Decided to do a little experiment. Saved my character and went off hacking databases and deleting files.

All filed are deleted and in addition...

a) All log files with my IP are removed with highest version of log deleter: not caught

b) All log files are removed with my IP except connection established are removed with highest version of log deleter: caught

c) All log files are deleted from console and the system is crashed: not caught

This doesn't make much sense. Any sysadmin with even traces of brains would look for mismatching connection logs. If there's a connection established and connection terminated log - it looks fishy but isn't direct evidence. After all any bloke with a modem could connect to an IP and later, failing to log on, disconnect. Now a missing connection established log is CLEAR EVIDENCE of someone having messed with the logs.

Yet surprisingly the legitimate-looking connection gets me caught, while the obviously tampered-with one doesn't. Why?

Well I guess this answers the age-old debate of whether leaving the logs is good for you.

Ironically, many people were saying that people were getting caught for deleting the logs and should leave them. Whoops.

Actually if you hunt up the post from a while back, you will see that i plainly stated that if you delete all your ip files, that you plainly have to leave one log which should be the very last connection. Otherwise you have an ip logged as disconnecting but the logs don't show that the ip connected. since you deleted all your ip connected logs all they have to do is search back the one ip disconnected log left.