1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Exploring possible hack. Can't access pre 01-01-13 log files?

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by pervisit, Jan 24, 2013.

  1. pervisit

    pervisit New Pleskian

    Jan 24, 2013
    Likes Received:
    I think our server has been hacked.

    Plesk 10 control panel admin password had changed the account profile details: Name address, user name etc has been changed. I'm a newbie admin and new here, but I'm trying to review the log files to see if I can see any issues and who accessed when.

    The problem is when I do settings | action log | dates .... and I try and change the year to 2012 to see what happend in December, for trends, the year field won't go back to 2012.

    1. How can I look back into 2012?
    2. What do I need to look for to see if we have had anything neanderthal done to the server!

    I have reset our Virtuoso root password and our Plesk panel password (differnet ones)

    The Jan log says .... www.www.onmydoorstep.co.uk:8880 - [20/Jan/2013:13:27:32 +0000] "GET /javascript/promo-flags.js.php HTTP/1.1" 200 83 "http://www.www.onmydoorstep.co.uk/" "Mozilla/5.0 (iPad; CPU OS 6_0_1 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10A523"

    but this doesn't look malicious - I think?
  2. RuslanT

    RuslanT Regular Pleskian Staff Member

    Apr 28, 2010
    Likes Received:
    If there is no records for 2012 year in the log - it's not available in the list. You can check it in the database:
    # mysql -uadmin -p`cat /etc/psa/.psa.shadow ` psa -e 'select MIN(date) from log_actions;'
    | MIN(date) |
    | 2012-12-24 11:06:04 |