-
-
Save ocean90/2623329 to your computer and use it in GitHub Desktop.
GetMama remove script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Copyright 2012 Christoph Jerolimov, Dominik Schilling | |
| # | |
| # 0) No, i did not developed this for myself/my server. ;-) | |
| # 1) I strongly recommend you to reinstall all your server software, | |
| # inclusive the whole operating system like linux, unix, etc. If you | |
| # use a web hosting service, backup your data and request your | |
| # provider for a fresh system. If this is not possible feel free to | |
| # try this script. | |
| # 2) But before fixing your php files it's absolutely recommended to | |
| # change all your server passwords, update your software and re-check | |
| # all security settings! | |
| # 3) After that, use this small script to recognize infected php files | |
| # and remove all „illegal“ parts of them! | |
| # 4) Notice that this script may, but this is an incredibly case, | |
| # damage correct parts of your php files. | |
| # | |
| # Copyleft / NOTICE | |
| # | |
| # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
| # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
| # COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | |
| # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
| # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |
| # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
| # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
| # OF THE POSSIBILITY OF SUCH DAMAGE. | |
| IFS=`echo -en "\n\b"` | |
| echo >&2 | |
| head -n 32 $0 | tail -n 30 | sed 's/^#/ /' >&2 | |
| echo >&2 | |
| if [ "$1" = "--search" ] | |
| then | |
| echo "search infected files in" `pwd` >&2 | |
| grep '[0-9a-f]\{32\}_on' . -ril | grep 'php$' | |
| elif [ "$1" = "--fix" ] | |
| then | |
| echo "search infected files and try to fix them in" `pwd` >&2 | |
| for i in `grep '[0-9a-f]\{32\}_on' . -ril | grep 'php$' | grep -v 'infected$'` | |
| do | |
| echo fix "$i" | |
| mv "$i" "$i.infected" | |
| cat "$i.infected" | sed 's/[0-9a-fA-F]\{32\}_on.*[0-9a-fA-F]\{32\}_off//g' > "$i" | |
| done | |
| elif [ "$1" = "--removebackup" ] | |
| then | |
| echo "remove all infected BACKUP (.infected) files in" `pwd` >&2 | |
| grep '[0-9a-f]\{32\}_on' . -ril | grep 'php.infected$' | xargs -I{} rm -v {} | |
| elif [ "$1" = "--removeall" ] | |
| then | |
| echo "remove ALL infected files in" `pwd` >&2 | |
| grep '[0-9a-f]\{32\}_on' . -ril | grep '\(php\|php.infected\)$' | xargs -I{} rm -v {} | |
| else | |
| echo >&2 | |
| echo " Usage, sorry no --help:" >&2 | |
| echo >&2 | |
| echo " $0 [--search|--fix|--removebackup|--removeall]" >&2 | |
| echo >&2 | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment