-
- 40 Posts
With my site continually being hacked and index.php files added in numerous directories I was examining various log files re Hacking activity
I looked at bash_history which highlighted various files as per below and indeed on closer examination those files seem to have been changed.
Then I looked at .viminfo and that has a whole load of references to one of the suspect files modchunk.map.inc.php
I've asked the question of the server hosting company
I've hardened the site up as best as I can moving core and renaming manager and connector Dirs
#1449255214
cd public_html/
#1449255214
ll
#1449255219
cat ../.htaccess
#1449255222
cat .htaccess
#1449255244
vi .htaccess
#1449255545
find . -type f -exec chmod 644 {} \; && find . -type d -exec chmod 755 {} \;
#1449255638
ll core/model/modx/mysql/modchunk.map.inc.php
#1449255645
cp -a core/model/modx/mysql/modchunk.map.inc.php core/model/modx/mysql/modchunk.map.inc.php.ORIGINAL
#1449255646
vi core/model/modx/mysql/modchunk.map.inc.php
#1449255809
ll core/model/modx/mysql/modchunk.map.inc.php.ORIGINAL
#1452415328
ls -lahs
#1452415332
cd public_html/
#1452415333
ls -lahs
#1452415336
pwd
#1452415342
cd core
#1452415378
cd model/
#1452415383
cd modx/
#1452415385
cd mysql/
#1452415415
cp modtemplatevar.map.inc.php modtemplatevar.map.inc.php.initial
#1452415422
nano modtemplatevar.map.inc.php
#1452415493
pwd
#1532525543
cd ~/public_html/
#1532525544
ll
#1532525545
ls -l
#1532525551
7
#1532525554
exit
#1532527801
cd ~/public_html/
#1532527803
vim .htaccess
#1532528141
exit
#1532525563
cd public_html/
#1532525564
ll
#1532525566
vim .htaccess
#1532525684
grep -Ril 您请求 ./
#1532525732
vim index.php
