Golfreeze.packetlove.com: Life style of Golfreeze Canon400D Family kammtan.com Jazz Freebsd Unix Linux System Admin guitar Music

All about unix linux freebsd and FAQ for Packetlove.com Web hosting , Mail hosting , VoIP + IP PBX server => command , shell script ,tool , crontab => Topic started by: golfreeze on มิถุนายน 26, 2017, 09:12:44 PM

Title: ค้นหา malware code ใน php script ผ่าน find , sed command
Post by: golfreeze on มิถุนายน 26, 2017, 09:12:44 PM
##Find
find /home \( -name "*.html" -o -name "*.php" \) -exec sed -i.bak 's/<script.*PaBUTyjaZYg.*script>//g' \{\} \;

#command syntax
sed -i 's/oldstring/newstring/g' *.txt
#acutal command
sed -i 's/eval(base64_decode("dnajkdbasjdbasjdasbjnkldnakdnasknklnKNDAKLSNDSALKNDKLASn"));//g' *.php
Title: Re: ค้นหา malware code ใน php script ผ่าน find , sed command
Post by: golfreeze on มิถุนายน 26, 2017, 09:17:23 PM
Command to remove malicious code:
#grep -lr --include=*.php "eval(base64_decode" /path/to/webroot | xargs sed -i.bak '/eval(base64_decode*/d'

If above command gives you correct output, execute following command to perform actual cleaning:
#grep -lr --include=*.php "eval(base64_decode" /path/to/webroot | xargs sed -i.bak 's/<?php eval(base64_decode[^;]*;/<?php\n/g'