Determining IP from hack

  • Resolved beantown123

    (@beantown123)


    2 years ago

    I’ve been investigating a hack on my site and trying to figure out where it’s coming from. When I view my logs of File Changes on that specific day, it lists 677 Added, 7 Removed, 29 Changed. I can see the two files that were hacked/changed but trying to figure out the IP of the person who changed them. I see at the top of the page it lists one remote IP under Raw details but that can’t be the IP associated with all of the changes since some were plugin updates, etc. Is there anywhere I can view the specific IP for one changed file in particular?

Viewing 2 replies - 1 through 2 (of 2 total)
  • nlpro

    (@nlpro)

    Hi @beantown123,

    I’m afraid the info you are looking for is not included in the details logged for a File Change scan.

    +++++ To prevent any confusion, I’m not iThemes +++++

    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @beantown123, thanks for reaching out, and apologies for the delay. As mentioned by @nlpro, there is no way to determine the specific IP address responsible for the file change inside the File Change Raw Details. The IP address in the log is the IP that caused the scheduled scan to run, typically when a visitor triggers WP Cron (you can see this in the URL field). I recommend contacting a malware removal service or hosting provider to determine the malware entry point to prevent it from occurring again. I hope this answers your question.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Determining IP from hack’ is closed to new replies.