Hacked
info will be present in the domlog. Get the path of the domlog for
the domain from httpd.conf file.
sudo
grep user /usr/local/apache/conf/httpd.conf
Grepping
the hacked log :
sudo
grep domain.com /usr/local/apache/domlogs/domain.com | grep
03/Jun/2016 | grep POST
Grepping
the IPs:
sudo
grep domain.com /usr/local/apache/domlogs/domain.com | grep
03/Jun/2016 | grep POST | awk '{print $1}' | cut -d: -f1 | sort |
uniq -c | sort -n
You
can check the location of the IP by going to
http://www.ipligence.com/iplocation
You
can block the IP by going to cPanel > IP deny manager
No comments:
Post a Comment