Know if another ip has accessed your account/files


#1

I trust my hosting providers, 2 years and counting :slight_smile:
But i’d never underesimate the power of new technology.
I mean, for example those tools that could download
an entire database by providing certin info on a site.
Not only db’s but entire content stored online.

And it has me thinking… every now and then…
If some unknown user can access my online content,
You need a way to tell if there has been activity on your account.
Like if you only ever go onto your hosting account from one computer
If you found another ip then you would know you have a problem.

Any good tips?

Thanks later!

GS #1


#2

You can always use the ‘last’ command if you’re logged in and see if someone’s actually logged into your account. For web content, you’ve got the access logs. I don’t think we have access to database logs.

Your post wasn’t very clear, so this is about all I can offer for tips.

-Scott


#3

I add this line at the end of my .bashrc file:-

who ; who | sendmail -f "username@example.com" -F "Root Login Alert" username@example.com I normally add it to my own servers (local, virtual or dedicated) and of course you can put this line in a bootup file as well).

It will print the details of who is logged in using ‘who’ via the rlogind service to the screen, and then email this to an address of your choosing.

Of course this is only where someone has used your credentials (user/pass) to log in. On a shared system (other than at DreamHost :slight_smile: ) then a root user (amongst others) could take a peak without triggering the .bashrc command)

Of course if you have have a server other than on the table in front of you it is always open to inspection.


Norm

Opinions are my own views, not DreamHosts’.
I am NOT a DreamHost employee OK! :@

Act on my advice at your own risk!