Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Using SED to fix base64_decode attack/hack
Top Forums UNIX for Dummies Questions & Answers Using SED to fix base64_decode attack/hack Post 302608117 by derrickyoung95 on Friday 16th of March 2012 08:11:44 AM
Old 03-16-2012
Using SED to fix base64_decode attack/hack
last night our server was hit with an attack that infected every php file on the server and inserted the following code


Code:
/*god_mode_on*/eval(base64_decode

with a ton of other characters after.

As it infected every php file i have been trying to clean it using a
sed command to go through and remove the code from each file.

I have been trying to run


Code:
find . -name "*.php" -type f -exec sed -i '/eval(base64_decode(/d' {} \;

This is workng except it is also removing the <?php from the start
of files. Anyone know how to fix this or how I can run sed again to
insert <php? back in at the start. Preference would be to not lose
it in the first place though.


I have tried running sed a second time against these files with this command



Code:
sed -i '1s/^/<php?\^J/' *.php

And that is inserting the <php? however the ctrlJ is not acting as a line return and is actually inserting <php?/^j at the start of each file

Any help appreciate as I have 10K files to fix
Last edited by pludi; 03-16-2012 at 09:20 AM..
 

6 More Discussions You Might Find Interesting

1. Linux

sed to fix view names

I have a ddl file which have lots of view in it. I want to replace all the existing views with VW_< view name> . I am prefixing VW to existing view name . For example, In old file grep on view is like this CREATE VIEW OPSDM001.PROVIDER_MBR_PRI ( MBR_PRI_PROV_SYS_ID,... (6 Replies)
Discussion started by: capri_drm
6 Replies

2. UNIX for Dummies Questions & Answers

Hack CPU Utilization

Hi friends, I am currently working on an issue where i should write a program which utilizes Cpu as specified by the user. The function should be provided with an argument ( how much percentage of CPU has to be utilized by the process ) for example CPU(75) should utilize 75% of CPU. The function... (11 Replies)
Discussion started by: nerdychandru
11 Replies

3. Solaris

tty hack

hi all, what i want to do when user open terminal like tty5 and do his work i want to see his terminal how can i do this (1 Reply)
Discussion started by: xxmasrawy
1 Replies

4. Shell Programming and Scripting

Fix timestamp with Sed or Awk

Hi I am dealing with the following string: Date: Thur, 13 March 2011 01:01:10 +0000 I asked for help in another topic that converted a similar string: Date: Thur, 13 March 2011 9:50 AM To a 24 hr standard. The problem is that it comes out as: Date: Thur, 13 March 2011 9:50:00 +0000... (4 Replies)
Discussion started by: duonut
4 Replies

5. Cybersecurity

How can someone hack into a Linux server ?

Hi! I have a debian linux VPS and i am wondering how would someone be able to hack into it , in what ways ? I've asked a more knowledgeable friend and he said the only way someone would be able to get into my VPS is via FTP or SSH, are there some other ways someone can enter my machine ? I... (18 Replies)
Discussion started by: ParanoiaUser
18 Replies

6. Post Here to Contact Site Administrators and Moderators

How to hack computer games that is paid???

Plz help me to hack computer games that is paid ty (1 Reply)
Discussion started by: 09287501067
1 Replies

LEARN ABOUT MOJAVE

locale::codes::langfam5.18

Locale::Codes::LangFam(3pm)				 Perl Programmers Reference Guide			       Locale::Codes::LangFam(3pm)

NAME

       Locale::Codes::LangFam - standard codes for language extension identification

SYNOPSIS

	  use Locale::Codes::LangFam;

	  $lext = code2langfam('apa');		       # $lext gets 'Apache languages'
	  $code = langfam2code('Apache languages');    # $code gets 'apa'

	  @codes   = all_langfam_codes();
	  @names   = all_langfam_names();

DESCRIPTION

       The "Locale::Codes::LangFam" module provides access to standard codes used for identifying language families, such as those as defined in
       ISO 639-5.

       Most of the routines take an optional additional argument which specifies the code set to use. If not specified, the default ISO 639-5
       language family codes will be used.

SUPPORTED CODE SETS

       There are several different code sets you can use for identifying language families. A code set may be specified using either a name, or a
       constant that is automatically exported by this module.

       For example, the two are equivalent:

	  $lext = code2langfam('apa','alpha');
	  $lext = code2langfam('apa',LOCALE_LANGFAM_ALPHA);

       The codesets currently supported are:

       alpha
	   This is the set of three-letter (lowercase) codes from ISO 639-5 such as 'apa' for Apache languages.

	   This is the default code set.

ROUTINES

       code2langfam ( CODE [,CODESET] )
       langfam2code ( NAME [,CODESET] )
       langfam_code2code ( CODE ,CODESET ,CODESET2 )
       all_langfam_codes ( [CODESET] )
       all_langfam_names ( [CODESET] )
       Locale::Codes::LangFam::rename_langfam  ( CODE ,NEW_NAME [,CODESET] )
       Locale::Codes::LangFam::add_langfam  ( CODE ,NAME [,CODESET] )
       Locale::Codes::LangFam::delete_langfam  ( CODE [,CODESET] )
       Locale::Codes::LangFam::add_langfam_alias  ( NAME ,NEW_NAME )
       Locale::Codes::LangFam::delete_langfam_alias  ( NAME )
       Locale::Codes::LangFam::rename_langfam_code  ( CODE ,NEW_CODE [,CODESET] )
       Locale::Codes::LangFam::add_langfam_code_alias  ( CODE ,NEW_CODE [,CODESET] )
       Locale::Codes::LangFam::delete_langfam_code_alias  ( CODE [,CODESET] )
	   These routines are all documented in the Locale::Codes::API man page.

SEE ALSO

       Locale::Codes
	   The Locale-Codes distribution.

       Locale::Codes::API
	   The list of functions supported by this module.

       http://www.loc.gov/standards/iso639-5/id.php
	   ISO 639-5 .

AUTHOR

       See Locale::Codes for full author history.

       Currently maintained by Sullivan Beck (sbeck@cpan.org).

COPYRIGHT

	  Copyright (c) 2011-2013 Sullivan Beck

       This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.18.2							    2013-11-04					       Locale::Codes::LangFam(3pm)
All times are GMT -4. The time now is 05:10 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy