I think our server has been hacked.
Plesk 10 control panel admin password had changed the account profile details: Name address, user name etc has been changed. I'm a newbie admin and new here, but I'm trying to review the log files to see if I can see any issues and who accessed when.
The problem is when I do settings | action log | dates .... and I try and change the year to 2012 to see what happend in December, for trends, the year field won't go back to 2012.
1. How can I look back into 2012?
2. What do I need to look for to see if we have had anything neanderthal done to the server!
I have reset our Virtuoso root password and our Plesk panel password (differnet ones)
The Jan log says ....
212.183.128.124 www.www.onmydoorstep.co.uk:8880 - [20/Jan/2013:13:27:32 +0000] "GET /javascript/promo-flags.js.php HTTP/1.1" 200 83 "http://www.www.onmydoorstep.co.uk/" "Mozilla/5.0 (iPad; CPU OS 6_0_1 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10A523"
but this doesn't look malicious - I think?
Plesk 10 control panel admin password had changed the account profile details: Name address, user name etc has been changed. I'm a newbie admin and new here, but I'm trying to review the log files to see if I can see any issues and who accessed when.
The problem is when I do settings | action log | dates .... and I try and change the year to 2012 to see what happend in December, for trends, the year field won't go back to 2012.
1. How can I look back into 2012?
2. What do I need to look for to see if we have had anything neanderthal done to the server!
I have reset our Virtuoso root password and our Plesk panel password (differnet ones)
The Jan log says ....
212.183.128.124 www.www.onmydoorstep.co.uk:8880 - [20/Jan/2013:13:27:32 +0000] "GET /javascript/promo-flags.js.php HTTP/1.1" 200 83 "http://www.www.onmydoorstep.co.uk/" "Mozilla/5.0 (iPad; CPU OS 6_0_1 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10A523"
but this doesn't look malicious - I think?