How to see PHP files that are recently uploaded/modified on some domain

Post Reply
User avatar
isscbta
Posts: 68
Joined: Mon Jul 19, 2021 1:41 am

This could be pretty useful when some site got infected, so by running this command, you can find all PHP files which are recently uploaded or modified and based on that see which one could be potentially infected/malicious

Code: Select all

cd /home/someuser/web/domain.com/public_html/
find -name "*.php" -type f -printf '%T+\t%s\t%u\t\t%p\n' | sort -n
Sometimes attackers modify the 'Change' attribute to trick you (the attacker can modify it to an old date, so the file would not appear freshly changed).
In that case, you can sort files by the 'last modification' attribute that can not be faked.

Code: Select all

find -name "*.php" -type f -printf '%C+\t%s\t%u\t\t%p\n' | sort -n

Tags:
Post Reply