I have malicious code in every php file. This malicius code is auto paste at the beginning of file. I want to remove this with UNIX command from console.
This is malicious code:
<?php $guobywgpku = '..... u=$bhpegpvvmc-1; ?>
I write this RegExp,
"/<\?php \$guobywgpku.*\?>/m"
and this RegExp work. I tested it here.
The problem is, write command which remove this malicious code from every php file on the sever. Please Help me.
Now i have something like this.
sed "/<\?php \$guobywgpku.*\?>/m" index.php
Answer
Something like this?
#!/bin/bash
for file in /wordpress/path/*.php
do
sed s/maliciouscode//g $file
done
Not tested 😉
Put this in a file (e.g. remove.sh
) and make it executable (chmod 755 remove.sh
).
Then execute with ./remove.sh
Make sure you have a backup of your data and declared your variable with the malicious code.
But it would be recommended to reinstall your server.
Attribution
Source : Link , Question Author : EliaszKubala , Answer Author : Vince