hello, please guys i need any way to read the download log on my host, i think some body stolen my files well, i went to sleep before 5 hours ago and when i waked up , i found that 5 files from my script admin control panel have been deleted . i didn't found any hacker index , i wish it will not gonna be cracker because it is new script so i have the root access, please urgent help with any way to read the download log to know if any files have been downloaded to understand the reason for deleting the files or who did that
Assuming you have root access and its a unix machine, download all of your logs in /var/log There will usually be files named messages, secure, etc. You'll want to look through those to see if anyone logged into your server through a standard service. Also, run the command "last" to see who last logged in and look for anomalies there. Assuming they exploited a whole in your web server or scripts within it, you'll need to start look at your webserver logs too. Usually in your apache httpd.conf file will be the location that your access_log and error_log are written too. Grab those files and also look for anomalies, hacking attempts, etc.