How to see PHP files that are recently uploaded/modified on some domain

Post Reply
User avatar
Posts: 91
Joined: Mon Jul 19, 2021 1:41 am
Has thanked: 7 times
Been thanked: 3 times

This could be pretty useful when some site got infected, so by running this command, you can find all PHP files which are recently uploaded or modified and based on that see which one could be potentially infected/malicious

Code: Select all

cd /home/someuser/web/
find -name "*.php" -type f -printf '%T+\t%s\t%u\t\t%p\n' | sort -n
Sometimes attackers modify the 'Change' attribute to trick you (the attacker can modify it to an old date, so the file would not appear freshly changed).
In that case, you can sort files by the 'last modification' attribute that can not be faked.

Code: Select all

find -name "*.php" -type f -printf '%C+\t%s\t%u\t\t%p\n' | sort -n

Post Reply