anabelle/commands-to-find-malware.sh

## commands-to-find-malware.sh
# files modified within 30 days.
find /home/mywebsite -type f -name "*.php" -ctime -30

# find for suspicious strings
find ./ -name "*.php" -type f |  xargs sed -i 's#<?php /\*\*/ eval(base64_decode("aWY.*?>##g' 2>&1
find ./ -name "*.php" -type f |  xargs sed -i '/./,$!d' 2>&1

# grep for suspicious and very long strings
grep -R "document.write(unescape" *
grep -iR --include "*.js" "[a-zA-Z0-9\/\+]\{255,\}" *
grep -iR --include "*.php" "[a-zA-Z0-9\/\+]\{255,\}" *

# fix file permissions (755 for folders, 644 for files)
chmod -R 755 *
find -type f -print0|xargs -0 chmod 644
	# files modified within 30 days.
	find /home/mywebsite -type f -name "*.php" -ctime -30

	# find for suspicious strings
	find ./ -name ".php" -type f \| xargs sed -i 's#<?php /\\/ eval(base64_decode("aWY.?>##g' 2>&1
	find ./ -name "*.php" -type f \| xargs sed -i '/./,$!d' 2>&1

	# grep for suspicious and very long strings
	grep -R "document.write(unescape" *
	grep -iR --include ".js" "[a-zA-Z0-9\/\+]\{255,\}"
	grep -iR --include ".php" "[a-zA-Z0-9\/\+]\{255,\}"

	# fix file permissions (755 for folders, 644 for files)
	chmod -R 755 *
	find -type f -print0\|xargs -0 chmod 644