Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Veel WordPress websites zijn geïnfecteerd waarbij er verschillende injecties zijn toegevoegd die gerelateerd zijn aan 'adsformarket'. Alle bestanden handmatig nalopen & opschonen, is veel werk. Met deze bash-scripts kan het een stuk makkelijker doorlopen worden.
#!/bin/bash
# WP_PATH definiëren
export WP_PATH=$(pwd)
search_adsformarket="snippet.adsformarket.com"
file_adsformarket="../adsformarket.txt"
touch $file_adsformarket
adsformarketmalfiles=$(find -type f | grep -liR "${search_adsformarket}" $WP_PATH)
for file in $adsformarketmalfiles; do
if [ -f "$file" ]; then
echo $file
sed -i "s/<script type='text\/javascript' src='https:\/\/snippet\.adsformarket\.com\/same\.js'><\/script>//g" $file
fi
done
printf "${adsformarketmalfiles[@]}\n" >> $file_adsformarket
search_adsformarket="track.adsformarket.com"
file_adsformarket="../track.adsformarket.txt"
touch $file_adsformarket
adsformarketmalfiles=$(find -type f | grep -liR "${search_adsformarket}" $WP_PATH)
for file in $adsformarketmalfiles; do
if [ -f "$file" ]; then
echo $file
sed -i "s/<script type=text\/javascript src='https:\/\/track\.adsformarket\.com\/t\.js'><\/script>//g" $file
fi
done
printf "${adsformarketmalfiles[@]}\n" >> $file_adsformarket
#!/bin/bash
if [ -z ${WP_PATH+x} ]; then
# WP_PATH definiëren
export WP_PATH=$(pwd)
fi
search_gfjfgjk="gfjfgjk"
file_gfjfgjk="../gfjfgjk.txt"
touch $file_gfjfgjk
gfjfgjkfiles=$(find -type f | grep -liR "${search_gfjfgjk}" $WP_PATH)
num_bytes=475
for file in $gfjfgjkfiles; do
if [ -f "$file" ]; then
echo $file
dd if="$file" of="$file.truncated" bs=$num_bytes skip=1 && mv "$file.truncated" "$file"
fi
done
printf "${gfjfgjkfiles[@]}\n" >> $file_gfjfgjk
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment