is there a simple way to log outgoing connections via a compromised CMS like Wordpress or Wordpress ?
Many customers are not up-to-date with their installed software on my servers and now got hacked. Nothing special and nothing new
These hacked sites are running scripts and try to connect back to a Bot-Control-Center. I block these outgoing request on my Firewall in front of the Server using some snort rules.
Now, i need to find out which script is going to connect to the Bot-Control Center. I can filter all that IP´s on my Firewall..
Via tcpdump on the Webserver directly and on the Firewall i only see the source IP and a Port which is my Web-Server of course
Is there an option in PHP to log such outgoing traffic (from a script) ?
Thanks for any hint!