Index: [Article Count Order] [Thread]

Date:  Sun, 17 Sep 2006 18:21:28 -0400
From:  "Darrell D. Mobley" <dmobley (at mark) uhostme.net>
Subject:  [coba-e:07026] Re: Weird logs
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <004901c6daa7$9f4c01f0$6400a8c0@YOUR4105E587B6>
In-Reply-To:  <450DB33F.5090601 (at mark) dogsbody.org>
X-Mail-Count: 07026

Where did you find they had entered?  What had they changed?  I guess I need
to know where to start looking.

> -----Original Message-----
> From: Dogsbody [mailto:dan (at mark) dogsbody.org]
> Sent: Sunday, September 17, 2006 4:43 PM
> To: coba-e (at mark) bluequartz.org
> Subject: [coba-e:07023] Re: Weird logs
> 
> 
> > Okay, this is getting weird.  Today I log onto my server to find that
> > all of these:
> > /var/log/boot.log
> > /var/log/cron
> > /var/log/messages
> > /varl/log/secure
> > /var/log/httpd/access_log
> > /var/log/httpd/error_log
> > are set to 0 bytes at the exact same time.  Now how can this be?
> 
> When I was hacked this was done by the hackers to try and cover their
> tracks.
> In fact it meant I found them faster as all my log watchers instantly
> started
> erroring!   Inspect your system carefully!
> 
> Dan