Overview
Security logs help you identify suspicious activity, brute-force attacks, malware injections, or blocked requests. DirectAdmin provides several places to monitor security events.
1. Check Web Server Logs
Access Log
Shows all visitors entering your website.
/var/log/httpd/domains/yourdomain.com.log /var/log/nginx/domains/yourdomain.com.log
Error Log
Shows failed requests, missing files, and exploit attempts.
/var/log/httpd/domains/yourdomain.com.error.log /var/log/nginx/domains/yourdomain.com.error.log
2. Check ModSecurity (WAF) logs
ModSecurity blocks SQL injection, XSS, RFI/LFI and other attack types.
/var/log/modsec_audit.log
Look for:
- SQL injection attempts
- Brute force login attempts
- Path traversal
3. Check DirectAdmin brute-force monitor
Open:
Admin Tools → Brute Force Monitor
You will see:
- Failed logins
- Blocked IPs
- Authentication attempts
- Email login failures
4. Check login history
Go to:
System Info & Logs → Login History
5. Check Email security logs
For email-related attacks:
System Info → E-mail Summary
6. Using Cloudflare to detect attacks
Cloudflare gives additional logging:
- Blocked bots
- Firewall events
- Suspicious IPs
- Traffic anomalies
- Rate-limited requests
What to look for
- Repeated login attempts
- Requests to /wp-admin from unknown countries
- POST requests to random PHP files
- Spam or malware uploads
- High 403/404 error rates
Recommendations
- Enable Cloudflare WAF
- Enable ModSecurity in DirectAdmin
- Use 2FA for login
- Change passwords regularly
- Update your CMS (WordPress, Joomla, etc.) weekly
