Looking for a file but it’s not there? Find out which user deleted the file/s?
Log using the root account and execute these commands:
/var/log/messages
To check if the files were deleted using FTP
/usr/local/cpanel/logs/error_log
To check if the files were deleted using file manager
history
If the files were deleted using shell access
If someone eventually does happen to get into your server using the root account, be warned the instantly by installing a detector and warning message at your server.
Yes, the unidentified person can and will do every unwanted modifications in your server but with this detector installation you will at least get the hackers/spammers IP address/es and be warned someone is in there without your permission.
Let your server send an e-mail every time someone logs in as root
To have the server send e-mail to you everytime someone logs in as root, SSH into your server and login as root.
At command prompt type:
pico .bash_profile
Scroll down to the end of the file and add the following line:
echo ‘ALERT – Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” your@email.com
Save and exit.
Set an SSH Legal Message on your server
To display an SSH legal message to every user who logs in to your server, SSH into the server and login as root.
At command prompt type:
pico /etc/motd
Enter your message, save and exit.
An example would be:
————————————————————————————————————————————————————–
You are entering a secured area! Your IP and login information have been recorded. All activities on this system are recorded and logged. Unauthorized access will be reported and investigated to the appropriate law enforcement agencies.
————————————————————————————————————————————————————–