Fli
12-02-2016, 02:38 PM
What do you think is the best way to find mailicious files on an hosting account?
I know one can go to File manager and sort according to modification date/time and then delete malicious files that are last modified (backup first).
Here is the linux command to list last modified files:
for i in $(find /home/userhere/public_html -type f -print0 | xargs -0 stat --format '%Y :%y %n' | sort -nr | grep -vE "cache|error_log|excludephrasse2" | cut -d: -f2- | head -n 30|awk '{print $4}');do echo $i;done
It finds last 30 modified/created files in /home/userhere/public_html and its subdirectories. It excludes paths/files marked green separated by |
This command is nice because it can also be used to delete these files, just replace "echo $i" by "rm -f $i", but before removal exclude files you do not want to be removed. And be sure to have backup of all the files inside /home/userhere/public_html.
Here is the command to show top mailing scripts/pathes on server with Exim (mail server):
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
I know one can go to File manager and sort according to modification date/time and then delete malicious files that are last modified (backup first).
Here is the linux command to list last modified files:
for i in $(find /home/userhere/public_html -type f -print0 | xargs -0 stat --format '%Y :%y %n' | sort -nr | grep -vE "cache|error_log|excludephrasse2" | cut -d: -f2- | head -n 30|awk '{print $4}');do echo $i;done
It finds last 30 modified/created files in /home/userhere/public_html and its subdirectories. It excludes paths/files marked green separated by |
This command is nice because it can also be used to delete these files, just replace "echo $i" by "rm -f $i", but before removal exclude files you do not want to be removed. And be sure to have backup of all the files inside /home/userhere/public_html.
Here is the command to show top mailing scripts/pathes on server with Exim (mail server):
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n