Hello,
I think that my website has been compromised and I want to find out if there were any files modified in the past 24 hours or so. Is there an easy way to do that?
Thanks!
Hello,
Yes, you can use the find command with the -mtime argument. Here’s an example:
find /var/www/html/ -mtime -1 -type f -print
What you could do is also put this in a small script and run it as a cronjob. That way you would be alerted in case that some of the files of your site have been modified and you would be able to take action on time.
Regards,
Bobby
I would suggest you to take regular backups of your code to another server and compare the changes in the contents of all files at every backup iteration.
Hacker might have changed the modification time with the following command and you will not see it by just looking at the modification time..