Home / server / Questions / 760461
Accepted
Raffael
Asked: 2016-03-01 02:53:24 +0800 CST

How do I find out where the web site's code resides?

  • 772

The facts:

  • there is a website
  • this website is accessible via www.example.org
  • there is an EC2 instance which very likely keeps the website
  • the server is Apache
  • the server OS is Ubuntu
  • I have full access to the server (and sudo privileges)
  • the server is a huge mess

The problem is I have no idea where to - simply put - find the index.html/index.php which gets loaded.

How do I figure out where to find the website's PHP and HTML code? Is there a systematic approach to this problem?

apache-2.2

6 Answers

  1. Best Answer

    First of all you should check what websites are hosted on the server

    # apachectl -t -D DUMP_VHOSTS

    Then when you will find a site check corresponding configuration file for the option DocumentRoot. For example

    # apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80                   is a NameVirtualHost
         default server 192.168.88.87 (/etc/httpd/conf.d/192.168.88.87.conf:1)
         port 80 namevhost 192.168.88.87 (/etc/httpd/conf.d/192.168.88.87.conf:1)
         port 80 namevhost gl-hooks.example.net (/etc/httpd/conf.d/hooks.conf:1)
                 alias example.net
                 alias www.example.net

    You want to know where is resides a website example.net

    # grep DocumentRoot /etc/httpd/conf.d/hooks.conf
    DocumentRoot /vhosts/gl-hooks.example.net/

# cd /vhosts/gl-hooks.example.net/
# ls -la
total 4484
drwxr-xr-x  6 apache apache    4096 Feb 10 11:59 .
drwxr-xr-x 14 root   root      4096 Feb 23 08:54 ..
-rw-r--r--  1 root   root      1078 Dec 19 09:31 favicon.ico
-rw-r--r--  1 apache apache     195 Dec 25 14:51 .htaccess
-rw-r--r--  1 apache apache      98 Dec  7 10:52 index.html

    Should also be on the lookout for aliases and redirects/rewrites

    You also should paid attention on any alias directives. For example with the following settings

    <VirtualHost *:80>
   ServerName example.net
   ServerAlias www.example.net
   ...
   DocumentRoot /vhosts/default/public_html/
   Alias /api/ /vhosts/default/public_api/
   ...
</VirtualHost>

    When you will access http://example.net/some.file.html - apache will look the file at /vhosts/default/public_html/, at the same time with http://example.net/api/some.file.html the file will be looked at /vhosts/default/public_api/.

    What about rewrites/redirects, especially programmatic (when redirects are triggered by some php code), I think there is no easy way to find such cases.

    • 54

  2. Try using find

    find / -type f \( -iname "*index.html*" -o -iname "*index.php*" \) 2> /dev/null

    Otherwise assuming Apache has been installed from Ubuntu repositories, look in /etc/apache2/sites-available, i.e.

    grep -niR "thedomainname" /etc/apache2/sites-available

    If the website has an apache VHOST defined, that might locate the config file, then look in that file for "documentroot" this should tell you the location of the source code

    • 3

  3. Another method, which can be useful for debugging a website (or any process for that matter) is to use lsof (which may not be on path, commonly found in /sbin/lsof)

    lsof -s [PID] will list all the files the given process has a handle on, and can be useful to see exactly what is being used (this includes your html/php files, as well as log files and libraries the site needs)

    • 2

  4. Please go to

    cd /etc/apache2/site-avaliable/

    Here you will find your configuration file (i.e : 000-default.conf)

    Please open this file/open your configuration file using

    vi 000-default.conf

    There you will find DocumentRoot.That is your website's code

    This is the Default conf file likewise you will some conf details please check those as well.

    • 1

  5. I have no idea where to ... find the index.html/index.php which gets loaded.

    Look for page source files

    One approach is to browse the site to find a more unique page - lets say newcontactform.php - ideally one that is unlikely to appear in other sites hosted by the same server.

    You can then try

    locate newcontactform.php

    if that fails, follow by 

    find / -name newcontactform.php

    this should produce a managably small list of candidates.

    You can then inspect the files, do diffs and if necessary try small changes (e.g. insert an HTML comment) to verify that the file indeed produces the page.

    Find the configs

    Sometimes config files are evident in the output of the ps command. Worst case is ps -ef | grep -e 'apache|httpd' but more creative use of ps options might be worth exploring.

    You can look for httpd.conf in the typical locations for Ubuntu and for the Apache httpd project (which may differ) or just use locate and find as above.

    Sometimes the main config file refers to other config files for vhosts. You can work this out by identifying the main config file.

    Chronic cases

    Sometimes, old servers run a variety of webserver daemons. In that case it can take a while to find them all and work out where their config files are. A combination of the techniques above should eventually succeed.

    You can find what programs are listening on port 80 etc using netstat -lntp. Often, locating the binaries is a useful pointer to a directory tree that contains the config files.

    • 1

  6. You can check the Vhost for the domain that you are looking for in the web server's (apache) configuration file - httpd.conf (most probably located in /etc/) Simply open the file and scroll thru it until you find the VirtulaHost directive for your domain and there you will see the DocumentRoot directive - which is your website's document root directory, the place where you will find the application's files.

    • 1