[Logwatch] LogWatch stopped by Hacker on my server

Hugo van der Kooij hvdkooij at vanderkooij.org
Wed Oct 18 10:07:31 MST 2006


On Wed, 18 Oct 2006, Vijay Patel (NewsLetters) wrote:

> This email might not be fully related to logwatch development/usage. But, the problem was just related to logwatch, so I seek help on logwatch.
> 
> My RHEL + CPanel server was hacked some time back. I configured each from scratch again. Before it was hacked, server stopped sending logwatch email to me for 2 weeks. (I assume, this is a sign of something done by Hacker).
> 
> After configuring again, all was working correct till now. -- i.e. I received LogWatch email daily. But since last 3 days LogWatch again stopped sending email. ( I suspect Hacking activity again, & I guess they could repeat hacking procedure after 10 days - breaking server & making it down! ) 

If you got hacked twice then that is your priority. Learn to harden your 
system before you put any time in something as simple as getting logwatch 
to send you email.

Or perhaps you were never hacked and the system broke down all by itself?

The fact that you do not mention you have looked into log files to find 
out more details is not an encouraging sign.

Check your mail server log files to see if there is an error there. Run 
logwatch by hand and see what happens.

Hugo.

-- 
	hvdkooij at vanderkooij.org	http://hvdkooij.xs4all.nl/
	    This message is using 100% recycled electrons.


More information about the Logwatch mailing list