Textpattern CMS support forum
Site Hacked -> export log files as text?
One of my client’s Textpattern sites (on 4.7.1) has recently been hacked and turned into a phishing site for some hours, before the server provider luckily shut down the site then quite fast.
EDIT: Textpattern does NOT seem to be the reason, why the site got hacked. Just to mention that.
A quick overview after the site got restored from the last backup now shows, that log files in database probably contain IPs of attackers as well as possible victims of the phishing scam.
Is there a way to export the log files as text, so that for instance handing them over to investigators can be made more easy?
I guess this could already be possible directly from PHP MyAdmin, however the required SQL commands are unknown to me.
Thanx for any insights.
Last edited by jayrope (2019-04-03 10:09:18)
Re: Site Hacked -> export log files as text?
I’m not sure if Textpattern’s logs will also show access to phishing scripts that are not routed through Textpattern, but if you want to export the txp_logs table, you can export that individually using phpMyAdmin in CSV format for use with Excel and co. You should just need to choose your individual table in phpMyAdmin and then choose the export format from the dropdown. Note: you might have to search and replace
; to get them to show properly in German Excel versions.
Most server providers also have server access log files, and if they still exist for those day, they should contain all attempts to access anything on the server regardless of whether through Textpattern or not. Usually they’re in a specific folder and you can download them via FTP.
TXP Builders – finely-crafted code, design and txp