Tuesday, June 11, 2019

security - Backup to track fraud on Dedicated Server running Apache and MySQL

Background:



i am running a Dedicated Server with WHM/cPanel and i would like to know what to backup. My old VPS was hacked into using a security vulnerability in TimThumb and i was unable to track back who had done it because the logs were being deleted once in a while and some time had passed before i could analyze it, the logs were gone.



On my new (and hopefully secure:) server i would like to regularly backup logs and everything i should need to track down someone who executed malicious commands and web request on my server.




Question:




  • What do i need to backup to track stuff like http events, SSH connections & etc?

  • Where exactly are those files located?

  • Is there an automated way of copying the files or doing this backup?



Please advise me on this task.




Thank you

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...