Question
How can I find all of the files that have been modified in the past 24 hours?
- Posted September 20, 2019
- Linux BasicsLinux Commands
Hello,
I think that my website has been compromised and I want to find out if there were any files modified in the past 24 hours or so. Is there an easy way to do that?
Thanks!
Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign in to AnswerThese answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Accepted Answer
Hello,
Yes, you can use the find command with the -mtime argument. Here’s an example:
find /var/www/html/ -mtime -1 -type f -print
What you could do is also put this in a small script and run it as a cronjob. That way you would be alerted in case that some of the files of your site have been modified and you would be able to take action on time.
Regards, Bobby
I would suggest you to take regular backups of your code to another server and compare the changes in the contents of all files at every backup iteration.
Hacker might have changed the modification time with the following command and you will not see it by just looking at the modification time…