How to detect files modified by a hacker


Back to server administration.


*gafesi    (2010-04-27)
How to detect files modified by a hacker

Hello, I would like to know how you detect files modified by a hacker who was not root but accessed the server by a user because of a website with a security breach, on a Linux server of course.

So far I found two methods :

1) Scan the server with rkhunter/rootkit
2) Verify files by order of last modification: ls -lt in the site folder and /tmp

Do you know any other method to find other files added or modified by a hacker?


See also


ficgs
More websites

You must register to see these links, as this is a collaborative page, then you may change the order of the links by clicking the icons before the titles.



admin
Other websites

The following links might be less relevant, please change their ranks if you find them useful.


 How to Detect a Computer Hacker Attack (Page 1) - General - Diasporamessenger Discussion Board
diasporamessenger > forum/viewtopic.php?id=198
  1. DISCUSSION OF KENYANS IN DIASPORA AND RELATED TOPICS-CONNECT AND
 How to Detect a Hacker's Attack? - Tips & Tweaks
forums.techarena > tips tweaks/1000947.htm

Hacker released Zero-Day Attack Code for Apple's...
Most computer vulnerabilities can be exploited in a variety of...

 Chapter 18: Threats, Attacks, Hackers & Crackers
intelligentedu > computer security for everyone/18 threats attacks hackers crack

In an organizational setup, firewalls are frequently used to prevent...
Security audits should be performed by larger organizations...

 How to detect hacker attack:
unp > f140

ame_toggle_view({other : 'true',post : 'true',blog : 'true',group :...
These are the hardware keyloggers, they don't affect your pc but...

 Finding a clever hacker | Openminds, hosting uit Gent
openminds > blog/2007/08/23/finding a clever hacker

 hacker spider.exe :: hacker spider.exe Removal Instructions
spywareremove > removehackerspiderexe

highlight the file and copy/paste the path into the address...

 How to detect if your webserver is hacked and get alerted - PHP, Web and IT stuff
webdigi > blog/2009

Simple Website Change Detection System | California Dreams...
We can use this to frequently call our change detection system and...
it not often when you have a site up and running that you amend the...

 Castanet • Information
forums.castanet > viewtopic.php?f=12&t=17085

 Blue Eye :: View topic - How to Detect a Hacker Attack
blueeye.11.forumer > viewtopic.php?p=1389&sid=4db910c22532ffd822fa5ec6ee

Most computer vulnerabilities can be exploited in a variety of...

 Hidden Threat: Alternate Data Streams
windowsecurity > articles/Alternate Data Streams

A relatively unknown compatibility feature of NTFS, Alternate Data...
Get all articles delivered directly to your mailbox as and when they...
Dell are now seeking ambitious candidates to join them and develop...

 Linux.com :: Tips for when hackers strike
linux > archive/feature/113974

 Trojan horse (computing) - Wikipedia, the free encyclopedia
en.wikipedia > wiki/Trojan horse (computing)

 OVH : HackedMachine
help.ovh > HackedMachine

 CLOCK ROLL FORWARD DETECTION - Patent application - Method and apparatus to detect clock roll-forward attacks in a computing device or similar system
faqs > patents/app/20090287942

System and method for testing network firewall for denial-of-service...
Clock ratio controller for dynamic voltage and frequency scaled...
Method, apparatus, and system for managing, reviewing, comparing and...

 Emanuele Feronato - italian geek and PROgrammer
emanueleferonato > 2009/10/08/wordpress plugin prototype to check the date and t

 How-to - Find out if you've been hacked & Recover [Archive] - Web Hosting Talk
webhostingtalk > archive/index.php/t 230126

Toshiba Server Breach Compromises Email Information of 681...
Its always best to start with a fresh drive and carefully copy stuff...
Just out of curiosity, how does this compare to chkrootkit? Nice...

 The Ethical Hacker Network - The Basics of Rootkits: Leave No Trace
ethicalhacker > content/view/10/2

August 2012 Free Giveaway Winners of Offensive Security...
Unfortunately, these languages cannot match the performance of C or...


Response  
 

Guest name   (option)     Register
Please sum : 2086 + three  




Trackbacks : If you talked about this article in your blog or website, you may instantly get a backlink 
There's no trackback at the moment.