[ubuntu-uk] Automating find and replace
Gareth France
gareth.france at gmail.com
Tue Sep 16 20:56:26 UTC 2014
Eh?
On 16/09/14 21:29, Simon Greenwood wrote:
>
>
> On 16 September 2014 21:08, Gareth France <gareth.france at gmail.com
> <mailto:gareth.france at gmail.com>> wrote:
>
> Not ubuntu related but I'm hoping someone may have the answer I
> need. Today I discovered my webspace has been hacked and several
> sites now contain additional code at the start of every single PHP
> file. Looking at my backups I can see it has been there for a
> while so restoring from a very old backup could cause me issues.
>
> Is there some way I could do a recursive find and delete on that
> code? It is a very long single line including slashes, hashes,
> exclaimation marks etc so using sed would be difficult as the
> examples I have seen show /thing to change/thing to change to/.
>
> Any ideas very welcome.
>
>
> find . -name "*.php" -exec grep -e "(string)" {} \;
>
> from your document root will find the string A guess would be that the
> added code is actually base64 so there will be an eval() or base64()
> at the start of it. You should also be able to use just a fragment of
> the string.
>
> Look at what egrep or grep -e can do to return the actual injected
> code and you could then pass that to sed using xargs and delete it,
> but the simple truth is that it's going to be a bind. You also have to
> identify where the injection was and get rid of it or it will just
> happen again.
>
> s/
>
>
> --
> Twitter: @sfgreenwood
> "TBA are particularly glib"
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20140916/2af13be5/attachment.html>
More information about the ubuntu-uk
mailing list