How can I find all of the files that have been modified in the past 24 hours?


I think that my website has been compromised and I want to find out if there were any files modified in the past 24 hours or so. Is there an easy way to do that?



I would suggest you to take regular backups of your code to another server and compare the changes in the contents of all files at every backup iteration.

Hacker might have changed the modification time with the following command and you will not see it by just looking at the modification time…

touch -d "4 days ago" filename

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer


Yes, you can use the find command with the -mtime argument. Here’s an example:

find /var/www/html/ -mtime -1 -type f -print

What you could do is also put this in a small script and run it as a cronjob. That way you would be alerted in case that some of the files of your site have been modified and you would be able to take action on time.

Regards, Bobby