Ask Question Forum:
Model Library:2025-02-08:A.I. model is online auto reply
C
O
M
P
U
T
E
R
2
8
Show
#
ASK
RECENT
←
- Underline
- Bold
- Italic
- Indent
- Step
- Bullet
- Quote
- Cut
- Copy
- Paste
- Table
- Spelling
- Find & Replace
- Undo
- Redo
- Link
- Attach
- Clear
- Code
Below area will not be traslated by Google,you can input code or other languages
Hint:If find spelling error, You need to correct it,1 by 1 or ignore it (code area won't be checked).
X-position of the mouse cursor
Y-position of the mouse cursor
Y-position of the mouse cursor
Testcursor
caretPos
Attachment:===
Asked by Rahul Sehrawat
at 2024-07-29 23:53:21
Point:500 Replies:4 POST_ID:829159USER_ID:10
Topic:
Linux;SSH / Telnet Software;Perl Programming Language
Hi,
My server was recently compromised and have near about 1000+ php files (including sub-folders).. All the php files have same php code on the top of my php file. The code is really long and decoded and starts with <?php $kdeirxcdtd and ends with ?>
Is their any way, I can run a script which will go through each php file and remove the code. Thanks.
My server was recently compromised and have near about 1000+ php files (including sub-folders).. All the php files have same php code on the top of my php file. The code is really long and decoded and starts with <?php $kdeirxcdtd and ends with ?>
Is their any way, I can run a script which will go through each php file and remove the code. Thanks.
Accepted Solution
Expert: kyanwan replied at 2024-07-30 06:05:13
500 points EXCELLENT
This script can be dropped into a directory anywhere on the system. Execute it. It will create files called: "output_{your_original_filename}".
The output file will have php blocks stripped out.
Whether or not this block of code is multiline will make a difference. This script catches both single line and multiline blocks.
Another way of doing the match would be
<?{1}s*Skdeirxcdtd
Could turn it into a sub and if(-d $_) { &traverse_it($_); } , etc.
The output file will have php blocks stripped out.
Whether or not this block of code is multiline will make a difference. This script catches both single line and multiline blocks.
Another way of doing the match would be
<?{1}s*Skdeirxcdtd
Could turn it into a sub and if(-d $_) { &traverse_it($_); } , etc.
#!/usr/bin/perlwhile (<*>){ if (/php$/i) { open (IN,$_); open (OUT,">output_$_"); $php = 0; while(<IN>) { if (!$php) { if (/<?/ && !/<?.*?>/) { ($text,$php_text,) = split (/<?.*kdeirxcdtd/,$_); $php = 1; } elsif (/<?.*kdeirxcdtd.*?>/) { $text = $_; $text =~ s/<?{1}.*kdeirxcdtd.*?>{1}//g; } print OUT $text; } elsif ($php && /?>/) { ($php_text,$text) = split (/?>/,$_); print OUT $text; $php = 0; } } }} 1:2:3:4:5:6:7:8:9:10:11:12:13:14:15:16:17:18:19:20:21:22:23:24:25:26:27:28:29:30:31:
( * Did a little update on this. I wrote it on break early in the day. :P )
Expert: gheist replied at 2024-07-30 06:01:53
Best is to restore last good backup to new and properly secured system.
Expert: savone replied at 2024-07-30 04:43:42
Can you post a sample of the code you want removed?
Expert: duncanb7 replied at 2024-07-30 00:03:59
Try this , it may work
Duncan
Duncan
cd pathnamefor y in `ls *.php`;do sed "s/<?php $kdeirxcdtd and ends with?>/''/g" $y > temp; mv temp $y;done 1:2:3:4: