so we got hacked and from that we raised a question based on our logs. Can a hacker start uploading a file at one point and specify when should it stop uploading. I.e. we got a HIT from an IP address at 06:50:52 2020-06-19 and the file uploaded later on 2020-06-20. The file is 2Mb so no way it actually took a full day to upload or does it depend on PHP configuration. Also there is no indication on when the file was uploaded only the first HIT was logged.
Asked
Active
Viewed 55 times
2 Answers
1
The client may influence the speed the file is being uploaded. It depends on the configuration of your server whether you timeout such long lasting requests or not. See the slow loris attack example to see how things may work.
Marek Puchalski
- 3,286
- 2
- 26
- 35
-
thank you for your input, i will check it out!! – Marius Slovikas Jul 10 '20 at 14:17
0
you have to find which vulnerabity got exploited. It can be anything from a reverse shell to the webserver gained throu some php vulnerable scripts ...to some WordPress bug. Look thru all the logs
Ionut Dinca
- 22
- 3