Results 1 to 4 of 4
  1. #1

    locate all files created/modified in last 2 days

    Hi guys,

    I have recently been hacked with that damn c99shell script. I have closed the hole used to upload the script.

    I have checked all the logs of the offending ip address and removed another c99shell script the hacker had uploaded into another persons account.


    Now I have changed all my passwords, I just need to check if they have uploaded anything else anywhere.

    Is there a command I can use in ssh to locate all files created/modified in the last 2 days?

    Thanks

  2. #2
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    Code:
    find / -mtime -2 -print | xargs ls -ld
    or maybe, to not include directories:

    Code:
    find / -mtime -2 -print -type f | xargs ls -ld

  3. #3
    Thank you very much brianoz! I located two more instances c99shell thanks to you!

    Some how c99shell can bypass php open_basedir settings. Why does this not stop the user from uploading/modifying/reading another persons folder/files.

  4. #4
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    Most likely you have some accounts with directories using 777 permissions.

    find /home/*/public_html/ -type d -perm -777 -exec ls -ld {} \;

    The above command will list all directories with 777 permissions. Mind you, changing some directories to 755, (what they should be) might cause problems with some scripts -- osCommerces & ZenCart are two I can think of.

    Although there are ways around scripts that need directories with 777 permissions, it all goes back to one's policy as to how they choose to run their Server.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •