UNIX for Dummies Questions & Answers

Suse 10.3
ispconfig
Using as a web server, mail server.
I'm the only user.
These files:

/var/log/httpd/ispconfig_access_log_2008_08_28
/var/log/httpd/ispconfig_access_log_2008_08_29

vanished without a trace.
I still have older and newer files, but not these.
I have not deleted anything since looking at these files a couple of days ago.
There was some suspicious activity in these logs, someone was trying to use me as a proxy, I didn't install squid, but I see a squid user in the user accounts. Someone else was trying an sql injection attack, and there was also an F bot attack.
After seeing all this, I installed and ran chkrootkit, fail2ban and snort.
Is it possible one of these programs deleted the files?

These files could be deleted by a cleaning script in the crontab or logrotation.

Squid may be installed during the OS installation.

If I were already in your box, I might be tempted to remove log files which show when and how I broke in. Not to cause a panic, but do look around a bit ...

Thanks, I'll look into that.

I ran chkrootkit and the only things that showed up was a lot of php stuff from ispconfig, and this:

"Searching for anomalies in shell history files... Warning: `' is linked to another file"
and this:

"Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp !
! RUID PID TTY CMD
! root 2286 tty7 /usr/bin/Xorg -br -nolisten tcp :0 vt7 -auth /var/lib/xdm/authdir/authfiles/A:0-gLBli6"

I looked at my history for root and didn't see anything strange.
I also looked at a lot of logs and didn't see anything other than what I saw in the logs that dissapeared.
I looked at my user list and didn't see anything strange.

Do you have any suggestions as to where I might look to find something or someone that shouldn't be there?

Ok, mystery solved.
Ispconfig uses those log files as temporary files and then moves the contents to the web directory of the virtual domain and appends the contents to another log file every so often. I guess there must be a bug because there are other older files in there that didn't get processed and that's part of what was confusing me.
So, I still have all my logs.