List , https://pastebin.com/YspPiWif
One of our PHP website hacked on 3rd july 2022. I am attaching the httpd access files contents in the above pastebin. I hide the original URL of the website due to a SLA policy. Can anybody point out from the logs what exactly made the attacker able to bring the site down.. Has he used this php site for attacking ? Any other logs or command line outputs needed let me know. I will share the required files. I am new to this area of forensic analysis to find out the root cause of the attack . Kindly shed some tips to find out where the vulnerability is and how to prevent it in future. Any more inputs/details required keep me informed, I can share those too. Regards, Krish
