Results 1 to 7 of 7
  1. #1
    Join Date
    Mar 2009
    Posts
    3,700

    how to track phishing files been upload via script ?

    Hi,

    some site's .php or or script may have bug and cracker use it to upload phishing files to his site,

    for centos/cpanel server,

    is any way to check which scrip was been used to load it ?



    thanx

  2. #2
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,786
    Quote Originally Posted by ttgt View Post
    Hi,

    some site's .php or or script may have bug and cracker use it to upload phishing files to his site,

    for centos/cpanel server,

    is any way to check which scrip was been used to load it ?



    thanx
    Check the affected file time stamps, then search the logs for access during those times. Not foolproof, because hackers can mask their tracks, but they often don't.

  3. #3
    Join Date
    Mar 2009
    Posts
    3,700
    do you recommend which file ? i check /var/log/messages at the same time,do not find related log.thanx

  4. #4
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,786
    Quote Originally Posted by ttgt View Post
    do you recommend which file ? i check /var/log/messages at the same time,do not find related log.thanx
    On my cPanel server, the access_log is at /etc/httpd/logs/

  5. #5
    Join Date
    Mar 2009
    Posts
    3,700
    Hi,it seems it will remove the old log ? will all the web's connection log on server will log on it ? thanx

  6. #6
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,786
    Sorry, I gave you bad information.

    If you know the domain that was being exploited, try using the Raw Access Log in cPanel to find when someone logged in, and their IP address. You can also look for the FTP logs in /usr/local/apache/domlogs/ by the domain name ... ftp.yourdomainname.com-ftp_log. Lines in that log look like this:

    Code:
    Sat Jul 30 18:29:51 2011 0 76.144.204.432 16941 /home/accountname/public_html/afile.htm b _ i r accountname ftp 1 * c
    I can't remember now where to find the Apache log with all the logins in it on a cPanel server.

  7. #7
    Join Date
    May 2010
    Location
    Toronto, Canada
    Posts
    461
    Check

    - Access logs
    - temp folder (ideally this should be a centralized location , i.e. /tmp)
    - Error logs
    - Date/Timestamps/Ownerships
    Stack Star | Shift8 Web
    ★ Managed VPS Hosting ★ Managed Wordpress Hosting ★ Managed Dedicated Hosting ★ Web Development ★ Web Design
    Managed Wordpress Hosting Web Design Toronto

Similar Threads

  1. Bash script for batch upload files on server
    By dotcom22 in forum Programming Discussion
    Replies: 6
    Last Post: 07-29-2009, 11:38 AM
  2. Upload files script needed
    By vegemite in forum Software & Scripts Requests
    Replies: 4
    Last Post: 05-20-2009, 10:27 AM
  3. php - video upload script denying certain files
    By Mighty in forum Programming Discussion
    Replies: 4
    Last Post: 01-30-2008, 05:05 PM
  4. php script to slice upload large files
    By OnlineRack in forum Programming Discussion
    Replies: 10
    Last Post: 10-25-2007, 02:30 PM
  5. would someone like to help GA sheriff on some phishing files files
    By page-zone in forum Hosting Security and Technology
    Replies: 1
    Last Post: 05-24-2005, 11:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •