This could be pretty useful when some site got infected, so by running this command, you can find all PHP files which are recently uploaded or modified and based on that see which one could be potentially infected/malicious
Code: Select all
cd /home/someuser/web/domain.com/public_html/
find -name "*.php" -type f -printf '%T+\t%s\t%u\t\t%p\n' | sort -n
Sometimes attackers modify the 'Change' attribute to trick you (the attacker can modify it to an old date, so the file would not appear freshly changed).
In that case, you can sort files by the 'last modification' attribute that can not be faked.
Code: Select all
find -name "*.php" -type f -printf '%C+\t%s\t%u\t\t%p\n' | sort -n
