Results 1 to 4 of 4
-
10-14-2006, 12:50 AM #1Junior Guru
- Join Date
- Aug 2004
- Posts
- 219
locate all files created/modified in last 2 days
Hi guys,
I have recently been hacked with that damn c99shell script. I have closed the hole used to upload the script.
I have checked all the logs of the offending ip address and removed another c99shell script the hacker had uploaded into another persons account.
Now I have changed all my passwords, I just need to check if they have uploaded anything else anywhere.
Is there a command I can use in ssh to locate all files created/modified in the last 2 days?
Thanks
-
10-14-2006, 12:56 AM #2Web Hosting Master
- Join Date
- Nov 2004
- Location
- Australia
- Posts
- 1,737
Code:find / -mtime -2 -print | xargs ls -ld
Code:find / -mtime -2 -print -type f | xargs ls -ld
-
10-14-2006, 01:41 AM #3Junior Guru
- Join Date
- Aug 2004
- Posts
- 219
Thank you very much brianoz! I located two more instances c99shell thanks to you!
Some how c99shell can bypass php open_basedir settings. Why does this not stop the user from uploading/modifying/reading another persons folder/files.
-
10-14-2006, 05:00 AM #4learning is in the doing
- Join Date
- Sep 2000
- Location
- Alberta, Canada
- Posts
- 3,146
Most likely you have some accounts with directories using 777 permissions.
find /home/*/public_html/ -type d -perm -777 -exec ls -ld {} \;
The above command will list all directories with 777 permissions. Mind you, changing some directories to 755, (what they should be) might cause problems with some scripts -- osCommerces & ZenCart are two I can think of.
Although there are ways around scripts that need directories with 777 permissions, it all goes back to one's policy as to how they choose to run their Server.• PotentProducts.com - for all your Hosting needs
• Helping people Host, Create and Maintain their Web Site
• ServerAdmin Services also available