[Logwatch] LogWatch stopped by Hacker on my server
Hugo van der Kooij
hvdkooij at vanderkooij.org
Wed Oct 18 10:07:31 MST 2006
On Wed, 18 Oct 2006, Vijay Patel (NewsLetters) wrote:
> This email might not be fully related to logwatch development/usage. But, the problem was just related to logwatch, so I seek help on logwatch.
> My RHEL + CPanel server was hacked some time back. I configured each from scratch again. Before it was hacked, server stopped sending logwatch email to me for 2 weeks. (I assume, this is a sign of something done by Hacker).
> After configuring again, all was working correct till now. -- i.e. I received LogWatch email daily. But since last 3 days LogWatch again stopped sending email. ( I suspect Hacking activity again, & I guess they could repeat hacking procedure after 10 days - breaking server & making it down! )
If you got hacked twice then that is your priority. Learn to harden your
system before you put any time in something as simple as getting logwatch
to send you email.
Or perhaps you were never hacked and the system broke down all by itself?
The fact that you do not mention you have looked into log files to find
out more details is not an encouraging sign.
Check your mail server log files to see if there is an error there. Run
logwatch by hand and see what happens.
hvdkooij at vanderkooij.org http://hvdkooij.xs4all.nl/
This message is using 100% recycled electrons.
More information about the Logwatch