Neverlax
Reputation: 425
How can someone log command line input using php?
One of my company's servers was recently hacked into. As I am sifting through files, I have noticed that my command line input is being logged into a PHP file. How is this possible?
Currently, everything is being logged to a single php file. In this log is my entire history of terminal commands since logging into the server via SSH.
For instance:
Last login: Thu Jan 16 16:21:17 on xxxxx
$ cd ..
$ ls -al
drwxrwxr-x+ 55 root admin 1870 Jan 13 13:52 XXXXX
drwxr-xr-x+ 63 root admin 2142 Nov 26 09:06 XXXX
drwxr-xr-x@ 2 root admin 68 Aug 16 2012 XXXXX
drwxr-xr-x+ 4 root admin 136 Mar 12 2013 System
This is being logged at the top of a php file. At the bottom of the file is a substantial amount of compressed and variable masked code.
There doesn't appear to be an eval() or shell_exec() like i expected.
Upvotes: 2
Views: 96
Answers (1)
Brad
Reputation: 163282
- Save a disk image if you're concerned about forensic analysis
- Nuke everything back down to bare metal
- Rebuild your server and pull fresh code out of your version control
- Change all your passwords and secure anything that may have been exposed.
Upvotes: 1
Related Questions
- How to read console/user input in PHP?
- Put data in php://input from command line
- How do I log every output from a PHP script from the command line?
- Is there a logger function from php or should this be written using exec?
- How to know the command that was run in PHP?
- php : Capturing the command output
- writing log file for php program
- PHP interaction with command line program
- Log all executed lines
- Seeking STDOUT in PHP