Linux命令行：编辑黑客索引文件 [英] Linux command line : edit hacked index files

问题描述

很抱歉，我再次处理在Linux Plesk伺服器上遭到入侵的网站。虽然问题是固定的FTP访问更改（它得到了着名的Filezilla FTP代码侵入电脑）我很感谢知道如何编辑文件，因为它可能需要一个小时恢复网站的最新备份我们有，我很高兴让它在线更快。
黑客是相当简单：一个ja​​vascript代码插入许多索引*（只有index.php看起来）文件在网站。
我正在寻找一种方式来批量编辑被黑客入侵的文件，知道即使目标JavaScript代码是相同的，它是从一些可能也被黑客入侵的网站调用。所以，虽然我的合法索引文件过去以

开头

 <？php 
  / pre> 
 
 
现在开始像
 < script type = text / javascriptsrc =http：//（RANDOMDOMAINHERE）/facebook.php>< / script><？php 
  
由于该链包含一个变量，你能帮我找到一个确定的方法来编辑所有更改的索引文件（大约找到80个）？ 
我以前使用过SED替换，但这个时候部分链替换不同，所以我可以使用通配符吗？ 
解决方案
  find -name' index.php'-print0 | 
 xargs -0 sed -i'1s＃^< script type =text / javascriptsrc =http：//.*\？/facebook.php>< / script> ## g'
  
应该奇迹
 
 
 
 sed命令：
 
 
 
 
 
  1 （匹配第一行）
 
 
  s＃pattern＃replacement＃g （替换模式而不是后者为空）
 
 
  ^ 必须在行开头匹配
 
 
 。* \？字符序列的任意长度;但是如果多于一个，则可以匹配整个模式的匹配。
 
 
 
 
 
 Cheers 
 
I'm unfortunately once more dealing with a hacked site on a Linux Plesk server. While the issue is fixed with FTP access changed (it got down to the famous Filezilla FTP codes hack on a PC) I'd appreciate to know how to edit files as it may take over an hour to restore the site to the most recent backup we have, and I'd be glad to have it back online faster.
The hack is rather simple: a javascript code was inserted in many index* (only index.php it seems) files in the site.
I'm looking for a way to mass-edit the hacked files, knowing that even though the target javascript code is the same, it is called from a number of probably also hacked sites. So while my legitimate index file used to start with
<?php
it now starts like
<script type="text/javascript" src="http://(RANDOMDOMAINHERE)/facebook.php"></script><?php
As that chain contains a variable, could you help me find a sure-fire method to edit all the changed Index files (about 80 found) ?
I have used a SED replace before but this time part of the chain to replace varies, so could I use a wildcard ?
Best regards, thanks for shedding light !
解决方案
find -name 'index.php' -print0 |
    xargs -0 sed -i '1s#^<script type="text/javascript" src="http://.*\?/facebook.php"></script>##g'
Should do wonders

the sed command:


1  (match in first line)
s#pattern#replacement#g (replace pattern by replacement, not that the latter is empty)
^ must match at start of line
.*\? accept arbitrary length of sequence of characters; however if more than one a match for the whole pattern could be made, only match the shortest possible variant of it


Cheers

                        
这篇关于Linux命令行：编辑黑客索引文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！