Veel WordPress websites zijn geïnfecteerd waarbij er verschillende injecties zijn toegevoegd die gerelateerd zijn aan 'adsformarket'. Alle bestanden handmatig nalopen & opschonen, is veel werk. Met deze bash-scripts kan het een stuk makkelijker doorlopen worden.
| #!/bin/bash | |
| # WP_PATH definiëren | |
| export WP_PATH=$(pwd) | |
| search_adsformarket="snippet.adsformarket.com" | |
| file_adsformarket="../adsformarket.txt" | |
| touch $file_adsformarket | |
| adsformarketmalfiles=$(find -type f | grep -liR "${search_adsformarket}" $WP_PATH) | |
| for file in $adsformarketmalfiles; do | |
| if [ -f "$file" ]; then | |
| echo $file | |
| sed -i "s/<script type='text\/javascript' src='https:\/\/snippet\.adsformarket\.com\/same\.js'><\/script>//g" $file | |
| fi | |
| done | |
| printf "${adsformarketmalfiles[@]}\n" >> $file_adsformarket | |
| search_adsformarket="track.adsformarket.com" | |
| file_adsformarket="../track.adsformarket.txt" | |
| touch $file_adsformarket | |
| adsformarketmalfiles=$(find -type f | grep -liR "${search_adsformarket}" $WP_PATH) | |
| for file in $adsformarketmalfiles; do | |
| if [ -f "$file" ]; then | |
| echo $file | |
| sed -i "s/<script type=text\/javascript src='https:\/\/track\.adsformarket\.com\/t\.js'><\/script>//g" $file | |
| fi | |
| done | |
| printf "${adsformarketmalfiles[@]}\n" >> $file_adsformarket |
| #!/bin/bash | |
| if [ -z ${WP_PATH+x} ]; then | |
| # WP_PATH definiëren | |
| export WP_PATH=$(pwd) | |
| fi | |
| search_gfjfgjk="gfjfgjk" | |
| file_gfjfgjk="../gfjfgjk.txt" | |
| touch $file_gfjfgjk | |
| gfjfgjkfiles=$(find -type f | grep -liR "${search_gfjfgjk}" $WP_PATH) | |
| num_bytes=475 | |
| for file in $gfjfgjkfiles; do | |
| if [ -f "$file" ]; then | |
| echo $file | |
| dd if="$file" of="$file.truncated" bs=$num_bytes skip=1 && mv "$file.truncated" "$file" | |
| fi | |
| done | |
| printf "${gfjfgjkfiles[@]}\n" >> $file_gfjfgjk |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment