• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Exploring possible hack. Can't access pre 01-01-13 log files?

pervisit

New Pleskian
I think our server has been hacked.

Plesk 10 control panel admin password had changed the account profile details: Name address, user name etc has been changed. I'm a newbie admin and new here, but I'm trying to review the log files to see if I can see any issues and who accessed when.

The problem is when I do settings | action log | dates .... and I try and change the year to 2012 to see what happend in December, for trends, the year field won't go back to 2012.

1. How can I look back into 2012?
2. What do I need to look for to see if we have had anything neanderthal done to the server!

I have reset our Virtuoso root password and our Plesk panel password (differnet ones)

The Jan log says ....

212.183.128.124 www.www.onmydoorstep.co.uk:8880 - [20/Jan/2013:13:27:32 +0000] "GET /javascript/promo-flags.js.php HTTP/1.1" 200 83 "http://www.www.onmydoorstep.co.uk/" "Mozilla/5.0 (iPad; CPU OS 6_0_1 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10A523"

but this doesn't look malicious - I think?
 
If there is no records for 2012 year in the log - it's not available in the list. You can check it in the database:
# mysql -uadmin -p`cat /etc/psa/.psa.shadow ` psa -e 'select MIN(date) from log_actions;'
+---------------------+
| MIN(date) |
+---------------------+
| 2012-12-24 11:06:04 |
+---------------------+
 
Back
Top