Log File Upload - Find and Remove Active Malware

To determine what happened during a hack, how, and when, the only way is to look at the web server log files. These can usually be found in the /logs directory on your webspace or downloaded via your web hoster's control panel.
All HTTP accesses are logged in the so-called access logs. A distinction is made between GET and POST requests. In the event of a hack, the latter are mainly relevant. In this case, data is passed to a script and thereby influences further execution.

Analysis of POST Requests

This tool generates an overview of the most frequent POST requests from the access logs, sorted by status code and front end/back end.
This reveals malicious files used (backdoors, web shells) and spam scripts that are typically accessed via POST requests.
Based on the content and modification time of these files, you can recursively search for further occurrences, although in very rare cases there is only one pattern.
For the further search for malicious files, a comparison with a backup or the original archive (fresh Joomla/WordPress installation) is recommended, as described in the 'Joomla hacked' or 'WordPress hacked' article article.

/administrator requests can be ignored if the backend is protected with a .htaccess password.

For security reasons, providing an email address is required, even if no manual analysis is requested.

Allowed file extensions: .gz, .log (max. 20 files - multiple selection possible)

Note: Only access.log - error.log files cannot be analyzed.
Rename the last (active) log file to *.log and select it together with older logs (usually *.gz ) via multiple selection (Shift key from-to). It makes little sense to analyze logs from only 1–2 days. Ideally, the analysis period should be 4–6 weeks in order to gain as many insights as possible.

The automatic analysis is tailored to Joomla! and WordPress systems (not limited to them) and is continuously optimized.
It should by no means be assumed that all files containing malicious code can also be found in the logs - only those that were actively accessed are visible here.

Changelog

28.03.2020: Admin activities are displayed by country.
11.09.2019: From now on, threatening GET requests related to WordPress hacks will also be displayed.


Uploaded log files are stored only temporarily on our server to generate the analysis and are then deleted.
For data protection reasons, IP addresses, session IDs, or similar are not displayed anywhere.

Additional Services

What Our Clients Say

“The migration of our Joomla website from PHP 5.3 to PHP 7 was completed super fast, affordably, and with impeccable results. Very good and pleasant communication.”
– H. Bergmann

“Within one day, everything was done extremely professionally and extremely quickly. Very trustworthy. Excellent. 5 stars”
– Fernando V.

“I didn’t know how to help myself, but here I found the expertise needed to get everything cleaned up again. Necessary updates and backups were done, everything extremely affordable, fast, and good!”
– Klaus-Peter

“The site looks great – everything as before – and now under PHP 7.2 – I’m impressed - many heartfelt thanks!”
– Dr. Ingo Wuddel

“Since we run an online shop, it was very important for us that our site was quickly available again with full functionality for our customers. All work was carried out extremely quickly to our complete satisfaction.” – Löwen Handels GmbH

“Very fast, professional, and effective handling of the problem. In addition, I was given tips and Strato-specific information to reduce the risk of the problem recurring.”
– Heino B.

“The contact was especially friendly, and some additional cosmetic work was taken care of on their own initiative - as if it were the most natural thing in the world. I am relieved and very grateful.”
– R. Mayer

“Excellent. In an absolute emergency, when 2 domains were suspended by Strato due to a hacker attack, both domains were temporarily brought back online the very same day.”
– I. Radchenko

“Outstanding service. Problem solved within 18 hours. We are delighted. Thank you very much 🙏”
– Tien Sy Vuong

5.0 205 reviews >
Google Reviews

Contact options

This email address is being protected from spambots. You need JavaScript enabled to view it.
Contact form

Schedule a call
+49 (0)2406 969796
Mon. - Fri. | 9 am - 9 pm