Hi all Recently had a breach in one of my sites. The raw access logs confirms the IP had sent a GET request to /cpanel - Which they used the username and password they had unlawfully gained to get in. Once in I'm assuming they went straight to the file manager and deleted the site as FTP shows no access logs for this IP. They didnt delete the mysql database or change any passwords. Now i had the site backed up and was online again within around 20mins or so. Obviously all passwords changed and mysql password changed just in case. Question, is there any access logs for file manager use? If so, where do i find said logs? I have the access logs for logging in. Legally, if i wanted to pursue this; where do i stand do you think?
Ah to be bright eyed, bushy tailed and naive. Legally, no one cares. I'm not saying that to be a dick. I'm not saying what this person did was not illegal. I'm saying that no one in law enforcement will care about this. You can file a police report, give them your logs, even run down and identify the person who did this; and you will not get far with law enforcement. I'm sure the FBI has a page you can file a report, and I'm sure they equally don't care. Even civilly you are going to be dissappointed. If you can identify this person and they live in the same country as you can file a small claims case against them for your time and effort in fixing this. Most likely the result will be just as dissappointing as trying to pursue criminal charges. I feel for you, but the best thing to do is to forget about them and increase the security on your site. If you do pursue it, your just going to end with a life lesson about how worthless the police and courts are.
As has been said above, it would be highly unusual for the police to care about such a "petty" crime and so probably not worth the effort reporting the person. Depending where you and the other party live in the world it will probably be very difficult to trace the identity of the other party without the assistance of the police due to data protection/ privicy laws (you cant just go to the ISP and ask for the name and address of their user - and that assumes the attack wasnt done by a proxy or zombie). The likelihood is that even if you did trace the person you could only claim for 1) the time it took to restore the site and 2) the lost profit whilst the site was done. You say the site was only down for 20 minutes so the total cost is going to be peanuts. Certainly in the UK your costs of pursuing a claim (other than the court fee) cannot be recovered in a small claims court and even in the higher courts it must be proportional to the damages sort - you cannot spend $1m to sue someone for $10 and expect the other party to repay your costs.
If you are not government agency, no one cares what happened to your site. legal proceeding is just waste of time.