Skip to content

Instantly share code, notes, and snippets.

@anabelle
Created December 16, 2011 02:17
Show Gist options
  • Save anabelle/1484115 to your computer and use it in GitHub Desktop.
Save anabelle/1484115 to your computer and use it in GitHub Desktop.
Shell commands to help finding infections in website files
# files modified within 30 days.
find /home/mywebsite -type f -name "*.php" -ctime -30
# find for suspicious strings
find ./ -name "*.php" -type f | xargs sed -i 's#<?php /\*\*/ eval(base64_decode("aWY.*?>##g' 2>&1
find ./ -name "*.php" -type f | xargs sed -i '/./,$!d' 2>&1
# grep for suspicious and very long strings
grep -R "document.write(unescape" *
grep -iR --include "*.js" "[a-zA-Z0-9\/\+]\{255,\}" *
grep -iR --include "*.php" "[a-zA-Z0-9\/\+]\{255,\}" *
# fix file permissions (755 for folders, 644 for files)
chmod -R 755 *
find -type f -print0|xargs -0 chmod 644
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment