Forum Moderators: DixonJones
As a matter of fact, I found quite a lot of attempts to hack my website, for instance many, many requests to get access to php-myadmin-files, all answered with a 404-return, because these don't exist.
But I also found some requests on some obscure php-files, answered with a 200-return code. These files never existed, but if a hacker temporarily had access to my site, he might have deleted them. Should I worry and perhaps take a closer look at my ftp-logs?
I have temporarily deleted the results in my database so I cannot provide any examples today. Maybe next week if necessary.
I really doubt I am the only one with hints on hacker attacks in his logfiles?
I have the same "problem" - I'm often firing up my ftp application to make sure there aren't weird php files on the server :)
I've been focussing on logs over the past few months and I'm amazed at the waste - they probe for things that aren't even on my site - makes me think it is largely automated.
The 200 is a worry - I get them as well and cannot explain.
So not much help to you I'm afraid.
Cheers
Actually I also found a few sort of "corrupted" lines in my logfiles, namely almost empty entries with a wrong number of quotes and hyphens. I'd suspect if my website has really been hacked, a careful hacker would also use a script to rewrite logfiles and delete the lines which may indicate his activities. We all make mistakes, so it is quite likely some lines were simply forgotten and the corrupted lines might result from my webserver trying to rewrite the file at the same time.
Forgive me folks.....i hate to say it.....but it seems like MACtime.
