I have a large number of sites with the same bit of php inserted in all files that contain footer in their filenames.
//###==###
malicious code
//###==###
How to use SED or another command to remove all these in all files?
Asked
Active
Viewed 648 times
0
-
why not re-install it over it? – alexus Mar 09 '15 at 21:35
-
There is a ton of sites, several different themes – Adamz Mar 09 '15 at 22:55
-
2You should restore from a working backup, that is the only proper way to recover. – Tero Kilkanen Mar 10 '15 at 06:05
-
1I'm going to close this as a duplicate of the question dealing with compromised server because that's the right way to deal with this issue, but if you want to insist on using that workaround, you should check out the [Super User](http://superuser.com) and [Unix & Linux](http://unix.stackexchange.com) Stack Exchanges. – Cristian Ciupitu Mar 10 '15 at 16:01
-
It is a question about how to use a command – Adamz Mar 11 '15 at 06:48
-
Did you ever figure out what happened? I got the same thing on my server. Infected all my index and footer php files. – wgpubs Sep 12 '15 at 17:15
1 Answers
1
Try this with GNU find and sed to remove those lines in php files:
find /path/to/dir -iname "*.php" -exec sed -i -e '/^\/\/###==###/,/^\/\/###==###/d' '{}' \;
Cyrus
- 890
- 1
- 7
- 15
-
Perfect! thanks a bunch, Sed accepts a range? the comma is just a from this to this? A lot of other info on the web points to using lookahead switches etc this here is a much better way than all the perl methods I have found and elaborately concocted sed commands. – Adamz Mar 10 '15 at 07:01
-