Page 1 of 2 1 2 LastLast
Results 1 to 10 of 17

Thread: PHP hacked file...how I can find it?

  1. #1
    Member
    Join Date
    Jul 2009
    Posts
    75
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Rep Power
    6

    Default PHP hacked file...how I can find it?

    Good evening,

    I use apache 2.2 + suphp.

    But, How I can scanning my server with dr.web anti virus?

    Other question, exist any software for scanning php files for find hacked file, php shell, or other malignous data?

    Thanks for the answer

  2. #2
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,515
    Thanks
    17
    Thanked 814 Times in 511 Posts
    Rep Power
    10

    Default

    If you know string or data in hacked file, try:
    Code:
    grep -R 'data' /var/www/html
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  3. #3
    Member
    Join Date
    Jul 2009
    Posts
    75
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Rep Power
    6

    Default

    Yes but if i don't know, exist any tools for scanning?

    I have search into google, but I not have find nothing, you know any tools for that?

  4. #4
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,515
    Thanks
    17
    Thanked 814 Times in 511 Posts
    Rep Power
    10

    Default

    Try:

    1. Clam AntiVirus

    There are commercial anti virus for UNIX and Linux with command line option. To detect root kits which is installed to hide itself from you and create a back door for hacker:

    1. Linux Detecting / Checking Rootkits with Chkrootkit and rkhunter Software

    You can also try siteadvisor.com (replace nixcraft.com with your domain):
    Code:
    http://www.siteadvisor.com/sites/nixcraft.com
    When you install a new box, you need to configure tool called AIDE which can keep track of unauthorized updated file on server and send you an email. Debian / Ubuntu Linux Install Advanced Intrusion Detection Environment (AIDE) Software

    Finally, you can download your site on your desktop and use your local Windows Anti virus kit to detect infected files.

    Turn on SELinux on server and install mod_security which prevents many hacks.
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  5. The Following User Says Thank You to nixcraft For This Useful Post:

    vampire (27th February 2010)

  6. #5
    Member
    Join Date
    Jul 2009
    Posts
    75
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Rep Power
    6

    Default

    Thanks

    in the server I have too rootkit installed, but there is any method to search only php hacked files?

    Many times I find in my server php shell...and hacking site, there is any scripts that analyze only the php and html and javascripts source code?

  7. #6
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,515
    Thanks
    17
    Thanked 814 Times in 511 Posts
    Rep Power
    10

    Default

    The following may also help:

    https://addons.mozilla.org/en-US/firefox/addon/3456

    Run ls -l command on php file and see if date was recently updated.
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  8. #7
    Member
    Join Date
    Jul 2009
    Posts
    75
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Rep Power
    6

    Default

    Ok thanks

  9. #8
    Contributors jaysunn's Avatar
    Join Date
    Apr 2009
    Location
    NYC - USA
    Posts
    1,029
    Thanks
    165
    Thanked 154 Times in 133 Posts
    Rep Power
    24

    Default

    Check out this tool for checking for root kits on linux. I have used it and found it very high quality.



    chkrootkit -- locally checks for signs of a rootkit

    HTH,

    Jaysunn

  10. The Following User Says Thank You to jaysunn For This Useful Post:

    vampire (27th February 2010)

  11. #9
    Member
    Join Date
    Jul 2009
    Posts
    75
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Rep Power
    6

    Default (Solved)

    Yes this is perfect Thanks

  12. #10
    Member
    Join Date
    Jul 2009
    Posts
    75
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Rep Power
    6

    Default

    Sorry last question,

    How I can send the result into email? There is an option or I must create an scripts?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. To find and replace in text file
    By nashtech in forum Shell scripting
    Replies: 9
    Last Post: 4th November 2010, 05:05 PM
  2. Replies: 2
    Last Post: 10th August 2009, 11:19 PM
  3. Find Unix Linux File / Directory by date And Then Copy / Move File
    By asim.mcp in forum CentOS / RHEL / Fedora
    Replies: 1
    Last Post: 10th August 2008, 03:30 AM
  4. can not find the username in /etc/passwd file
    By subrata1in in forum Getting started tutorials
    Replies: 5
    Last Post: 27th March 2007, 11:45 AM
  5. can not find user name in /etc/passwd file
    By subrata1in in forum Linux software
    Replies: 2
    Last Post: 26th March 2007, 10:44 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •