Take away files that has been changed a certain date

SYSTEM INFORMATION
OS type and version Ubuntu 20.04
Webmin version latest
Is there a way to find files from a certain date. I have found in our hacked shop, hundred of files that is planted there. all have the same date 2024-07-18. Can I look for them in filemanager or is it a terminal job

First, beware that if your site has been exploited, the attacker probably put in several hooks to reinstall their malware if you remove it. If they could write executable files, they probably modified the legitimate files, too. Those files would have a different creation date but probably the same modified time as the other exploit files (but not certainly).

This is probably a job for find.

e.g.:

find /home/domainname -type f -newermt 2024-07-18 ! -newermt 2024-07-19

This will list all the files. To delete them (I recommend you review the list before deleting them):

find /home/domainname -type f -newermt 2024-07-18 ! -newermt 2024-07-19 -exec rm {} \;

But, they’ll probably come back. You’ll probably need to restore the domain to a known good version, or check for cronjobs, modifications in legitimate files, etc.

is it my monitor size and font, or is that character that to me appears to be a vertical bar “|” should be an exclamation mark “!” — to indicate the negation of the second qualifier ?

if so, can Joe or other staff edit that post — and if its edited/updated, its fine to then remove my post :smile:

1 Like

You’re right. I don’t know how I mistyped that. I’ve updated it.