Server Logs and inspection

Discussion in 'System Administration' started by hitman, Apr 6, 2016.

Previous Thread Next Thread
Loading...
  1. Apr 6, 2016 #1
    hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    2:11 PM
    hello
    is there a list of the location of all the logs in centminmod?
    if no, how can i find them?

    i am asking because i would like to inspect an old server which i believe is backdoored.
    Is there any advice on what to look for or anything similar?
    (i know that the best solution is to reinstal the OS but i also would like to learn if i can how to spot a threat)

    thank you
     
  2. Apr 6, 2016 #2
    Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    8:11 AM
  3. Apr 6, 2016 #3
    hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    2:11 PM
    thank you very much jimmy
    (the js works for me fine)

    any tips/tricks to diagnose a compromised server?
     
  4. Apr 6, 2016 #4
    Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    8:11 AM
    Yea, if in any way shape or form the server has been compromised, start over. Back the thing up, create a new server and move your sites over to another server.

    Diagnosing a hacked server could take awhile and you might never find out the extent of damage done if the hacker was a true professional... they would've deleted all traces of their presence.

    Best of luck! :)
     
  5. Apr 6, 2016 #5
    Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    8:11 AM
    Forget it @eva2000 dropdown is now working for me. Had to clear cookies and cache for centminmod.com.
     
  6. Apr 6, 2016 #6
    hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    2:11 PM
    hello
    i am monitoring the processes and i am noticing that postfix is being used sometimes a lot
    the server has 5 sites on and they are all sending emails through php

    if i am not mistaken postfix should not run in case mails sending from php correct???
     
  7. Apr 6, 2016 #7
    eva2000

    eva2000 Administrator Staff Member

    54,909
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    10:11 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    postfix is responsible for sending outbound emails via both php mailers and also server system emails itself i.e. emails to root user etc
     
Previous Thread Next Thread
Loading...

.