Skip to content

Instantly share code, notes, and snippets.

@Voronchuk
Last active May 5, 2023 07:59
Show Gist options
  • Save Voronchuk/3818221 to your computer and use it in GitHub Desktop.
Save Voronchuk/3818221 to your computer and use it in GitHub Desktop.
Recently one of my Wordpress blogs was hacked with eval(base64(....)); injection in all php files. Updating Wordpress fixed everything but "wp-content" folder, so I wrote a small script to clear all php files from this junk.
<?php
function clearjunk($file) {
$content = file_get_contents($file);
$content = preg_replace('/\s*eval\(base64_decode\("[^"]+"\)\);\s*/i', ' ', $content);
file_put_contents($file, $content);
}
function readfolder($dir)
{
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
if (!is_dir($dir."/".$file))
{
if(ereg('.php$', $file)) {
clearjunk($dir."/".$file);
}
}
else {
if (($file != ".") && ($file != "..")) {
readfolder($dir."/".$file);
}
}
}
closedir($dh);
}
}
}
readfolder("wp-content");
@norbert-123
Copy link

Thanks for the code, perhaps a rookie question, but how can I run this script? Thank you in advance!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment