I have a website to which I have allowed someone to enter to make some modifications. However, I have discovered that they made changes that compromised the security of the website and I know that the changes made would have sent queries to a MySQL database on the server.

What I would like to know is, is it possible either via plesk or SSH to view MYSQL query logs relative to a specific IP address (the IP address the guy who compromised the site).

On an additional note, I am very new to SSH, so if you can recommend any use of this please make sure they're dumbed down instructions.

Many thanks :)

  • 3,333
  • 16
  • 20
  • 131
  • 1
  • 1
  • 3

2 Answers2


Yes, it's possible at the mysql level.

To accomplish it, just enable the general logs in mysql. To enable it you can follow different ways.

  1. Put this in my.cnf file of your mysql:


    After that, restart mysql server and it will start logging everything in the log file.

  2. You can start the mysql server with this variable at command line --general_log and it will also start creating the log file.

These logs will have all the information regarding who connected to your server and what all commands they used or executed.

Hope this helped.

  • 3,333
  • 16
  • 20
  • I think the OP is looking to get the information after the fact. You answer requires the config change to already be in place. :-( – drone.ah Feb 10 '13 at 10:50
  • Hmm .. yes, might be. Don't think I have any answer for that :( – Napster_X Feb 10 '13 at 14:46
  • Thank you for your response, but drone.ah is right, these actions have already happened and the log was not active. Thanks for your feedback though :) – Paul Feb 11 '13 at 08:50

If you're really, really lucky, the user's MySQL commands could be in their .mysql_history file (in their home directory).

Otherwise, if generally logging was not switched on, I can't see any way to figure out who did what. Hope you at least had a back-up and some idea of when this started.

  • 233
  • 3
  • 8