Step 2: Assessment
Common Signs of Compromise
Look for these indicators:
-
File System Changes
- New or modified files you didn't create
- Files with recent timestamps in core directories
- Suspicious PHP files in upload directories
- Hidden files (starting with .)
-
Unauthorized Access
- Unknown user accounts
- Changed user permissions
- Suspicious login activity
-
Behavioral Changes
- Site redirects to malicious content
- Spam emails being sent
- Performance degradation
- Search engine warnings
Check System Logs
Review these logs for suspicious activity:
- Web server access logs
- Error logs
- Authentication logs
- Database query logs
Next Step
Proceed to Step 3: Cleaning Process