Skip to content

Instantly share code, notes, and snippets.

View flymke's full-sized avatar

Michael Schönrock flymke

6 followers · 4 following
View GitHub Profile
@flymke
flymke / infectedFiles.md
Created January 9, 2020 09:37 — forked from frosit/infectedFiles.md
Some commands for finding and clearing infected PHP files

Finding infected files with following bash commands

** Command to list all infected files:

  • grep -lr --include=*.php "eval(base64_decode" /path/to/webroot
  • grep -lr --include=*.php "eval" .
  • grep -lr --include=*.php "base64" .

Command to remove malicious code:

  • grep -lr --include=*.php "eval(base64_decode" /path/to/webroot | xargs sed -i.bak 's/<?php eval(base64_decode[^;]*;/<?php\n/g'