Server got hacked and a fair amount of files were edited. We noticed that the code that was inserted were typically done between delimiters (e.g. /*e21234*/ blah blah /*/e21234*/). What is the most efficient way to remove this from a large number of files on a linux box? (I tried using sed but couldn't quite get it. I'm open to using perl or whatever would work)
Asked
Active
Viewed 817 times
0
user40570
- 155
- 2
- 5
-
8[The easiest, and best way (by far) is to format the server and restore from backups.](http://serverfault.com/q/218005/118258) Only way to be sure. – HopelessN00b Mar 01 '13 at 15:56
1 Answers
0
Did you try this:
sed 's,/\*e21234\*/.*e21234\*/,,g'
But I agree that restoring a backup is probably best!
ETL
- 6,443
- 1
- 26
- 47
-
This won't handle stuff spanning lines (in sed, '.' doesn't match newline). Perhaps `sed -r -e 's,/\*e2134\*/(.|\n)*/.*e21234\*/,,g'` helps. In any case, you won't ever be sure you got rid of all of it. – vonbrand Mar 02 '13 at 02:49