LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-17-2013, 02:10 PM   #1
zbbo
LQ Newbie
 
Registered: Jul 2005
Posts: 3

Rep: Reputation: 0
Any solution to find out what uploaded a given file?


Hi,

I've been looking for some solution to find out how a given file on a Linux server has been uploaded/created. If it's with FTP it can be traced, but those with other methods, specially scripts is what I want. I'm looking for a method of tracking down how a spamming/phishing file has been uploaded. If you know any solutions close to such a dream please post it. Thanks for sharing.
 
Old 10-18-2013, 02:36 AM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 650Reputation: 650Reputation: 650Reputation: 650Reputation: 650Reputation: 650
This is not fool proof but take a look at the creation time of the file then check the logs for any service that's running on the box. Find out who was logged in at the time using 'last' command, also look for any unusual occurrences in log files.
 
Old 10-18-2013, 09:28 AM   #3
Habitual
LQ Addict
 
Registered: Jan 2011
Posts: 8,265
Blog Entries: 11

Rep: Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291
Do you know what file and it's name?
 
Old 10-18-2013, 11:12 AM   #4
zbbo
LQ Newbie
 
Registered: Jul 2005
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for your suggestion kbp, I wish there was a solid way like what 'history' and 'locate' do to get such information.

Quote:
Originally Posted by Habitual View Post
Do you know what file and it's name?
My question is general, let's say about a script uploaded on an account on a web server.
 
Old 10-18-2013, 12:25 PM   #5
Habitual
LQ Addict
 
Registered: Jan 2011
Posts: 8,265
Blog Entries: 11

Rep: Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291Reputation: 2291
Quote:
Originally Posted by zbbo View Post
Thanks for your suggestion kbp, I wish there was a solid way like what 'history' and 'locate' do to get such information.


My question is general, let's say about a script uploaded on an account on a web server.
Incorrect File and Directory permissions has to be the number one means of doing this.
Stolen account credentials is a close second.
START by changing your password on the server if you use one.
ssh keys are best.

"web server" would indicate apache...? WordPress?

How many users are allowed to login to the system?

Is there a "Panel" manager software package installed?
cPanel/WHM, Plesk, V-Deck, webmin etc...

There's just so much to cover and I'm not certain I can provide you with the correct "do-this-first" answer but here's some resources I have on subjects of this nature:

https://www.linuxquestions.org/quest...erences-45261/
25yearsofprogramming.com (off-line, or ??? atm)
http://blog.unmaskparasites.com/

grep'ing the apache|httpd logs is usually the first step.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Upload file to ftp server -vsftp- but can not delete or change the file once uploaded murattas6 Linux - Server 2 06-26-2009 06:00 AM
how to find corrupted or incomplete files uploaded using ftp. mmn357157 Linux - General 1 10-30-2008 08:57 AM
wsftpd and uploaded file permissions Crashputer Linux - Software 1 08-01-2005 05:10 AM
uploaded file on vsftpd has wrong file attributes rune.kg Linux - Newbie 2 03-06-2004 09:23 AM
Getting the name and path of an uploaded file in PHP4 Paulo Ges Programming 1 03-30-2003 07:23 PM


All times are GMT -5. The time now is 04:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration