locating log showing hacking?
Recently, I had a knucklehead try to hack my server. The LogWatch report showed he/she tried to get in. I did a whois on the ip, and notified the ISP. They want to see my log file. I have checked access_log, error_log, messages, and secure, and can't find it. Does LogWatch look for these types of hacks in a different log? I am running Fedore Core2.
thanks in advance!
Ralph
--------------------------------------
--------------------- httpd Begin ------------------------
1.32 MB transfered in 247 responses (1xx 0, 2xx 180, 3xx 33, 4xx 34, 5xx 0)
101 Images (525024 bytes),
0 Documents (0 bytes),
0 Archives (0 bytes),
0 Sound files (0 bytes),
0 Movies files (0 bytes),
16 Windows executable files (4881 bytes),
108 Content pages (650504 bytes),
3 Redirects (648 bytes),
0 Proxy Configuration Files (0 bytes),
0 Program source files (0 bytes),
0 CD Images (0 bytes),
19 Other (200615 bytes)
Attempts to use 3 known hacks were logged 32 time(s)
cmd.exe by
66.47.226.71 14 time(s)
\/c\+dir by
66.47.226.71 16 time(s)
root.exe by
66.47.226.71 2 time(s)
A total of 1 sites probed the server
66.47.226.71
|