View difference between Paste ID: bPXdMKgb and
SHOW:
|
|
- or go back to the newest paste.
1 | - | |
1 | + | <?php |
2 | ||
3 | // Grep all instance of the mailicious code | |
4 | // by doing a grep | |
5 | $path = "/home/USER/www/"; // ppath to store grep if too large | |
6 | $pathwebroot = "/home/USER/www/"; | |
7 | ||
8 | shell_exec('grep -R -o "eva1fYlbakBcVSir" '.$pathtowebroot.'* > grep.out'); | |
9 | ||
10 | $handle = fopen($path."/grep.out", "r"); | |
11 | $cnt = fread($handle, filesize($path."/grep.out")); | |
12 | fclose($handle); | |
13 | //$output = shell_ex | |
14 | ||
15 | $arrReplace = explode(" | |
16 | ", $cnt); | |
17 | // grep sep with : | |
18 | // then parse with the linebreak | |
19 | echo 'found '.sizeof( $arrReplace); | |
20 | sleep(5); | |
21 | $x = 0; | |
22 | for($i = 0; $i < sizeof( $arrReplace); $i++) { | |
23 | $row = explode(':', $arrReplace[$i]); | |
24 | if (sizeof($row) > 1) { | |
25 | echo $row[0]." sanitized.\n"; | |
26 | // open the infected file for reading | |
27 | $handle = fopen($row[0], "r"); | |
28 | $infected = fread($handle, filesize($row[0])); | |
29 | fclose($handle); | |
30 | // cleaning up | |
31 | //$cleared = str_replace('<?php ..', '//:start:', $infected); | |
32 | $cleared = explode('<?php @error_reporting(0); if (!isset($eva1fYlbakBcVSir))', $infected); | |
33 | $cleared = $cleared[0]; | |
34 | // saving cleared data | |
35 | $fp = fopen($row[0], "w"); | |
36 | fwrite($fp,$cleared); | |
37 | fclose( $fp ); | |
38 | $x++; | |
39 | } | |
40 | ||
41 | } | |
42 | die(sizeof( $x ).' were fixed.'); | |
43 | ?> | |
44 | ||
45 | // Important To do, before running clean.php | |
46 | // Create file grep.out and chmod 777 this file. | |
47 | // Don`t forget to replace USER with your actual account user (the one you wish to clean) | |
48 | // This script was found over internet, it`s not my work, no copyright infregement here. I`ve just added "-o" grep option so the output would not add the infection to grep.out file, making it oversize and imposible to clean. | |
49 | // There will be some errors as the grep command will find this file too (didn`t know how to make an exception to it, but it`s not important, you could live with some minor errors). | |
50 | // WordPress, Joomla and other php-ers I hope this helps you as it did for me too. |