Article 7023 at 06/09/17 16:44:29 From: dan (at mark) dogsbody.org Subject: [coba-e:07023] Re: Weird logs

Index: [Article Count Order] [Thread]

Date:  Sun, 17 Sep 2006 21:42:39 +0100
From:  Dogsbody <dan (at mark) dogsbody.org>
Subject:  [coba-e:07023] Re: Weird logs
To:  coba-e (at mark) bluequartz.org
Message-Id:  <450DB33F.5090601 (at mark) dogsbody.org>
In-Reply-To:  <002801c6da91$d5cf8d20$6400a8c0@YOUR4105E587B6>
References:  <002801c6da91$d5cf8d20$6400a8c0@YOUR4105E587B6>
X-Mail-Count: 07023


> Okay, this is getting weird.  Today I log onto my server to find that 
> all of these:
> /var/log/boot.log
> /var/log/cron
> /var/log/messages
> /varl/log/secure
> /var/log/httpd/access_log
> /var/log/httpd/error_log
> are set to 0 bytes at the exact same time.  Now how can this be?

When I was hacked this was done by the hackers to try and cover their tracks. 
In fact it meant I found them faster as all my log watchers instantly started 
erroring!   Inspect your system carefully!

Dan