last night our server was hit with an attack that infected every php file on the server and inserted the following code
with a ton of other characters after.
As it infected every php file i have been trying to clean it using a
sed command to go through and remove the code from each file.
I have been trying to run
This is workng except it is also removing the <?php from the start
of files. Anyone know how to fix this or how I can run sed again to
insert <php? back in at the start. Preference would be to not lose
it in the first place though.
I have tried running sed a second time against these files with this command
And that is inserting the <php? however the ctrlJ is not acting as a line return and is actually inserting <php?/^j at the start of each file
I hate to say it but it is nearly impossible to fully cleanup from these types of attacks if the site consists of more than a few PHP files. Why not restore the site from a backup?
Hi!
I have a debian linux VPS and i am wondering how would someone be able to hack into it , in what ways ?
I've asked a more knowledgeable friend and he said the only way someone would be able to get into my VPS is via FTP or SSH, are there some other ways someone can enter my machine ?
I... (18 Replies)
Hi
I am dealing with the following string:
Date: Thur, 13 March 2011 01:01:10 +0000
I asked for help in another topic that converted a similar string:
Date: Thur, 13 March 2011 9:50 AM
To a 24 hr standard. The problem is that it comes out as:
Date: Thur, 13 March 2011 9:50:00 +0000... (4 Replies)
Hi friends,
I am currently working on an issue where i should write a program which utilizes Cpu as specified by the user. The function should be provided with an argument ( how much percentage of CPU has to be utilized by the process ) for example CPU(75) should utilize 75% of CPU. The function... (11 Replies)
I have a ddl file which have lots of view in it. I want to replace all the existing views with VW_< view name> . I am prefixing VW to existing view name .
For example, In old file grep on view is like this
CREATE VIEW OPSDM001.PROVIDER_MBR_PRI ( MBR_PRI_PROV_SYS_ID,... (6 Replies)