-1

so i found a shell deep in a directory of my website . my website doesn't have a upload section and i use a well known framework and it covers sql injection ( i use codeigniter active record to work with database) so i dont think its the code itself

i had a ckeditor/ckfinder in my asset folder and i think hacker has used them to upload shell on my server

to make sure where this file has come from i need to know its history ... mainly the first directory which this file has been uploaded to and perhaps the original name of the file .

is there any way to find this information about a file ?

max
  • 187
  • 3
  • 10

1 Answers1

0

Unless you had already set up some auditing on the server, you can't get that information as CentOS does not provide any such information in a default installation.

However, the ownership of the file and its' modification or inode change time may give you some clues as to when the intrusion occurred, and that may provide you with a starting point for deeper investigation of, for example, web server logs, or system logs (/var/log/messages etc.)

Uditha Desilva
  • 141
  • 5