Log files upload - find and remove active malicious code

To determine what happened in a hack, how, and when, the only thing that helps is taking a look at the web server log files. These are usually found in the /logs directory on the webspace or can be downloaded via the web hoster's control panel.
The so-called access logs record all HTTP requests. A distinction is made between GET and POST requests. In a hack, the latter are mainly relevant. In this case, data is passed to a script and thereby influences its further execution.

Analysis of POST requests

This tool generates an overview of the most frequent POST requests from the access logs, sorted by status code and front end/back end.
From this, used malicious files (backdoors, web shells) and spam scripts emerge, which are usually accessed via POST request.
Based on the content and modification time of these files, further occurrences can be searched for recursively, although in the rarest of cases there is only one pattern.
For further searching for malicious files, a comparison with a backup or the original archive (fresh Joomla/WordPress installation) is recommended, as described in the "Joomla hacked" or "WordPress hacked" article.

Requests to /administrator can be ignored if the backend is protected with a .htaccess password.

For security reasons, providing an email address is required, even if no manual review is desired.

Erlaubte Dateiendungen: .gz, .log (max. 20 Dateien - Mehrfachauswahl möglich)

Note: Only access.log files can be analyzed - no error.log files.
Rename the last (active) log file to *.log and select it together with older logs (usually *.gz) using multiple selection (Shift key from-to). It makes little sense to analyze logs from only 1-2 days. Ideally, the evaluation period should cover 4-6 weeks in order to gain as many insights as possible.

The automatic analysis is tailored to Joomla! and WordPress systems (but not limited to them) and is constantly being optimized.
It should by no means be assumed that all files containing malicious code can also be found in the logs - only those that were visibly accessed will appear here.

Changelog

28.03.2020: Admin actions by country are displayed.
11.09.2019: From now on, threatening GET requests in connection with WordPress hacks are also displayed.


Uploaded log files are stored on our server only temporarily for generating the report and are then deleted.
For data protection reasons, IP addresses, session IDs, etc. are not disclosed anywhere.

Additional services

What customers say about us

“The migration of our Joomla website from PHP 5.3 to PHP 7 was super fast, affordable, and delivered flawless results. Very good and friendly communication.”
– H. Bergmann

“Within one day, everything was done extremely professionally and extremely quickly. Very trustworthy. Excellent. 5 stars”
– Fernando V.

“I couldn’t help myself, but here I found the necessary expertise to have everything cleaned up again. The necessary updates and backups were made, everything extremely affordable, fast, and good!”
– Klaus-Peter

“The site looks great – everything just as before – and all under PHP 7.2 – I’m impressed - many thanks!”
– Dr. Ingo Wuddel

“Since we run an online shop, it was very important to us that our site be back fully functional for our customers as quickly as possible. All work is carried out extremely quickly to our complete satisfaction.” – Loewen Handels GmbH

“Very fast, serious, and effective handling of the problem. In addition, I was given tips and Strato-specific information to reduce the risk of the problem recurring.”
– Heino B.

"The communication was particularly friendly, and some additional cosmetic work was taken care of on their own—as if it were completely natural. I am relieved and very grateful."
– R. Mayer

"Excellent. In an absolute emergency, when 2 domains were blocked by Strato due to a hacker attack, both domains were initially brought back online temporarily on the same day."
– I. Radchenko

„Excellent service. Problem solved within 18 hours. We are delighted. Thank you very much 🙏“
– Tien Sy Vuong

5,0 205 reviews >
Google Reviews

Contact options

This email address is being protected from spambots. You need JavaScript enabled to view it.
Contact form

Schedule a call
+49 (0)2406 969796
Mon. - Fri. | 9 am - 9 pm