Log outgoing connections from hacked sites / C&C

  • Hi,

    is there a simple way to log outgoing connections via a compromised CMS like Wordpress or Wordpress ?
    Many customers are not up-to-date with their installed software on my servers and now got hacked. Nothing special and nothing new :thumbdown:
    These hacked sites are running scripts and try to connect back to a Bot-Control-Center. I block these outgoing request on my Firewall in front of the Server using some snort rules.

    Now, i need to find out which script is going to connect to the Bot-Control Center. I can filter all that IP´s on my Firewall..

    Via tcpdump on the Webserver directly and on the Firewall i only see the source IP and a Port which is my Web-Server of course ;)
    Is there an option in PHP to log such outgoing traffic (from a script) ?

    Thanks for any hint!