Hiding Your Tracks When Hacking


So Step one. Error Logs.
Errors are offen used in web hacking to gather information from the sites database or includes, some examples of these are:
SQLi - Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in
LFI - Warning: include(includes/../) [function.include]: failed to open stream: No such file or directory in
FPD - Warning: htmlspecialchars_decode() expects parameter 1 to be string, array given in /home

The problem with these errors is that most of the time they are logged in a file called error_log. Usually found in the /public_html/ use your shell to edit the file.

The file will contain all errors found on the site and the url in which the error occured. Simple enough, remove all of the errors that you caused.


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=




So Step Two. .lastLogin


Depending on how you uploaded your shell this may not need doing. Some admin panels record the last login on a file called .lastLogin, this will record nothing but your IP address, hence always use protection.

This file can usually be found in the/home/sitename/ directory, use your shell to edit the file with a random ip and your all good.

Save your changes and move on.


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



So Step Three. Access-Logs.
Access logs will be the main focus of this tutorial as they gather a fair bit of information from your http request to the site. They will gather the URL you used your IP and browser plus a few other bits and bobs.

As you can see this is where you will be able to start blaming other people for the hacks, or making it seem as if you were never there. Now to find this file simply navigate to the following directory - home/sitename/access-logs/

Within this directory there will be a file called yoursitename.com Use your shell to edit the file, within you will find contents similar to
127.0.0.1 - [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 "http://www.example.com/start.html" "Mozilla/4.08 [en] (Win98; I ;Nav)"

Now at the start there is an IP, then Date and Time, nexr there is a small bigt you dont need to worrie about. And finally there is the url your requested and accesed and the browser you used.

If you want to blame the hack on someone else, i recommend you change the IP and the browser to Mozilla or Iexplore. If you want to hide your tracks completely delete the whole line.

Once done, save changed and exit your shell. If you click any links within the shell it will record them and all that will have been usless. This is always the last thing to do on a server when your leaving the shell.


I would always recommend you use a VPN or at least a proxy as well as an extra layer of security. If your thinking, Whats the worst that would happen? well view my friends twitter and you will see. Look at the sites he's hacked and look at his most recent posts - https://twitter.com/bzyklon

Hope this helps some new commers.