dspv70887 2017-05-17 06:47
浏览 70
已采纳

服务器的PHP入侵了。 有没有办法定位特定的字符串+标签?

A friend of mine (who doesn't like strong passwords ...) got his server hacked and i'm trying to help him.

Basically, a lot of php files on the server have had lots of stuff added on line 1 between two php tags.

Something like this:

1. <?php lots-Of-Stuff-I-Can-Target-Easily-With-Grep ?><?php
2. Line 2 and beyond, the file is unchanged.

So my question is: is there a way via grep - or something else - to just target the first php tags with everything in between to delete it? In the exemple above, on line 1: everything but the second opening php tag.

I know I could target line 1 and just replace with an opening php tag, but to avoid any problem, i would much prefer target and delete the exact thing i want out.

There is way too many files to do it by hand. Any ideas?

</div>
  • 写回答

1条回答 默认 最新

  • doumiao0498 2017-05-17 10:23
    关注

    I fully agree with Ben Hilliers comment. (I mean especially the part with the back-up as I have only little knowledge about PHP.) However...

    The following sed command can be used:

    sed 's/^<?php .* ?>\(<?php.*\)$/\1/'

    Alternatively, it can be done with awk:

    awk '/<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'

    or with the additional condition NR==1 to ensures that the test/replacement is done on first line only:

    awk 'NR==1 && /<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'

    One of these commands (cleverly combined with find) should do the job.

    Please, notice the distinct escapings which are necessary in sed vs. awk.

    And, as Ben Hillier already recommded: Don't forget to backup before.

    Demonstration:

    $ echo '<?php lots-Of-Stuff-I-Can-Target-Easily-With-Grep ?><?php' \
> | sed 's/^<?php .* ?>\(<?php.*\)$/\1/'
<?php

$ echo '<?php' | sed 's/^<?php .* ?>\(<?php.*\)$/\1/'
<?php

$ echo '<?php lots-Of-Stuff-I-Can-Target-Easily-With-Grep ?><?php' | awk '/<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'
<?php

$ echo '<?php' | awk '/<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'
<?php

$ echo '<?php lots-Of-Stuff-I-Can-Target-Easily-With-Grep ?><?php' | awk 'NR==1 && /<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'
<?php

$ echo '<?php' | awk 'NR==1 && /<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'
<?php

$ cat >test.txt <<EOF
> <?php lots-Of-Stuff-I-Can-Target-Easily-With-Grep ?><?php
> // contents
> // contents
> // contents
> ?>
> EOF

$ cat test.txt | sed 's/^<?php .* ?>\(<?php.*\)$/\1/'
<?php
// contents
// contents
// contents
?>

$ cat test.txt | awk '/<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'
<?php
// contents
// contents
// contents
?>

$ cat test.txt | awk 'NR==1 && /<\?php .* \?><\?php/ { $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0) }{ print }'
<?php
// contents
// contents
// contents
?>

$

    Last but not least the awk script for human readers:

    # catch 1st line with a duplicated "<?php"
NR==1 && /<\?php .* \?><\?php/ {
  # replace the line by everything including and after 2nd "<?php"
  $0 = gensub(/^<\?php.*\?>(<\?php.*)$/, "\\1", 1, $0)
}
{ print } # print any line
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)
  • ¥15 AIC3204的示例代码有吗,想用AIC3204测量血氧,找不到相关的代码。