Answer the question
In order to leave comments, you need to log in
R
R
referakk2018-11-19 13:39:15
referakk, 2018-11-19 13:39:15
How to know which site is hacked?
Hello.
I got an abuse that there is a network attack from my server... From the details, only a piece of the logs of the form:
/xxxx/sites/xxxxxxx.net/web/htdocs/logs/access:95.xxx.xx.xx - - [18/Nov/2018:16:27:29 +0100] "GET / HTTP/1.1" 301 - "-" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
The problem is that there are several dozen sites on the server (all under their own users), and it’s lazy to check and treat each one ... Tell me please, can I somehow find out which one was hacked?
3 answer(s)
@mirzok
@Tabletko
M
Mikhail Yesenin, 2019-01-17 @mirzok
0. Examine the logs. Indeed, the query above might or might not have been caused by a virus. But it's worth starting with this site.
1. View the modification date of the files and the contents of the main files. The date changes often, but you can see the built-in script with the naked eye.
2. Scan all files with a scanner like AI-Bolit - it will detect embedded viruses.
3. Check external perimeter - add all sites to online crawlers like METASCAN or Detectify . They will quickly find suspicious scripts and holes
D
Dmitry, 2018-11-19 @Tabletko
/xxxx/sites/xxxxxxx.net/web/htdocs/logs/access:95.xxx.xx.xxfocus on this. It seems that each site in its directory.
Similar questions
T
D
K
D
G
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question