How to see PHP files that are recently uploaded/modified on some domain
Posted: Tue Aug 23, 2022 1:37 pm
This could be pretty useful when some site got infected, so by running this command, you can find all PHP files which are recently uploaded or modified and based on that see which one could be potentially infected/malicious
Sometimes attackers modify the 'Change' attribute to trick you (the attacker can modify it to an old date, so the file would not appear freshly changed).
In that case, you can sort files by the 'last modification' attribute that can not be faked.
If you suspect that .js files are modified, then run:
and
Code: Select all
cd /home/someuser/web/domain.com/public_html/
find -name "*.php" -type f -printf '%T+\t%s\t%u\t\t%p\n' | sort -nIn that case, you can sort files by the 'last modification' attribute that can not be faked.
Code: Select all
find -name "*.php" -type f -printf '%C+\t%s\t%u\t\t%p\n' | sort -nIf you suspect that .js files are modified, then run:
Code: Select all
find -name "*.js" -type f -printf '%T+\t%s\t%u\t\t%p\n' | sort -nCode: Select all
find -name "*.js" -type f -printf '%C+\t%s\t%u\t\t%p\n' | sort -n