-1

I am struggling with a task I've been given. I was asked to reset an e-commerce site's stock to 0 for all products. I did that, however, after few hours, the stock was updated back to the original values. Same thing for next two attempts.

The client has told me, that earlier, he had some sort of a "bridge" between this site, and his another site with the same products, and that the stock could be still updating from there. However, I have now spent hours looking through all the scripts and failed to find any connection to that site whatsoever. I have also checked the CRON list, and it's empty, so it's either being triggered by some event on the store, or the update is triggered from the other site (which I am starting to investigate now).

Meanwhile, before I get access to the other site, is there a way to track the possible outbound connection from the first one? There would be a .php script that would connect either to the database of the second site, or to some sort of XML feed from it - is there a way to log these connections, or somehow find out which script initialised it?

Thanks in advance for any advices

Marek Buchtela
  • 973
  • 3
  • 19
  • 42
  • What's the operating system on your server? Do you have access to the command line interface (eg: ssh)? – Stack Jul 15 '16 at 10:52
  • @StackExchanger Sadly I don't, it's a shared hosting. I believe it runs on Debian, but since I don't have access to it, I guess it doesn't matter.. – Marek Buchtela Jul 15 '16 at 10:58
  • Investigate php implementations of "netstat". Some might work in your environment depending on the security settings. https://www.google.com/search?q=php+netstat&ie=utf-8&oe=utf-8 – Stack Jul 15 '16 at 11:01

1 Answers1

0

For outbound, yes, thru wireshark, for instance. But that is heavy lifting for the average guy.

For inbound, you can look at the general query log.

select @@general_log; -- a 1 indicates it is turned on for capture
select @@general_log_file; -- the file that it logs to

So all the queries can be logged to the General Query Log if the setting is turned on. And as you can load it in a text editor, you can search on, say, table name. It shows date and time. Or at least a date offset and time. You can search on "connect". Or, my favorite, "Access denied for user" to see if my honeypots are working for intruders :p

enter image description here Check out the manual page for The Error Log too, noting warning levels, and verbosity settings based on your version.

I would recommend that one create a backup copy by date (named as such) and delete it to start fresh. It can grow in size rapidly. Don't forget whether or not you have the setting turned on or off at the moment.

Drew
  • 24,851
  • 10
  • 43
  • 78